Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware or some virus need help


  • Please log in to reply
17 replies to this topic

#1 Vincent Vidal

Vincent Vidal

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 05 August 2012 - 10:01 PM

Hello,
I am having some computer difficulties and can quite to figure out if I have cleared them or still have them. When I try to go to my firewall it says that I need to update my firewall and prompts me to use recommended settings.
I say OK to use recommended settings but then says it cant turn on the firewall and gives me an error (Error code 0x80070424). I ran Rkill.



Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/05/2012 10:45:40 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\HiPatchService.exe (PID: 1808) [SD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/05/2012 10:45:58 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)


And have been running a Malwarebytes scan for almost an hour now. Also just as of recently Explorer will crash and then restart. I have been trying to find/remove viruses and Trojans for about a week and a half. I have given up and need some help from someone.

AntiVirus, Firewall and Privacy Products and Protection Methods

*Moderator Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 05 August 2012 - 11:21 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:04 AM

Posted 06 August 2012 - 07:39 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 August 2012 - 05:53 PM

Here is the tdsskiller log it said there was one threat detected

18:40:19.0424 4112 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:40:19.0892 4112 ============================================================
18:40:19.0892 4112 Current date / time: 2012/08/07 18:40:19.0892
18:40:19.0892 4112 SystemInfo:
18:40:19.0892 4112
18:40:19.0892 4112 OS Version: 6.1.7600 ServicePack: 0.0
18:40:19.0892 4112 Product type: Workstation
18:40:19.0892 4112 ComputerName: CAM-HP
18:40:19.0892 4112 UserName: Cam
18:40:19.0892 4112 Windows directory: C:\Windows
18:40:19.0892 4112 System windows directory: C:\Windows
18:40:19.0892 4112 Running under WOW64
18:40:19.0892 4112 Processor architecture: Intel x64
18:40:19.0892 4112 Number of processors: 4
18:40:19.0892 4112 Page size: 0x1000
18:40:19.0892 4112 Boot type: Normal boot
18:40:19.0892 4112 ============================================================
18:40:24.0151 4112 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:40:24.0182 4112 ============================================================
18:40:24.0182 4112 \Device\Harddisk0\DR0:
18:40:24.0198 4112 MBR partitions:
18:40:24.0198 4112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:40:24.0198 4112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72D55000
18:40:24.0198 4112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72D87800, BlocksNum 0x197E800
18:40:24.0198 4112 ============================================================
18:40:24.0354 4112 C: <-> \Device\Harddisk0\DR0\Partition1
18:40:24.0401 4112 D: <-> \Device\Harddisk0\DR0\Partition2
18:40:24.0401 4112 ============================================================
18:40:24.0401 4112 Initialize success
18:40:24.0401 4112 ============================================================
18:41:02.0169 5304 ============================================================
18:41:02.0169 5304 Scan started
18:41:02.0169 5304 Mode: Manual; TDLFS;
18:41:02.0169 5304 ============================================================
18:41:11.0264 5304 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:41:11.0482 5304 1394ohci - ok
18:41:12.0309 5304 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:41:12.0309 5304 ACPI - ok
18:41:12.0403 5304 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:41:12.0450 5304 AcpiPmi - ok
18:41:14.0618 5304 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:41:14.0696 5304 AdobeFlashPlayerUpdateSvc - ok
18:41:16.0365 5304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:41:16.0724 5304 adp94xx - ok
18:41:17.0598 5304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:41:17.0847 5304 adpahci - ok
18:41:18.0658 5304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:41:18.0877 5304 adpu320 - ok
18:41:19.0064 5304 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:41:19.0111 5304 AeLookupSvc - ok
18:41:20.0156 5304 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:41:20.0234 5304 AFD - ok
18:41:20.0593 5304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:41:20.0608 5304 agp440 - ok
18:41:20.0998 5304 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:41:20.0998 5304 ALG - ok
18:41:21.0076 5304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:41:21.0092 5304 aliide - ok
18:41:21.0248 5304 AMD External Events Utility (f0e61cf2c0fda5b011cd1cb2e2353c9a) C:\Windows\system32\atiesrxx.exe
18:41:21.0279 5304 AMD External Events Utility - ok
18:41:21.0310 5304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:41:21.0310 5304 amdide - ok
18:41:21.0326 5304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:41:21.0357 5304 AmdK8 - ok
18:41:23.0994 5304 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys
18:41:24.0087 5304 amdkmdag - ok
18:41:24.0930 5304 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys
18:41:24.0930 5304 amdkmdap - ok
18:41:24.0992 5304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:41:24.0992 5304 AmdPPM - ok
18:41:25.0086 5304 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
18:41:25.0086 5304 amdsata - ok
18:41:25.0132 5304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:41:25.0164 5304 amdsbs - ok
18:41:25.0210 5304 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
18:41:25.0226 5304 amdxata - ok
18:41:25.0351 5304 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:41:25.0366 5304 AppID - ok
18:41:25.0398 5304 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:41:25.0398 5304 AppIDSvc - ok
18:41:25.0491 5304 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:41:25.0507 5304 Appinfo - ok
18:41:25.0663 5304 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:41:25.0663 5304 Apple Mobile Device - ok
18:41:25.0819 5304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:41:25.0834 5304 arc - ok
18:41:25.0897 5304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:41:25.0912 5304 arcsas - ok
18:41:26.0053 5304 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:41:26.0131 5304 aspnet_state - ok
18:41:26.0193 5304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:26.0209 5304 AsyncMac - ok
18:41:26.0256 5304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:41:26.0271 5304 atapi - ok
18:41:26.0365 5304 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
18:41:26.0365 5304 AtiHdmiService - ok
18:41:26.0396 5304 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
18:41:26.0412 5304 AtiPcie - ok
18:41:26.0833 5304 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:41:26.0864 5304 AudioEndpointBuilder - ok
18:41:26.0864 5304 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:41:26.0895 5304 AudioSrv - ok
18:41:26.0989 5304 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:41:26.0989 5304 AxInstSV - ok
18:41:27.0036 5304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:41:27.0051 5304 b06bdrv - ok
18:41:27.0082 5304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:41:27.0098 5304 b57nd60a - ok
18:41:27.0394 5304 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:41:27.0441 5304 BBSvc - ok
18:41:27.0472 5304 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:41:27.0488 5304 BDESVC - ok
18:41:27.0519 5304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:41:27.0519 5304 Beep - ok
18:41:27.0722 5304 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:41:27.0738 5304 BFE - ok
18:41:28.0190 5304 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:41:28.0206 5304 BITS - ok
18:41:28.0471 5304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:41:28.0471 5304 blbdrive - ok
18:41:28.0611 5304 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:41:28.0642 5304 Bonjour Service - ok
18:41:28.0767 5304 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:41:28.0767 5304 bowser - ok
18:41:28.0830 5304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:41:28.0830 5304 BrFiltLo - ok
18:41:28.0845 5304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:41:28.0861 5304 BrFiltUp - ok
18:41:28.0923 5304 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:41:28.0939 5304 BridgeMP - ok
18:41:28.0986 5304 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:41:28.0986 5304 Browser - ok
18:41:29.0079 5304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:41:29.0095 5304 Brserid - ok
18:41:29.0110 5304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:41:29.0142 5304 BrSerWdm - ok
18:41:29.0157 5304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:41:29.0157 5304 BrUsbMdm - ok
18:41:29.0173 5304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:41:29.0188 5304 BrUsbSer - ok
18:41:29.0220 5304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:41:29.0235 5304 BTHMODEM - ok
18:41:29.0282 5304 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:41:29.0298 5304 bthserv - ok
18:41:29.0313 5304 catchme - ok
18:41:29.0344 5304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:41:29.0360 5304 cdfs - ok
18:41:29.0391 5304 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:41:29.0407 5304 cdrom - ok
18:41:29.0516 5304 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:41:29.0516 5304 CertPropSvc - ok
18:41:29.0547 5304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:41:29.0563 5304 circlass - ok
18:41:29.0594 5304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:41:29.0610 5304 CLFS - ok
18:41:29.0719 5304 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:41:29.0766 5304 clr_optimization_v2.0.50727_32 - ok
18:41:30.0046 5304 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:41:30.0046 5304 clr_optimization_v2.0.50727_64 - ok
18:41:30.0296 5304 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:41:30.0405 5304 clr_optimization_v4.0.30319_32 - ok
18:41:30.0780 5304 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:41:30.0858 5304 clr_optimization_v4.0.30319_64 - ok
18:41:30.0951 5304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:41:30.0967 5304 CmBatt - ok
18:41:30.0998 5304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:41:31.0029 5304 cmdide - ok
18:41:31.0388 5304 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
18:41:31.0435 5304 CNG - ok
18:41:31.0466 5304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:41:31.0482 5304 Compbatt - ok
18:41:31.0513 5304 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:41:31.0513 5304 CompositeBus - ok
18:41:31.0528 5304 COMSysApp - ok
18:41:31.0560 5304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:41:31.0575 5304 crcdisk - ok
18:41:31.0638 5304 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
18:41:31.0638 5304 CryptSvc - ok
18:41:31.0872 5304 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:41:31.0887 5304 DcomLaunch - ok
18:41:32.0199 5304 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:41:32.0262 5304 defragsvc - ok
18:41:32.0308 5304 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:41:32.0308 5304 DfsC - ok
18:41:32.0371 5304 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:41:32.0371 5304 Dhcp - ok
18:41:32.0386 5304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:41:32.0386 5304 discache - ok
18:41:32.0402 5304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:41:32.0418 5304 Disk - ok
18:41:32.0683 5304 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:41:32.0698 5304 Dnscache - ok
18:41:32.0948 5304 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:41:32.0948 5304 dot3svc - ok
18:41:32.0979 5304 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:41:32.0995 5304 DPS - ok
18:41:33.0042 5304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:41:33.0057 5304 drmkaud - ok
