Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can anything be told from Task Mgr?


  • Please log in to reply
15 replies to this topic

#1 Bulldog1981

Bulldog1981

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 10 August 2012 - 11:54 PM

H,

Two days ago my computer was victimized by the $200.00 FBI/Moneypak ransomware. I managed to open in Safe mode with networking and to run avast/and Housecall with no identified threats. I reset to an earlier rescue point twice, once using Advanced System Care and once using the built in windows rescue. I had to re-install World of Tanks which takes about 4 hours so I am pretty sure that one or both did actually take me back in time to 7/31/12.

I'm not altogether comfortable that everything is "undone". I looked in Task Mgr. and two entries do not have my name as user nor a description out to the far right. One is csrss.exe and the other winlogon.exe. All others have my name as user and a description. Is this normal for these or are they possibly "lurkers" in my computer? If someone knows I'd be appreciative to learn whats up and then, embark on the apparently daunting task of running any number of programs I've seen mentioned.

Thanks, Jeff

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:09 AM

Posted 11 August 2012 - 08:45 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 11 August 2012 - 04:41 PM

Cheers Narenxp:

I performed the task assigned and hopefully I am in better shape for having done so. THANK YOU SO VERY MUCH!!!!

The TDSSKiller info:

15:03:15.0714 5032 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:03:16.0150 5032 ============================================================
15:03:16.0150 5032 Current date / time: 2012/08/11 15:03:16.0150
15:03:16.0150 5032 SystemInfo:
15:03:16.0150 5032
15:03:16.0150 5032 OS Version: 6.1.7601 ServicePack: 1.0
15:03:16.0150 5032 Product type: Workstation
15:03:16.0150 5032 ComputerName: JEFF-PC
15:03:16.0150 5032 UserName: Jeff
15:03:16.0150 5032 Windows directory: C:\windows
15:03:16.0150 5032 System windows directory: C:\windows
15:03:16.0150 5032 Running under WOW64
15:03:16.0150 5032 Processor architecture: Intel x64
15:03:16.0150 5032 Number of processors: 2
15:03:16.0150 5032 Page size: 0x1000
15:03:16.0150 5032 Boot type: Normal boot
15:03:16.0150 5032 ============================================================
15:03:16.0556 5032 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:16.0556 5032 Drive \Device\Harddisk1\DR1 - Size: 0xEF200000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:03:16.0572 5032 Drive \Device\Harddisk2\DR3 - Size: 0xF0DFFE00 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:03:16.0572 5032 ============================================================
15:03:16.0572 5032 \Device\Harddisk0\DR0:
15:03:16.0572 5032 MBR partitions:
15:03:16.0572 5032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235CB000
15:03:16.0572 5032 \Device\Harddisk1\DR1:
15:03:16.0572 5032 MBR partitions:
15:03:16.0572 5032 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x778FC1
15:03:16.0572 5032 \Device\Harddisk2\DR3:
15:03:16.0572 5032 MBR partitions:
15:03:16.0572 5032 \Device\Harddisk2\DR3\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x786FDF
15:03:16.0572 5032 ============================================================
15:03:16.0587 5032 C: <-> \Device\Harddisk0\DR0\Partition0
15:03:16.0587 5032 ============================================================
15:03:16.0587 5032 Initialize success
15:03:16.0587 5032 ============================================================
16:24:47.0263 1016 ============================================================
16:24:47.0263 1016 Scan started
16:24:47.0263 1016 Mode: Manual; TDLFS;
16:24:47.0263 1016 ============================================================
16:24:47.0840 1016 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:24:47.0856 1016 1394ohci - ok
16:24:47.0965 1016 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:24:47.0996 1016 ACPI - ok
16:24:48.0012 1016 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:24:48.0012 1016 AcpiPmi - ok
16:24:48.0121 1016 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:24:48.0121 1016 AdobeARMservice - ok
16:24:48.0184 1016 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
16:24:48.0199 1016 adp94xx - ok
16:24:48.0230 1016 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
16:24:48.0230 1016 adpahci - ok
16:24:48.0262 1016 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
16:24:48.0262 1016 adpu320 - ok
16:24:48.0480 1016 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
16:24:48.0496 1016 AdvancedSystemCareService5 - ok
16:24:48.0527 1016 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:24:48.0527 1016 AeLookupSvc - ok
16:24:48.0589 1016 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:24:48.0589 1016 AFD - ok