18:41:33.0354 5304 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:41:33.0354 5304 DXGKrnl - ok
18:41:33.0369 5304 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:41:33.0385 5304 EapHost - ok
18:41:34.0024 5304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:41:34.0352 5304 ebdrv - ok
18:41:34.0648 5304 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:41:34.0648 5304 EFS - ok
18:41:35.0335 5304 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:41:35.0382 5304 ehRecvr - ok
18:41:35.0397 5304 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:41:35.0397 5304 ehSched - ok
18:41:35.0600 5304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:41:35.0616 5304 elxstor - ok
18:41:35.0616 5304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:41:35.0631 5304 ErrDev - ok
18:41:35.0756 5304 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:41:35.0756 5304 EventSystem - ok
18:41:35.0772 5304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:41:35.0787 5304 exfat - ok
18:41:35.0974 5304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:41:35.0990 5304 fastfat - ok
18:41:36.0661 5304 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:41:36.0676 5304 Fax - ok
18:41:36.0708 5304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:41:36.0723 5304 fdc - ok
18:41:36.0754 5304 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:41:36.0754 5304 fdPHost - ok
18:41:36.0801 5304 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:41:36.0817 5304 FDResPub - ok
18:41:36.0848 5304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:41:36.0864 5304 FileInfo - ok
18:41:36.0879 5304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:41:36.0879 5304 Filetrace - ok
18:41:36.0895 5304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:41:36.0910 5304 flpydisk - ok
18:41:36.0973 5304 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:41:36.0973 5304 FltMgr - ok
18:41:37.0191 5304 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:41:37.0207 5304 FontCache - ok
18:41:37.0300 5304 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:41:37.0300 5304 FontCache3.0.0.0 - ok
18:41:37.0753 5304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:41:37.0800 5304 FsDepends - ok
18:41:38.0283 5304 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
18:41:38.0361 5304 fssfltr - ok
18:41:40.0155 5304 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:41:40.0264 5304 fsssvc - ok
18:41:40.0795 5304 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:41:40.0810 5304 Fs_Rec - ok
18:41:41.0044 5304 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
18:41:41.0060 5304 FTDIBUS - ok
18:41:41.0232 5304 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
18:41:41.0247 5304 FTSER2K - ok
18:41:41.0606 5304 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:41:41.0622 5304 fvevol - ok
18:41:41.0778 5304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:41:41.0793 5304 gagp30kx - ok
18:41:42.0074 5304 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:41:42.0090 5304 GameConsoleService - ok
18:41:42.0152 5304 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:41:42.0152 5304 GEARAspiWDM - ok
18:41:42.0261 5304 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:41:42.0292 5304 gpsvc - ok
18:41:42.0324 5304 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
18:41:42.0324 5304 hamachi - ok
18:41:43.0135 5304 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:41:43.0197 5304 Hamachi2Svc - ok
18:41:44.0866 5304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:41:44.0882 5304 hcw85cir - ok
18:41:45.0007 5304 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:41:45.0023 5304 HdAudAddService - ok
18:41:45.0069 5304 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:41:45.0085 5304 HDAudBus - ok
18:41:45.0210 5304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:41:45.0225 5304 HidBatt - ok
18:41:45.0350 5304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:41:45.0366 5304 HidBth - ok
18:41:45.0397 5304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:41:45.0413 5304 HidIr - ok
18:41:45.0631 5304 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:41:45.0631 5304 hidserv - ok
18:41:46.0099 5304 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:41:46.0130 5304 HidUsb - ok
18:41:46.0364 5304 HiPatchService (08b58ad2bd4906e793783e4d78a680a0) C:\HiPatchService.exe
18:41:46.0364 5304 HiPatchService - ok
18:41:46.0489 5304 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:41:46.0489 5304 hkmsvc - ok
18:41:46.0770 5304 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:41:46.0785 5304 HomeGroupListener - ok
18:41:46.0801 5304 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:41:46.0801 5304 HomeGroupProvider - ok
18:41:46.0895 5304 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:41:46.0895 5304 HP Support Assistant Service - ok
18:41:47.0082 5304 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:41:47.0097 5304 HPDrvMntSvc.exe - ok
18:41:47.0144 5304 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:41:47.0160 5304 hpqwmiex - ok
18:41:47.0347 5304 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:41:47.0394 5304 HpSAMD - ok
18:41:47.0456 5304 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:41:47.0472 5304 HTTP - ok
18:41:47.0472 5304 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:41:47.0472 5304 hwpolicy - ok
18:41:47.0503 5304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:41:47.0519 5304 i8042prt - ok
18:41:47.0550 5304 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:41:47.0581 5304 iaStorV - ok
18:41:48.0423 5304 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:41:48.0517 5304 idsvc - ok
18:41:48.0548 5304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:41:48.0564 5304 iirsp - ok
18:41:48.0642 5304 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:41:48.0657 5304 IKEEXT - ok
18:41:49.0500 5304 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
18:41:49.0531 5304 IntcAzAudAddService - ok
18:41:49.0812 5304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:41:49.0843 5304 intelide - ok
18:41:49.0874 5304 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:41:49.0890 5304 intelppm - ok
18:41:49.0905 5304 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:41:49.0921 5304 IPBusEnum - ok
18:41:49.0937 5304 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:41:49.0952 5304 IpFilterDriver - ok
18:41:50.0295 5304 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:41:50.0311 5304 iphlpsvc - ok
18:41:50.0389 5304 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:41:50.0420 5304 IPMIDRV - ok
18:41:50.0451 5304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:41:50.0467 5304 IPNAT - ok
18:41:50.0717 5304 iPod Service (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe
18:41:50.0748 5304 iPod Service - ok
18:41:50.0779 5304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:41:50.0826 5304 IRENUM - ok
18:41:50.0841 5304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:41:50.0873 5304 isapnp - ok
18:41:50.0904 5304 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:41:50.0919 5304 iScsiPrt - ok
18:41:50.0935 5304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:41:50.0935 5304 kbdclass - ok
18:41:50.0951 5304 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:41:50.0951 5304 kbdhid - ok
18:41:51.0044 5304 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:51.0044 5304 KeyIso - ok
18:41:51.0325 5304 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
18:41:51.0356 5304 KSecDD - ok
18:41:51.0387 5304 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
18:41:51.0387 5304 KSecPkg - ok
18:41:51.0419 5304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:41:51.0419 5304 ksthunk - ok
18:41:51.0450 5304 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:41:51.0465 5304 KtmRm - ok
18:41:51.0497 5304 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:41:51.0512 5304 LanmanServer - ok
18:41:51.0528 5304 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:41:51.0528 5304 LanmanWorkstation - ok
18:41:51.0731 5304 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:41:51.0777 5304 LightScribeService - ok
18:41:51.0840 5304 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:41:51.0840 5304 lltdio - ok
18:41:51.0902 5304 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:41:51.0918 5304 lltdsvc - ok
18:41:51.0933 5304 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:41:51.0933 5304 lmhosts - ok
18:41:52.0121 5304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:41:52.0136 5304 LSI_FC - ok
18:41:52.0167 5304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:41:52.0183 5304 LSI_SAS - ok
18:41:52.0183 5304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:41:52.0199 5304 LSI_SAS2 - ok
18:41:52.0214 5304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:41:52.0230 5304 LSI_SCSI - ok
18:41:52.0261 5304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:41:52.0261 5304 luafv - ok
18:41:52.0308 5304 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
18:41:52.0308 5304 MBAMProtector - ok
18:41:52.0495 5304 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:41:52.0495 5304 MBAMService - ok
18:41:52.0542 5304 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:41:52.0542 5304 Mcx2Svc - ok
18:41:52.0557 5304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:41:52.0573 5304 megasas - ok
18:41:52.0698 5304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:41:52.0745 5304 MegaSR - ok
18:41:52.0807 5304 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:41:52.0807 5304 MMCSS - ok
18:41:52.0823 5304 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:41:52.0869 5304 Modem - ok
18:41:52.0916 5304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:41:52.0916 5304 monitor - ok
18:41:52.0963 5304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:41:52.0963 5304 mouclass - ok
18:41:52.0979 5304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:41:52.0979 5304 mouhid - ok
18:41:52.0994 5304 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:41:53.0041 5304 mountmgr - ok
18:41:53.0384 5304 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:41:53.0415 5304 MozillaMaintenance - ok
18:41:53.0447 5304 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:41:53.0447 5304 mpio - ok
18:41:53.0478 5304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:41:53.0493 5304 mpsdrv - ok
18:41:53.0509 5304 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:41:53.0525 5304 MRxDAV - ok
18:41:53.0743 5304 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:41:53.0743 5304 mrxsmb - ok
18:41:53.0837 5304 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:41:53.0868 5304 mrxsmb10 - ok
18:41:53.0899 5304 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:41:53.0915 5304 mrxsmb20 - ok
18:41:53.0930 5304 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:41:53.0946 5304 msahci - ok
18:41:53.0977 5304 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:41:54.0008 5304 msdsm - ok
18:41:54.0117 5304 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:41:54.0149 5304 MSDTC - ok
18:41:54.0273 5304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:41:54.0289 5304 Msfs - ok
18:41:54.0305 5304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:41:54.0305 5304 mshidkmdf - ok
18:41:54.0320 5304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:41:54.0336 5304 msisadrv - ok
18:41:54.0351 5304 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:41:54.0367 5304 MSiSCSI - ok
18:41:54.0367 5304 msiserver - ok
18:41:54.0383 5304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:41:54.0398 5304 MSKSSRV - ok
18:41:54.0414 5304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:41:54.0429 5304 MSPCLOCK - ok
18:41:54.0429 5304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:41:54.0445 5304 MSPQM - ok
18:41:54.0476 5304 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:41:54.0476 5304 MsRPC - ok
18:41:54.0492 5304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:41:54.0507 5304 mssmbios - ok
18:41:54.0507 5304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:41:54.0507 5304 MSTEE - ok
18:41:54.0523 5304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:41:54.0539 5304 MTConfig - ok
18:41:54.0554 5304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:41:54.0570 5304 Mup - ok
18:41:54.0819 5304 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:41:54.0835 5304 napagent - ok
18:41:54.0882 5304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:41:54.0882 5304 NativeWifiP - ok
18:41:55.0147 5304 NAVENG (5f20c5ab2f3cdc1700a1013902398e5c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS
18:41:55.0178 5304 NAVENG - ok
18:41:55.0771 5304 NAVEX15 (386578e94e66302136288b349deb1e92) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS
18:41:55.0802 5304 NAVEX15 - ok
18:41:56.0317 5304 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:41:56.0333 5304 NDIS - ok
18:41:56.0348 5304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:41:56.0364 5304 NdisCap - ok
18:41:56.0379 5304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:41:56.0379 5304 NdisTapi - ok
18:41:56.0395 5304 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:41:56.0395 5304 Ndisuio - ok
18:41:56.0411 5304 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:41:56.0411 5304 NdisWan - ok
18:41:56.0426 5304 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:41:56.0426 5304 NDProxy - ok
18:41:56.0442 5304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:41:56.0442 5304 NetBIOS - ok
18:41:56.0457 5304 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:41:56.0457 5304 NetBT - ok
18:41:56.0489 5304 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:41:56.0489 5304 Netlogon - ok
18:41:56.0723 5304 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:41:56.0754 5304 Netman - ok
18:41:56.0941 5304 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:56.0972 5304 NetMsmqActivator - ok
18:41:56.0972 5304 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:56.0972 5304 NetPipeActivator - ok
18:41:57.0019 5304 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:41:57.0019 5304 netprofm - ok
18:41:57.0565 5304 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
18:41:57.0581 5304 netr28x - ok
18:41:57.0705 5304 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:57.0721 5304 NetTcpActivator - ok
18:41:57.0721 5304 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:57.0721 5304 NetTcpPortSharing - ok
18:41:57.0752 5304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:41:57.0768 5304 nfrd960 - ok
18:41:57.0815 5304 NIS (436e7b2e6f42c2717c1d670220d03336) C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
18:41:57.0815 5304 NIS - ok
18:41:57.0861 5304 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:41:57.0861 5304 NlaSvc - ok
18:41:57.0877 5304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:41:57.0877 5304 Npfs - ok
18:41:57.0893 5304 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:41:57.0893 5304 nsi - ok
18:41:57.0908 5304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:41:57.0908 5304 nsiproxy - ok
18:41:59.0609 5304 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:41:59.0655 5304 Ntfs - ok
18:41:59.0967 5304 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:41:59.0967 5304 Null - ok
18:42:00.0014 5304 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:42:00.0014 5304 nvraid - ok
18:42:00.0061 5304 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:42:00.0077 5304 nvstor - ok
18:42:00.0092 5304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:42:00.0139 5304 nv_agp - ok
18:42:00.0170 5304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:42:00.0186 5304 ohci1394 - ok
18:42:00.0217 5304 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:00.0217 5304 p2pimsvc - ok
18:42:00.0264 5304 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:42:00.0264 5304 p2psvc - ok
18:42:00.0295 5304 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:42:00.0311 5304 Parport - ok
18:42:00.0529 5304 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
18:42:00.0545 5304 partmgr - ok
18:42:00.0576 5304 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:42:00.0591 5304 PcaSvc - ok
18:42:00.0638 5304 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:42:00.0638 5304 pci - ok
18:42:00.0654 5304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:42:00.0669 5304 pciide - ok
18:42:00.0685 5304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:42:00.0716 5304 pcmcia - ok
18:42:00.0716 5304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:42:00.0732 5304 pcw - ok
18:42:00.0747 5304 pdfcDispatcher - ok
18:42:01.0013 5304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:42:01.0028 5304 PEAUTH - ok
18:42:01.0262 5304 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:42:01.0278 5304 PerfHost - ok
18:42:01.0902 5304 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:42:02.0027 5304 pla - ok
18:42:02.0323 5304 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:42:02.0323 5304 PlugPlay - ok
18:42:02.0339 5304 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:42:02.0354 5304 PNRPAutoReg - ok
18:42:02.0370 5304 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:02.0385 5304 PNRPsvc - ok
18:42:02.0417 5304 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:42:02.0432 5304 PolicyAgent - ok
18:42:02.0463 5304 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:42:02.0463 5304 Power - ok
18:42:02.0682 5304 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:02.0697 5304 PptpMiniport - ok
18:42:02.0713 5304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:42:02.0744 5304 Processor - ok
18:42:02.0791 5304 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
18:42:02.0807 5304 ProfSvc - ok
18:42:02.0838 5304 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:42:02.0838 5304 ProtectedStorage - ok
18:42:02.0885 5304 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:42:02.0885 5304 Psched - ok
18:42:03.0119 5304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:42:03.0165 5304 ql2300 - ok
18:42:03.0696 5304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:42:03.0727 5304 ql40xx - ok
18:42:03.0930 5304 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:42:03.0945 5304 QWAVE - ok
18:42:03.0992 5304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:42:04.0039 5304 QWAVEdrv - ok
18:42:04.0086 5304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:04.0117 5304 RasAcd - ok
18:42:04.0164 5304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:42:04.0164 5304 RasAgileVpn - ok
18:42:04.0179 5304 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:42:04.0179 5304 RasAuto - ok
18:42:04.0195 5304 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:04.0211 5304 Rasl2tp - ok
18:42:04.0242 5304 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:42:04.0242 5304 RasMan - ok
18:42:04.0273 5304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:04.0273 5304 RasPppoe - ok
18:42:04.0273 5304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:04.0289 5304 RasSstp - ok
18:42:04.0304 5304 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:04.0304 5304 rdbss - ok
18:42:04.0320 5304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:42:04.0335 5304 rdpbus - ok
18:42:04.0335 5304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:04.0335 5304 RDPCDD - ok
18:42:04.0351 5304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:42:04.0351 5304 RDPENCDD - ok
18:42:04.0367 5304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:42:04.0367 5304 RDPREFMP - ok
18:42:04.0445 5304 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
18:42:04.0460 5304 RDPWD - ok
18:42:04.0491 5304 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:42:04.0523 5304 rdyboost - ok
18:42:04.0538 5304 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:42:04.0554 5304 RemoteAccess - ok
18:42:04.0601 5304 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:42:04.0616 5304 RemoteRegistry - ok
18:42:04.0632 5304 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:42:04.0632 5304 RpcEptMapper - ok
18:42:04.0647 5304 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:42:04.0647 5304 RpcLocator - ok
18:42:04.0679 5304 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:42:04.0694 5304 RpcSs - ok
18:42:04.0757 5304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:04.0757 5304 rspndr - ok
18:42:04.0803 5304 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:42:04.0803 5304 RTL8167 - ok
18:42:04.0850 5304 RzSynapse (f71eea505290b0aad48850f0d750702d) C:\Windows\system32\DRIVERS\RzSynapse.sys
18:42:04.0866 5304 RzSynapse - ok
18:42:04.0991 5304 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:42:04.0991 5304 SamSs - ok
18:42:05.0022 5304 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:42:05.0069 5304 sbp2port - ok
18:42:05.0115 5304 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
18:42:05.0115 5304 SBRE - ok
18:42:05.0256 5304 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:42:05.0287 5304 SCardSvr - ok
18:42:05.0303 5304 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:42:05.0318 5304 scfilter - ok
18:42:05.0646 5304 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:42:05.0677 5304 Schedule - ok
18:42:05.0708 5304 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:42:05.0708 5304 SCPolicySvc - ok
18:42:05.0724 5304 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:42:05.0755 5304 SDRSVC - ok
18:42:05.0942 5304 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:42:05.0958 5304 SeaPort - ok
18:42:06.0020 5304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:42:06.0020 5304 secdrv - ok
18:42:06.0051 5304 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:42:06.0051 5304 seclogon - ok
18:42:06.0067 5304 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:42:06.0083 5304 SENS - ok
18:42:06.0098 5304 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:42:06.0098 5304 SensrSvc - ok
18:42:06.0129 5304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:42:06.0145 5304 Serenum - ok
18:42:06.0161 5304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:42:06.0176 5304 Serial - ok
18:42:06.0192 5304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:42:06.0207 5304 sermouse - ok
18:42:06.0270 5304 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:42:06.0285 5304 SessionEnv - ok
18:42:06.0317 5304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:42:06.0332 5304 sffdisk - ok
18:42:06.0363 5304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:42:06.0379 5304 sffp_mmc - ok
18:42:06.0379 5304 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:42:06.0395 5304 sffp_sd - ok
18:42:06.0395 5304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:42:06.0410 5304 sfloppy - ok
18:42:06.0441 5304 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:42:06.0441 5304 SharedAccess - ok
18:42:06.0473 5304 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:42:06.0473 5304 ShellHWDetection - ok
18:42:06.0504 5304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:42:06.0504 5304 SiSRaid2 - ok
18:42:06.0535 5304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:42:06.0551 5304 SiSRaid4 - ok
18:42:06.0660 5304 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:42:06.0660 5304 SkypeUpdate - ok
18:42:06.0691 5304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:42:06.0707 5304 Smb - ok
18:42:06.0738 5304 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:42:06.0753 5304 SNMPTRAP - ok
18:42:06.0785 5304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:42:06.0800 5304 spldr - ok
18:42:06.0972 5304 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:42:07.0003 5304 Spooler - ok
18:42:07.0409 5304 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:42:07.0455 5304 sppsvc - ok
18:42:08.0001 5304 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:42:08.0017 5304 sppuinotify - ok