16:24:48.0620 1016 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:24:48.0620 1016 agp440 - ok
16:24:48.0683 1016 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:24:48.0683 1016 ALG - ok
16:24:48.0714 1016 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:24:48.0714 1016 aliide - ok
16:24:48.0730 1016 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:24:48.0745 1016 amdide - ok
16:24:48.0776 1016 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
16:24:48.0776 1016 AmdK8 - ok
16:24:48.0808 1016 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
16:24:48.0823 1016 AmdPPM - ok
16:24:48.0854 1016 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:24:48.0854 1016 amdsata - ok
16:24:48.0964 1016 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
16:24:48.0979 1016 amdsbs - ok
16:24:48.0995 1016 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:24:48.0995 1016 amdxata - ok
16:24:49.0010 1016 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:24:49.0010 1016 AppID - ok
16:24:49.0073 1016 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:24:49.0073 1016 AppIDSvc - ok
16:24:49.0104 1016 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
16:24:49.0104 1016 Appinfo - ok
16:24:49.0135 1016 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
16:24:49.0151 1016 arc - ok
16:24:49.0166 1016 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
16:24:49.0166 1016 arcsas - ok
16:24:49.0213 1016 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\windows\system32\drivers\aswFsBlk.sys
16:24:49.0213 1016 aswFsBlk - ok
16:24:49.0229 1016 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\windows\system32\drivers\aswMonFlt.sys
16:24:49.0229 1016 aswMonFlt - ok
16:24:49.0260 1016 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\windows\System32\Drivers\aswrdr2.sys
16:24:49.0260 1016 aswRdr - ok
16:24:49.0385 1016 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\windows\system32\drivers\aswSnx.sys
16:24:49.0400 1016 aswSnx - ok
16:24:49.0432 1016 aswSP (3610ca74a69e380424f0452dec5c1317) C:\windows\system32\drivers\aswSP.sys
16:24:49.0432 1016 aswSP - ok
16:24:49.0447 1016 aswTdi (87de3e31cb0091d22351349869324065) C:\windows\system32\drivers\aswTdi.sys
16:24:49.0447 1016 aswTdi - ok
16:24:49.0463 1016 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:24:49.0463 1016 AsyncMac - ok
16:24:49.0494 1016 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:24:49.0494 1016 atapi - ok
16:24:49.0541 1016 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:24:49.0541 1016 AudioEndpointBuilder - ok
16:24:49.0556 1016 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:24:49.0556 1016 AudioSrv - ok
16:24:49.0650 1016 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:24:49.0650 1016 avast! Antivirus - ok
16:24:49.0993 1016 AVGIDSAgent (3ce07fb20b84734cce81cf10d1d7f803) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
16:24:50.0149 1016 AVGIDSAgent - ok
16:24:50.0258 1016 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
16:24:50.0258 1016 AVGIDSDriver - ok
16:24:50.0290 1016 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
16:24:50.0290 1016 AVGIDSEH - ok
16:24:50.0321 1016 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
16:24:50.0336 1016 AVGIDSFilter - ok
16:24:50.0430 1016 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
16:24:50.0430 1016 avgwd - ok
16:24:50.0461 1016 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
16:24:50.0477 1016 AxInstSV - ok
16:24:50.0524 1016 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
16:24:50.0539 1016 b06bdrv - ok
16:24:50.0555 1016 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:24:50.0570 1016 b57nd60a - ok
16:24:50.0602 1016 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:24:50.0602 1016 BDESVC - ok
16:24:50.0633 1016 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:24:50.0633 1016 Beep - ok
16:24:50.0664 1016 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
16:24:50.0680 1016 BFE - ok
16:24:50.0726 1016 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
16:24:50.0742 1016 BITS - ok
16:24:50.0804 1016 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:24:50.0804 1016 blbdrive - ok
16:24:50.0836 1016 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:24:50.0836 1016 bowser - ok
16:24:50.0867 1016 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
16:24:50.0867 1016 BrFiltLo - ok
16:24:50.0898 1016 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
16:24:50.0898 1016 BrFiltUp - ok
16:24:50.0929 1016 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
16:24:50.0929 1016 Browser - ok
16:24:50.0960 1016 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:24:50.0960 1016 Brserid - ok
16:24:50.0976 1016 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:24:50.0992 1016 BrSerWdm - ok
16:24:51.0038 1016 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:24:51.0038 1016 BrUsbMdm - ok
16:24:51.0054 1016 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:24:51.0054 1016 BrUsbSer - ok
16:24:51.0070 1016 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
16:24:51.0070 1016 BTHMODEM - ok
16:24:51.0101 1016 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:24:51.0101 1016 bthserv - ok
16:24:51.0132 1016 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:24:51.0132 1016 cdfs - ok
16:24:51.0163 1016 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:24:51.0163 1016 cdrom - ok
16:24:51.0210 1016 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:24:51.0210 1016 CertPropSvc - ok
16:24:51.0241 1016 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
16:24:51.0241 1016 circlass - ok
16:24:51.0288 1016 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:24:51.0288 1016 CLFS - ok
16:24:51.0350 1016 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:24:51.0366 1016 clr_optimization_v2.0.50727_32 - ok
16:24:51.0397 1016 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:24:51.0413 1016 clr_optimization_v2.0.50727_64 - ok
16:24:51.0475 1016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:24:51.0475 1016 clr_optimization_v4.0.30319_32 - ok
16:24:51.0538 1016 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:24:51.0538 1016 clr_optimization_v4.0.30319_64 - ok
16:24:51.0553 1016 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:24:51.0553 1016 CmBatt - ok
16:24:51.0584 1016 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:24:51.0584 1016 cmdide - ok
16:24:51.0631 1016 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
16:24:51.0647 1016 CNG - ok
16:24:51.0725 1016 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
16:24:51.0756 1016 CnxtHdAudService - ok
16:24:51.0850 1016 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
16:24:51.0850 1016 Compbatt - ok
16:24:51.0881 1016 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
16:24:51.0881 1016 CompositeBus - ok
16:24:51.0896 1016 COMSysApp - ok
16:24:51.0928 1016 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
16:24:51.0928 1016 crcdisk - ok
16:24:52.0021 1016 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
16:24:52.0021 1016 CryptSvc - ok
16:24:52.0068 1016 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys
16:24:52.0084 1016 dc3d - ok
16:24:52.0130 1016 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:24:52.0146 1016 DcomLaunch - ok
16:24:52.0193 1016 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:24:52.0193 1016 defragsvc - ok
16:24:52.0224 1016 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:24:52.0224 1016 DfsC - ok
16:24:52.0286 1016 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
16:24:52.0286 1016 Dhcp - ok
16:24:52.0318 1016 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:24:52.0318 1016 discache - ok
16:24:52.0349 1016 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
16:24:52.0349 1016 Disk - ok
16:24:52.0380 1016 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
16:24:52.0396 1016 Dnscache - ok
16:24:52.0427 1016 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
16:24:52.0427 1016 dot3svc - ok
16:24:52.0474 1016 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
16:24:52.0489 1016 DPS - ok
16:24:52.0520 1016 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:24:52.0520 1016 drmkaud - ok
16:24:52.0583 1016 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:24:52.0598 1016 DXGKrnl - ok
16:24:52.0645 1016 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:24:52.0645 1016 EapHost - ok
16:24:52.0801 1016 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
16:24:52.0848 1016 ebdrv - ok
16:24:52.0942 1016 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
16:24:52.0942 1016 EFS - ok
16:24:53.0035 1016 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
16:24:53.0051 1016 ehRecvr - ok
16:24:53.0066 1016 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:24:53.0082 1016 ehSched - ok
16:24:53.0160 1016 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
16:24:53.0160 1016 elxstor - ok
16:24:53.0191 1016 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:24:53.0191 1016 ErrDev - ok
16:24:53.0238 1016 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:24:53.0254 1016 EventSystem - ok
16:24:53.0285 1016 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:24:53.0285 1016 exfat - ok
16:24:53.0300 1016 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:24:53.0316 1016 fastfat - ok
16:24:53.0363 1016 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
16:24:53.0378 1016 Fax - ok
16:24:53.0394 1016 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
16:24:53.0394 1016 fdc - ok
16:24:53.0425 1016 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:24:53.0425 1016 fdPHost - ok
16:24:53.0456 1016 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:24:53.0456 1016 FDResPub - ok