18:42:08.0345 5304 sptd (4b3f898dc1378ced2f35d04e5b0ce0df) C:\Windows\System32\Drivers\sptd.sys
18:42:08.0345 5304 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4b3f898dc1378ced2f35d04e5b0ce0df
18:42:08.0345 5304 sptd ( LockedFile.Multi.Generic ) - warning
18:42:08.0345 5304 sptd - detected LockedFile.Multi.Generic (1)
18:42:09.0249 5304 SpyHunter 4 Service (cef26d36cf0c8a2ae6aac27767070308) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
18:42:09.0296 5304 SpyHunter 4 Service - ok
18:42:10.0544 5304 SRTSP (4f3dee025dfc4d8bb067fa952d040405) C:\Windows\system32\drivers\NISx64\1200000.080\SRTSP64.SYS
18:42:10.0544 5304 SRTSP - ok
18:42:10.0575 5304 SRTSPX (f14935c467021f3293a099307cfc8e2a) C:\Windows\system32\drivers\NISx64\1200000.080\SRTSPX64.SYS
18:42:10.0591 5304 SRTSPX - ok
18:42:11.0153 5304 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:42:11.0184 5304 srv - ok
18:42:11.0293 5304 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:42:11.0293 5304 srv2 - ok
18:42:11.0340 5304 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:42:11.0340 5304 srvnet - ok
18:42:11.0418 5304 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:42:11.0418 5304 SSDPSRV - ok
18:42:11.0433 5304 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:42:11.0449 5304 SstpSvc - ok
18:42:11.0480 5304 Steam Client Service - ok
18:42:11.0527 5304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:42:11.0543 5304 stexstor - ok
18:42:11.0745 5304 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:42:11.0761 5304 stisvc - ok
18:42:11.0839 5304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:42:11.0839 5304 swenum - ok
18:42:12.0447 5304 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:42:12.0479 5304 swprv - ok
18:42:13.0493 5304 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:42:13.0539 5304 SysMain - ok
18:42:14.0007 5304 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:42:14.0023 5304 TabletInputService - ok
18:42:14.0163 5304 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:42:14.0179 5304 TapiSrv - ok
18:42:14.0210 5304 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:42:14.0210 5304 TBS - ok
18:42:15.0380 5304 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
18:42:15.0427 5304 Tcpip - ok
18:42:16.0659 5304 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
18:42:16.0675 5304 TCPIP6 - ok
18:42:16.0893 5304 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:42:16.0893 5304 tcpipreg - ok
18:42:16.0956 5304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:42:16.0971 5304 TDPIPE - ok
18:42:17.0018 5304 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:42:17.0034 5304 TDTCP - ok
18:42:17.0081 5304 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:42:17.0081 5304 tdx - ok
18:42:17.0127 5304 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:42:17.0127 5304 TermDD - ok
18:42:17.0252 5304 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:42:17.0252 5304 TermService - ok
18:42:17.0299 5304 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:42:17.0299 5304 Themes - ok
18:42:17.0393 5304 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:17.0393 5304 THREADORDER - ok
18:42:17.0455 5304 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:42:17.0455 5304 TrkWks - ok
18:42:17.0580 5304 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:42:17.0580 5304 TrustedInstaller - ok
18:42:17.0627 5304 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:17.0627 5304 tssecsrv - ok
18:42:17.0783 5304 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:42:17.0783 5304 tunnel - ok
18:42:17.0798 5304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:42:17.0814 5304 uagp35 - ok
18:42:17.0876 5304 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:42:17.0892 5304 udfs - ok
18:42:17.0970 5304 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:42:17.0985 5304 UI0Detect - ok
18:42:18.0017 5304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:42:18.0032 5304 uliagpkx - ok
18:42:18.0079 5304 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:42:18.0095 5304 umbus - ok
18:42:18.0095 5304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:42:18.0110 5304 UmPass - ok
18:42:18.0157 5304 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:42:18.0157 5304 upnphost - ok
18:42:18.0344 5304 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
18:42:18.0360 5304 USBAAPL64 - ok
18:42:18.0391 5304 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:42:18.0391 5304 usbaudio - ok
18:42:18.0438 5304 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:18.0438 5304 usbccgp - ok
18:42:18.0469 5304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:42:18.0485 5304 usbcir - ok
18:42:18.0516 5304 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:42:18.0516 5304 usbehci - ok
18:42:18.0531 5304 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
18:42:18.0531 5304 usbfilter - ok
18:42:18.0563 5304 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:42:18.0563 5304 usbhub - ok
18:42:18.0625 5304 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
18:42:18.0625 5304 usbohci - ok
18:42:18.0641 5304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:42:18.0656 5304 usbprint - ok
18:42:18.0687 5304 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:18.0687 5304 USBSTOR - ok
18:42:18.0719 5304 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
18:42:18.0734 5304 usbuhci - ok
18:42:18.0750 5304 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:42:18.0750 5304 UxSms - ok
18:42:18.0781 5304 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:42:18.0781 5304 VaultSvc - ok
18:42:18.0797 5304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:42:18.0812 5304 vdrvroot - ok
18:42:18.0859 5304 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:42:18.0875 5304 vds - ok
18:42:18.0890 5304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:18.0890 5304 vga - ok
18:42:18.0906 5304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:42:18.0906 5304 VgaSave - ok
18:42:18.0921 5304 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:42:18.0937 5304 vhdmp - ok
18:42:18.0953 5304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:42:18.0968 5304 viaide - ok
18:42:18.0984 5304 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:42:18.0984 5304 volmgr - ok
18:42:19.0015 5304 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:42:19.0046 5304 volmgrx - ok
18:42:19.0062 5304 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:42:19.0077 5304 volsnap - ok
18:42:19.0109 5304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:42:19.0124 5304 vsmraid - ok
18:42:19.0280 5304 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:42:19.0296 5304 VSS - ok
18:42:19.0514 5304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:42:19.0514 5304 vwifibus - ok
18:42:19.0561 5304 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:42:19.0561 5304 vwififlt - ok
18:42:19.0577 5304 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:42:19.0577 5304 vwifimp - ok
18:42:19.0623 5304 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:42:19.0623 5304 W32Time - ok
18:42:19.0639 5304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:42:19.0639 5304 WacomPen - ok
18:42:19.0701 5304 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:19.0717 5304 WANARP - ok
18:42:19.0717 5304 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:19.0717 5304 Wanarpv6 - ok
18:42:19.0982 5304 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:42:20.0013 5304 WatAdminSvc - ok
18:42:20.0138 5304 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:42:20.0169 5304 wbengine - ok
18:42:20.0341 5304 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:42:20.0357 5304 WbioSrvc - ok
18:42:20.0419 5304 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:42:20.0435 5304 wcncsvc - ok
18:42:20.0450 5304 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:42:20.0466 5304 WcsPlugInService - ok
18:42:20.0481 5304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:42:20.0497 5304 Wd - ok
18:42:20.0528 5304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:42:20.0544 5304 Wdf01000 - ok
18:42:20.0544 5304 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:42:20.0544 5304 WdiServiceHost - ok
18:42:20.0559 5304 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:42:20.0559 5304 WdiSystemHost - ok
18:42:20.0622 5304 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:42:20.0622 5304 WebClient - ok
18:42:20.0653 5304 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:42:20.0653 5304 Wecsvc - ok
18:42:20.0669 5304 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:42:20.0669 5304 wercplsupport - ok
18:42:20.0700 5304 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:42:20.0700 5304 WerSvc - ok
18:42:20.0731 5304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:42:20.0731 5304 WfpLwf - ok
18:42:20.0747 5304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:42:20.0762 5304 WIMMount - ok
18:42:20.0809 5304 WinDefend - ok
18:42:20.0809 5304 WinHttpAutoProxySvc - ok
18:42:20.0856 5304 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:42:20.0856 5304 Winmgmt - ok
18:42:20.0996 5304 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:42:21.0043 5304 WinRM - ok
18:42:21.0261 5304 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:42:21.0277 5304 WinUsb - ok
18:42:21.0355 5304 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:42:21.0355 5304 Wlansvc - ok
18:42:21.0542 5304 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:42:21.0558 5304 wlcrasvc - ok
18:42:22.0213 5304 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:42:22.0307 5304 wlidsvc - ok
18:42:22.0556 5304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:42:22.0556 5304 WmiAcpi - ok
18:42:22.0775 5304 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:42:22.0837 5304 wmiApSrv - ok
18:42:22.0899 5304 WMPNetworkSvc - ok
18:42:22.0946 5304 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:42:22.0977 5304 WPCSvc - ok
18:42:22.0993 5304 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:42:22.0993 5304 WPDBusEnum - ok
18:42:23.0040 5304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:23.0040 5304 ws2ifsl - ok
18:42:23.0352 5304 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:42:23.0383 5304 wscsvc - ok
18:42:23.0383 5304 WSearch - ok
18:42:23.0976 5304 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:42:24.0023 5304 wuauserv - ok
18:42:24.0210 5304 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:42:24.0210 5304 WudfPf - ok
18:42:24.0241 5304 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:24.0241 5304 WUDFRd - ok
18:42:24.0257 5304 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:42:24.0257 5304 wudfsvc - ok
18:42:24.0288 5304 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:42:24.0303 5304 WwanSvc - ok
18:42:24.0350 5304 MBR (0x1B8) (b75e16f62761fb1798b407a046cb2a03) \Device\Harddisk0\DR0
18:42:24.0756 5304 \Device\Harddisk0\DR0 - ok
18:42:24.0771 5304 Boot (0x1200) (1811051adc80b65cf3f8c7af0246bdf1) \Device\Harddisk0\DR0\Partition0
18:42:24.0771 5304 \Device\Harddisk0\DR0\Partition0 - ok
18:42:24.0771 5304 Boot (0x1200) (c9c2cc7e4a15c81ef3a73f78982fa8d8) \Device\Harddisk0\DR0\Partition1
18:42:24.0771 5304 \Device\Harddisk0\DR0\Partition1 - ok
18:42:24.0818 5304 Boot (0x1200) (a48e97f60df7d6e17152afa3ab44314f) \Device\Harddisk0\DR0\Partition2
18:42:24.0849 5304 \Device\Harddisk0\DR0\Partition2 - ok
18:42:24.0849 5304 ============================================================
18:42:24.0849 5304 Scan finished
18:42:24.0849 5304 ============================================================
18:42:24.0849 5296 Detected object count: 1
18:42:24.0849 5296 Actual detected object count: 1
18:42:53.0179 5296 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:42:53.0179 5296 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#4 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 August 2012 - 06:13 PM