16:24:53.0488 1016 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:24:53.0488 1016 FileInfo - ok
16:24:53.0628 1016 FileMonitor (2b609f74fa2884c36471743322652a16) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
16:24:53.0628 1016 FileMonitor - ok
16:24:53.0659 1016 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:24:53.0659 1016 Filetrace - ok
16:24:53.0675 1016 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
16:24:53.0675 1016 flpydisk - ok
16:24:53.0722 1016 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:24:53.0722 1016 FltMgr - ok
16:24:53.0800 1016 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
16:24:53.0815 1016 FontCache - ok
16:24:53.0878 1016 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:24:53.0878 1016 FontCache3.0.0.0 - ok
16:24:53.0940 1016 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:24:53.0956 1016 FsDepends - ok
16:24:53.0971 1016 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
16:24:53.0971 1016 Fs_Rec - ok
16:24:54.0018 1016 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:24:54.0018 1016 fvevol - ok
16:24:54.0049 1016 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
16:24:54.0049 1016 gagp30kx - ok
16:24:54.0096 1016 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
16:24:54.0112 1016 gpsvc - ok
16:24:54.0205 1016 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:24:54.0205 1016 gupdate - ok
16:24:54.0221 1016 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:24:54.0221 1016 gupdatem - ok
16:24:54.0236 1016 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:24:54.0236 1016 gusvc - ok
16:24:54.0268 1016 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:24:54.0268 1016 hcw85cir - ok
16:24:54.0299 1016 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:24:54.0314 1016 HdAudAddService - ok
16:24:54.0330 1016 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:24:54.0330 1016 HDAudBus - ok
16:24:54.0346 1016 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
16:24:54.0346 1016 HidBatt - ok
16:24:54.0377 1016 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
16:24:54.0377 1016 HidBth - ok
16:24:54.0392 1016 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
16:24:54.0392 1016 HidIr - ok
16:24:54.0439 1016 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
16:24:54.0439 1016 hidserv - ok
16:24:54.0486 1016 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:24:54.0486 1016 HidUsb - ok
16:24:54.0517 1016 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
16:24:54.0517 1016 hkmsvc - ok
16:24:54.0564 1016 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
16:24:54.0564 1016 HomeGroupListener - ok
16:24:54.0611 1016 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
16:24:54.0626 1016 HomeGroupProvider - ok
16:24:54.0658 1016 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:24:54.0658 1016 HpSAMD - ok
16:24:54.0704 1016 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:24:54.0720 1016 HTTP - ok
16:24:54.0736 1016 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:24:54.0736 1016 hwpolicy - ok
16:24:54.0751 1016 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:24:54.0751 1016 i8042prt - ok
16:24:54.0798 1016 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
16:24:54.0814 1016 iaStor - ok
16:24:54.0845 1016 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:24:54.0845 1016 iaStorV - ok
16:24:54.0907 1016 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:24:54.0923 1016 IDriverT - ok
16:24:55.0016 1016 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:24:55.0048 1016 idsvc - ok
16:24:55.0516 1016 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
16:24:55.0765 1016 igfx - ok
16:24:55.0859 1016 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
16:24:55.0859 1016 iirsp - ok
16:24:55.0921 1016 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
16:24:55.0937 1016 IKEEXT - ok
16:24:56.0077 1016 IMFservice (491fb9e6c0bd1383884d64ea5b886ad8) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
16:24:56.0077 1016 IMFservice - ok
16:24:56.0186 1016 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
16:24:56.0202 1016 IntcDAud - ok
16:24:56.0233 1016 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:24:56.0233 1016 intelide - ok
16:24:56.0249 1016 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:24:56.0249 1016 intelppm - ok
16:24:56.0296 1016 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:24:56.0296 1016 IPBusEnum - ok
16:24:56.0342 1016 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:24:56.0342 1016 IpFilterDriver - ok
16:24:56.0389 1016 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
16:24:56.0405 1016 iphlpsvc - ok
16:24:56.0436 1016 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:24:56.0436 1016 IPMIDRV - ok
16:24:56.0452 1016 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:24:56.0452 1016 IPNAT - ok
16:24:56.0483 1016 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:24:56.0483 1016 IRENUM - ok
16:24:56.0498 1016 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:24:56.0498 1016 isapnp - ok
16:24:56.0530 1016 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:24:56.0530 1016 iScsiPrt - ok
16:24:56.0576 1016 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:24:56.0576 1016 kbdclass - ok
16:24:56.0576 1016 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
16:24:56.0576 1016 kbdhid - ok
16:24:56.0623 1016 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:24:56.0623 1016 KeyIso - ok
16:24:56.0654 1016 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
16:24:56.0670 1016 KSecDD - ok
16:24:56.0686 1016 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
16:24:56.0701 1016 KSecPkg - ok
16:24:56.0717 1016 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:24:56.0732 1016 ksthunk - ok
16:24:56.0764 1016 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:24:56.0779 1016 KtmRm - ok
16:24:56.0810 1016 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
16:24:56.0810 1016 L1C - ok
16:24:56.0842 1016 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
16:24:56.0842 1016 LanmanServer - ok
16:24:56.0873 1016 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
16:24:56.0873 1016 LanmanWorkstation - ok
16:24:56.0904 1016 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:24:56.0904 1016 lltdio - ok
16:24:56.0935 1016 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:24:56.0951 1016 lltdsvc - ok
16:24:56.0966 1016 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:24:56.0966 1016 lmhosts - ok
16:24:57.0060 1016 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:24:57.0076 1016 LMS - ok
16:24:57.0122 1016 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
16:24:57.0122 1016 LSI_FC - ok
16:24:57.0169 1016 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
16:24:57.0169 1016 LSI_SAS - ok
16:24:57.0185 1016 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
16:24:57.0185 1016 LSI_SAS2 - ok
16:24:57.0232 1016 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
16:24:57.0232 1016 LSI_SCSI - ok
16:24:57.0263 1016 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:24:57.0263 1016 luafv - ok
16:24:57.0294 1016 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
16:24:57.0294 1016 Mcx2Svc - ok
16:24:57.0341 1016 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
16:24:57.0341 1016 megasas - ok
16:24:57.0372 1016 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
16:24:57.0372 1016 MegaSR - ok
16:24:57.0403 1016 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
16:24:57.0403 1016 MEIx64 - ok
16:24:57.0419 1016 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:24:57.0434 1016 MMCSS - ok
16:24:57.0450 1016 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:24:57.0466 1016 Modem - ok
16:24:57.0466 1016 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:24:57.0481 1016 monitor - ok
16:24:57.0512 1016 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:24:57.0512 1016 mouclass - ok
16:24:57.0512 1016 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:24:57.0528 1016 mouhid - ok
16:24:57.0559 1016 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:24:57.0559 1016 mountmgr - ok
16:24:57.0575 1016 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:24:57.0575 1016 mpio - ok
16:24:57.0606 1016 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:24:57.0606 1016 mpsdrv - ok
16:24:57.0653 1016 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
16:24:57.0668 1016 MpsSvc - ok
16:24:57.0700 1016 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:24:57.0700 1016 MRxDAV - ok
16:24:57.0731 1016 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:24:57.0731 1016 mrxsmb - ok
16:24:57.0762 1016 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:24:57.0762 1016 mrxsmb10 - ok
16:24:57.0778 1016 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:24:57.0778 1016 mrxsmb20 - ok
16:24:57.0809 1016 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
16:24:57.0809 1016 msahci - ok
16:24:57.0824 1016 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:24:57.0824 1016 msdsm - ok
16:24:57.0871 1016 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:24:57.0871 1016 MSDTC - ok
16:24:57.0918 1016 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:24:57.0918 1016 Msfs - ok
16:24:57.0934 1016 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:24:57.0934 1016 mshidkmdf - ok
16:24:57.0949 1016 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:24:57.0949 1016 msisadrv - ok
16:24:57.0996 1016 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:24:58.0012 1016 MSiSCSI - ok
16:24:58.0012 1016 msiserver - ok
16:24:58.0043 1016 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:24:58.0058 1016 MSKSSRV - ok
16:24:58.0074 1016 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:24:58.0074 1016 MSPCLOCK - ok