Here is the aswmbr log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-07 18:45:24
-----------------------------
18:45:24.368 OS Version: Windows x64 6.1.7600
18:45:24.368 Number of processors: 4 586 0x403
18:45:24.368 ComputerName: CAM-HP UserName: Cam
18:45:26.801 Initialize success
18:46:58.218 AVAST engine defs: 12080701
18:47:10.542 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
18:47:10.542 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
18:47:10.557 Disk 0 MBR read successfully
18:47:10.557 Disk 0 MBR scan
18:47:10.557 Disk 0 unknown MBR code
18:47:10.557 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:47:10.573 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940714 MB offset 206848
18:47:10.604 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13053 MB offset 1926789120
18:47:10.651 Disk 0 scanning C:\Windows\system32\drivers
18:47:18.420 Service scanning
18:47:39.262 Modules scanning
18:47:39.262 Disk 0 trace - called modules:
18:47:39.308 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005b442c0]<<sptd.sys amdxata.sys >>UNKNOWN [0xfffffa80051c92c0]<<storport.sys hal.dll amdsata.sys
18:47:39.823 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006283790]
18:47:39.823 3 CLASSPNP.SYS[fffff88000fc443f] -> nt!IofCallDriver -> [0xfffffa8006131b80]
18:47:39.839 \Driver\amdxata[0xfffffa8005bdc260] -> IRP_MJ_CREATE -> 0xfffffa8005b442c0
18:47:39.854 5 amdxata.sys[fffff8800128b7a8] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa800612d9c0]
18:47:39.854 \Driver\amdsata[0xfffffa8005bdb790] -> IRP_MJ_CREATE -> 0xfffffa80051c92c0
18:47:43.286 AVAST engine scan C:\Windows
18:47:48.154 AVAST engine scan C:\Windows\system32
18:50:41.251 AVAST engine scan C:\Windows\system32\drivers
18:50:54.480 AVAST engine scan C:\Users\Cam
18:58:22.593 AVAST engine scan C:\ProgramData
19:11:47.960 Scan finished successfully
19:12:16.306 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
19:12:16.306 The log file has been saved successfully to "C:\aswMBR.txt"

#5 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 August 2012 - 08:09 PM

And there is the eset scan logs. How am I looking now? And should I delete quarantined files?
Also I still can't turn my fire wall on I am still getting the error. Should I be running Rkill?

C:\Users\Cam\Downloads\Necrons_5th_Edition_Codex[Fixed].exe Win32/Adware.1ClickDownload.B application cleaned by deleting - quarantined
C:\Users\Cam\Downloads\VLC_32.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Cam\Music\VLC_32.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

Edited by Vincent Vidal, 07 August 2012 - 08:21 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:04 AM

Posted 07 August 2012 - 08:44 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 August 2012 - 10:31 PM

Here is the minitoolbox Log


MiniToolBox by Farbar Version: 23-07-2012
Ran by Cam (administrator) on 07-08-2012 at 23:30:36
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

802.11n Wireless LAN Card = Wireless Network Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Cam-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 1C-65-9D-24-6F-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 1C-65-9D-24-6F-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c81a:11d:bf81:4072%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : August-07-12 11:20:47 PM
Lease Expires . . . . . . . . . . : August-10-12 11:20:47 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 242282913
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FF-24-F1-1C-C1-DE-5D-2B-19
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : D4-85-64-9B-B5-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-EB-9B-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5eb:9bdf(Preferred)
Link-local IPv6 Address . . . . . : fe80::90d7:bd52:c78a:c36a%18(Preferred)
IPv4 Address. . . . . . . . . . . : 5.235.155.223(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : August-07-12 11:20:41 PM
Lease Expires . . . . . . . . . . : August-07-13 11:22:48 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 561674683
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FF-24-F1-1C-C1-DE-5D-2B-19
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Reusable ISATAP Interface {B202F590-91B8-4BD6-ABD4-6E76FA7C181B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1ce1:3ebc:51a6:7d91(Preferred)
Link-local IPv6 Address . . . . . : fe80::1ce1:3ebc:51a6:7d91%14(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9E104D59-0387-48A0-B8A2-7C81CF3B31C2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{885422F8-67DD-449A-A44A-344A197444EB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 2001:4860:4008:802::1005
74.125.226.66
74.125.226.68
74.125.226.67
74.125.226.72
74.125.226.71
74.125.226.70
74.125.226.73
74.125.226.69
74.125.226.78
74.125.226.65
74.125.226.64


Pinging google.com [74.125.226.66] with 32 bytes of data:
Reply from 74.125.226.66: bytes=32 time=18ms TTL=54
Reply from 74.125.226.66: bytes=32 time=17ms TTL=54

Ping statistics for 74.125.226.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 18ms, Average = 17ms
Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=47ms TTL=51
Reply from 209.191.122.70: bytes=32 time=49ms TTL=51

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 49ms, Average = 48ms
Server: mymodem
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 4ms, Average = 3ms
===========================================================================
Interface List
16...1c 65 9d 24 6f 7b ......Microsoft Virtual WiFi Miniport Adapter
12...1c 65 9d 24 6f 7a ......802.11n Wireless LAN Card
11...d4 85 64 9b b5 e8 ......Realtek PCIe FE Family Controller
18...7a 79 05 eb 9b df ......Hamachi Network Interface
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.235.155.223 9256
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.11 25
5.0.0.0 255.0.0.0 On-link 5.235.155.223 9256
5.235.155.223 255.255.255.255 On-link 5.235.155.223 9256
5.255.255.255 255.255.255.255 On-link 5.235.155.223 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.11 281
192.168.2.11 255.255.255.255 On-link 192.168.2.11 281
192.168.2.255 255.255.255.255 On-link 192.168.2.11 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.235.155.223 9256
224.0.0.0 240.0.0.0 On-link 192.168.2.11 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.235.155.223 9256
255.255.255.255 255.255.255.255 On-link 192.168.2.11 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:9d38:953c:1ce1:3ebc:51a6:7d91/128
On-link
18 276 2620:9b::/96 On-link
18 276 2620:9b::5eb:9bdf/128 On-link
18 276 fe80::/64 On-link
12 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::1ce1:3ebc:51a6:7d91/128
On-link
18 276 fe80::90d7:bd52:c78a:c36a/128
On-link
12 281 fe80::c81a:11d:bf81:4072/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
18 276 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/07/2012 07:14:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (08/07/2012 07:14:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (08/07/2012 07:14:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (08/07/2012 06:51:51 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/05/2012 11:29:40 PM) (Source: MsiInstaller) (User: Cam-HP)Cam-HP
Description: Product: Ask Toolbar -- Error 1730.You must be an Administrator to remove this application. To remove this application, you can log on as an administrator, or contact your technical support group for assistance.

Error: (08/05/2012 11:13:08 PM) (Source: Application Hang) (User: )
Description: The program Explorer.exe version 6.1.7600.16768 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8c0

Start Time: 01cd737effbea58e

Termination Time: 36

Application Path: C:\Windows\Explorer.exe

Report Id:

Error: (08/05/2012 10:55:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc000041d
Fault offset: 0x00000000000515b0
Faulting process id: 0x11fc
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (08/05/2012 10:51:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
Exception code: 0xc000041d
Fault offset: 0x0000000000001166
Faulting process id: 0x84c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (08/05/2012 10:13:48 PM) (Source: Application Hang) (User: )
Description: The program HPSFMsgr.exe version 6.0.0.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 55c

Start Time: 01cd737850d9ba5c

Termination Time: 3

Application Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

Report Id: 541064ad-df6c-11e1-898f-d485649bb5e8

Error: (07/31/2012 05:50:44 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed STOPzilla. Available with Windows Installer version 1.2 and later.; Error = 0x8007043c).


System errors:
=============
Error: (08/07/2012 11:23:35 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053

Error: (08/07/2012 11:23:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

Error: (08/07/2012 11:21:48 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/07/2012 11:21:24 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (08/07/2012 11:20:49 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/07/2012 11:20:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/07/2012 09:14:42 PM) (Source: Service Control Manager) (User: )
Description: The Hi-Rez Studios Authenticate and Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/07/2012 06:40:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (08/07/2012 06:39:50 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/07/2012 06:39:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


Microsoft Office Sessions:
=========================
Error: (08/07/2012 07:14:58 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Cam\Downloads\esetsmartinstaller_enu.exe

Error: (08/07/2012 07:14:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Cam\Downloads\esetsmartinstaller_enu.exe

Error: (08/07/2012 07:14:53 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Cam\Downloads\esetsmartinstaller_enu.exe

Error: (08/07/2012 06:51:51 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (08/05/2012 11:29:40 PM) (Source: MsiInstaller)(User: Cam-HP)Cam-HP
Description: Product: Ask Toolbar -- Error 1730.You must be an Administrator to remove this application. To remove this application, you can log on as an administrator, or contact your technical support group for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/05/2012 11:13:08 PM) (Source: Application Hang)(User: )
Description: Explorer.exe6.1.7600.167688c001cd737effbea58e36C:\Windows\Explorer.exe

Error: (08/05/2012 10:55:52 PM) (Source: Application Error)(User: )
Description: Explorer.exe6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c000041d00000000000515b011fc01cd737e620fce2dC:\Windows\Explorer.exeC:\Windows\SYSTEM32\ntdll.dll3bb37786-df72-11e1-898f-d485649bb5e8

Error: (08/05/2012 10:51:23 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7600.167684d688122DUI70.dll6.1.7600.163854a5bdf25c000041d000000000000116684c01cd737d98c96bb5C:\Windows\explorer.exeC:\Windows\system32\DUI70.dll9adf116a-df71-11e1-898f-d485649bb5e8

Error: (08/05/2012 10:13:48 PM) (Source: Application Hang)(User: )
Description: HPSFMsgr.exe6.0.0.1655c01cd737850d9ba5c3C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe541064ad-df6c-11e1-898f-d485649bb5e8

Error: (07/31/2012 05:50:44 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved STOPzilla. Available with Windows Installer version 1.2 and later.0x8007043c


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
Altitude
Amnesia - The Dark Descent Demo (Version: 1.0.1)
Amnesia: The Dark Descent
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.3.127)
ARMA 2
ARMA 2: Operation Arrowhead
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Audiosurf
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BattlEye for OA Uninstall
BattlEye Uninstall
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.0.609.0)
BioShock
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 2.0.4.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0517.1742.29870)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0517.1742.29870)
Catalyst Control Center InstallProxy (Version: 2010.0517.1742.29870)
Catalyst Control Center Localization All (Version: 2010.0517.1742.29870)
ccc-core-static (Version: 2010.0517.1742.29870)
ccc-utility64 (Version: 2010.0517.1742.29870)
CCC Help Chinese Standard (Version: 2010.0517.1741.29870)
CCC Help Chinese Traditional (Version: 2010.0517.1741.29870)
CCC Help Czech (Version: 2010.0517.1741.29870)
CCC Help Danish (Version: 2010.0517.1741.29870)
CCC Help Dutch (Version: 2010.0517.1741.29870)
CCC Help English (Version: 2010.0517.1741.29870)
CCC Help Finnish (Version: 2010.0517.1741.29870)
CCC Help French (Version: 2010.0517.1741.29870)
CCC Help German (Version: 2010.0517.1741.29870)
CCC Help Greek (Version: 2010.0517.1741.29870)
CCC Help Hungarian (Version: 2010.0517.1741.29870)
CCC Help Italian (Version: 2010.0517.1741.29870)
CCC Help Japanese (Version: 2010.0517.1741.29870)
CCC Help Korean (Version: 2010.0517.1741.29870)
CCC Help Norwegian (Version: 2010.0517.1741.29870)
CCC Help Polish (Version: 2010.0517.1741.29870)
CCC Help Portuguese (Version: 2010.0517.1741.29870)
CCC Help Russian (Version: 2010.0517.1741.29870)
CCC Help Spanish (Version: 2010.0517.1741.29870)
CCC Help Swedish (Version: 2010.0517.1741.29870)
CCC Help Thai (Version: 2010.0517.1741.29870)
CCC Help Turkish (Version: 2010.0517.1741.29870)
Chuzzle Deluxe (Version: 2.2.0.95)
Company of Heroes - FAKEMSI (Version: 2.0.0.0)
Company of Heroes (Version: 2.0.0.1)
CyberLink DVD Suite Deluxe (Version: 7.0.2823)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
DAEMON Tools Toolbar (Version: 1.1.4.0024)
Dear Esther
Deus Ex: Human Revolution
Diablo III (Version: 1.0.3.10057)
Dora's Carnival Adventure (Version: 2.2.0.95)
Dota 2
Dual-Core Optimizer (Version: 1.1.4.0169)
Dungeon Defenders
DVD Menu Pack for HP MediaSmart Video (Version: 4.1.4030)
Escape Rosecliff Island (Version: 2.2.0.95)
ESET Online Scanner v3
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
From Dust
Google Chrome (Version: 21.0.1180.60)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HP Advisor (Version: 3.4.12850.3526)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Game Console
HP Games (Version: 1.0.1.3)
HP MediaSmart DVD (Version: 4.1.4229)
HP MediaSmart Music (Version: 4.1.4301)
HP MediaSmart Photo (Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.1.4214)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 8.1.4186.3400)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173)
HydraVision (Version: 4.2.166.0)
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Jewel Quest - Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.2823)
League of Legends (Version: 1.3)
Left 4 Dead 2
LightScribe System Software (Version: 1.18.15.1)
LIMBO
LogMeIn Hamachi (Version: 2.1.0.210)
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.1.4030)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA PhysX v8.10.29 (Version: 8.10.29)
Pando Media Booster (Version: 2.3.6.0)
PDF Complete Special Edition (Version: 3.5.111)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
PicoSoft 3.0
PictureMover (Version: 3.5.0.28)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Portal 2
Power2Go (Version: 6.1.4022)
PowerDirector (Version: 8.0.2906)
PressReader (Version: 5.10.621.0)
Programming Editor (Version: 5.5.0)
QuickTime (Version: 7.72.80.56)
Ralink RT2860 Wireless LAN Card
Razer BlackWidow Ultimate (Version: 1.04.04)
Realtek High Definition Audio Driver (Version: 6.0.1.6132)
Recovery Manager (Version: 5.5.2926)
RSH Home Networking Wizard (Version: 4059)
Six Updater (Version: 2.09.7014)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.116)
SpyHunter (Version: 4.9.12.4023)
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
Super Meat Boy v1.5
Tasty Planet - Back for Seconds (Version: 1.0.0)
Team Fortress 2
Team Fortress 2 Beta
Terraria
Tribes Ascend Closed Beta (Version: 0.1.760.0)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
VLC media player 0.9.2 (Version: 0.9.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

Name: MpKsl46a06edb
Description: MpKsl46a06edb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl46a06edb
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 6143.29 MB
Available physical RAM: 4206.28 MB
Total Pagefile: 12284.71 MB
Available Pagefile: 9971.35 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.93 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:918.67 GB) (Free:659.36 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.75 GB) (Free:1.56 GB) NTFS

========================= Users: ========================================

User accounts for \\CAM-HP

Administrator Cam Guest


**** End of log ****

#8 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 August 2012 - 10:33 PM

Here is the FSS log


Farbar Service Scanner Version: 06-08-2012
Ran by Cam (administrator) on 07-08-2012 at 23:32:36
Running from "C:\Users\Cam\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 01:12] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 17:21] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 22:31] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#9 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 August 2012 - 10:35 PM

And here is the adwCleaner logs



# AdwCleaner v1.800 - Logfile created 08/07/2012 at 23:34:28
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Cam - CAM-HP
# Running from : C:\Users\Cam\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Cam\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Cam\AppData\LocalLow\Conduit
Folder Found : C:\Users\Cam\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\nfhkc8ho.default\extensions\DTToolbar@toolbarnet.com
Folder Found : C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\nfhkc8ho.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\Headlight
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
[x64] Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = my.daemon-search.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\nfhkc8ho.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "icon_url": "hxxp://www.daemon-search.com/favicon.ico",
Found : "keyword": "my.daemon-search.com",
Found : "search_url": "hxxp://www.daemon-search.com/search?q={searchTerms}",
Found : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [8896 octets] - [07/08/2012 23:34:28]

########## EOF - C:\AdwCleaner[R1].txt - [9024 octets] ##########

#10 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 07 August 2012 - 10:39 PM

Here is the log after deleting and restarting



# AdwCleaner v1.800 - Logfile created 08/07/2012 at 23:36:13
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Cam - CAM-HP
# Running from : C:\Users\Cam\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Cam\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Cam\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cam\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\nfhkc8ho.default\extensions\DTToolbar@toolbarnet.com
Folder Deleted : C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\nfhkc8ho.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = my.daemon-search.com --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\nfhkc8ho.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "icon_url": "hxxp://www.daemon-search.com/favicon.ico",
Deleted : "keyword": "my.daemon-search.com",
Deleted : "search_url": "hxxp://www.daemon-search.com/search?q={searchTerms}",
Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [8955 octets] - [07/08/2012 23:34:28]
AdwCleaner[R2].txt - [9015 octets] - [07/08/2012 23:36:08]
AdwCleaner[S1].txt - [6736 octets] - [07/08/2012 23:36:13]

########## EOF - C:\AdwCleaner[S1].txt - [6864 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:04 AM

Posted 08 August 2012 - 05:54 AM

Please post the MALWAREBYTES log

Download

MpsSvc


Launch it,click YES

Restart the PC,post the new FSS log

#12 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 08 August 2012 - 01:29 PM

Here is the MBAM logs


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.07

Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Cam :: CAM-HP [administrator]

Protection: Disabled

28/07/2012 7:40:02 PM
mbam-log-2012-07-28 (19-40-02).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 534654
Time elapsed: 1 hour(s), 9 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 08 August 2012 - 01:40 PM

This is what happens when I run the MpsSvc
I don't know how to get to the logs


Adding information can unintentionally change or delete values and cause components to stop working correctly.
If you do not trust the source of this information in C:\Users\Downloads\Mpsvc(1).reg, do not add it to the registry.
Are you sure you want to continue?\

yes no



I said yes


The keys and values contained in the C:\Users\Downloads\Mpsvc(1).reg have been successfully added to the registry.

ok



'And that is all that happens

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:04 AM

Posted 08 August 2012 - 02:28 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#15 Vincent Vidal

Vincent Vidal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 08 August 2012 - 08:22 PM

Here is the FSS logs also malwarebytes keeps saying it is blocking potentially malicious website

Pmb.exe


Farbar Service Scanner Version: 06-08-2012
Ran by Cam (administrator) on 08-08-2012 at 21:21:51
Running from "C:\Users\Cam\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 01:12] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 17:21] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 22:31] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by Vincent Vidal, 08 August 2012 - 08:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users