16:24:58.0090 1016 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:24:58.0090 1016 MSPQM - ok
16:24:58.0121 1016 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:24:58.0121 1016 MsRPC - ok
16:24:58.0152 1016 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:24:58.0152 1016 mssmbios - ok
16:24:58.0168 1016 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:24:58.0168 1016 MSTEE - ok
16:24:58.0183 1016 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
16:24:58.0183 1016 MTConfig - ok
16:24:58.0214 1016 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:24:58.0214 1016 Mup - ok
16:24:58.0246 1016 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
16:24:58.0261 1016 napagent - ok
16:24:58.0292 1016 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:24:58.0308 1016 NativeWifiP - ok
16:24:58.0370 1016 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:24:58.0370 1016 NDIS - ok
16:24:58.0402 1016 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:24:58.0402 1016 NdisCap - ok
16:24:58.0417 1016 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:24:58.0417 1016 NdisTapi - ok
16:24:58.0448 1016 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:24:58.0448 1016 Ndisuio - ok
16:24:58.0464 1016 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:24:58.0464 1016 NdisWan - ok
16:24:58.0495 1016 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:24:58.0511 1016 NDProxy - ok
16:24:58.0526 1016 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:24:58.0526 1016 NetBIOS - ok
16:24:58.0542 1016 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:24:58.0542 1016 NetBT - ok
16:24:58.0573 1016 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:24:58.0573 1016 Netlogon - ok
16:24:58.0620 1016 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:24:58.0620 1016 Netman - ok
16:24:58.0651 1016 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:24:58.0667 1016 netprofm - ok
16:24:58.0745 1016 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:24:58.0760 1016 NetTcpPortSharing - ok
16:24:58.0792 1016 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
16:24:58.0792 1016 nfrd960 - ok
16:24:58.0885 1016 NitroReaderDriverReadSpool2 (0734398d3d99986bb8006e9bb5eab1e5) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
16:24:58.0901 1016 NitroReaderDriverReadSpool2 - ok
16:24:58.0932 1016 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
16:24:58.0932 1016 NlaSvc - ok
16:24:58.0948 1016 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:24:58.0948 1016 Npfs - ok
16:24:58.0963 1016 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:24:58.0979 1016 nsi - ok
16:24:58.0994 1016 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:24:58.0994 1016 nsiproxy - ok
16:24:59.0166 1016 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:24:59.0197 1016 Ntfs - ok
16:24:59.0275 1016 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:24:59.0275 1016 Null - ok
16:24:59.0322 1016 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:24:59.0338 1016 nvraid - ok
16:24:59.0369 1016 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:24:59.0384 1016 nvstor - ok
16:24:59.0416 1016 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:24:59.0416 1016 nv_agp - ok
16:24:59.0447 1016 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:24:59.0447 1016 ohci1394 - ok
16:24:59.0494 1016 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:24:59.0509 1016 p2pimsvc - ok
16:24:59.0540 1016 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:24:59.0540 1016 p2psvc - ok
16:24:59.0572 1016 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
16:24:59.0572 1016 Parport - ok
16:24:59.0618 1016 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
16:24:59.0618 1016 partmgr - ok
16:24:59.0665 1016 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:24:59.0665 1016 PcaSvc - ok
16:24:59.0712 1016 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:24:59.0712 1016 pci - ok
16:24:59.0728 1016 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:24:59.0728 1016 pciide - ok
16:24:59.0774 1016 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
16:24:59.0774 1016 pcmcia - ok
16:24:59.0806 1016 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:24:59.0806 1016 pcw - ok
16:24:59.0837 1016 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:24:59.0852 1016 PEAUTH - ok
16:24:59.0915 1016 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:24:59.0930 1016 PerfHost - ok
16:25:00.0008 1016 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
16:25:00.0024 1016 PGEffect - ok
16:25:00.0118 1016 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
16:25:00.0133 1016 pla - ok
16:25:00.0164 1016 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
16:25:00.0180 1016 PlugPlay - ok
16:25:00.0211 1016 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:25:00.0211 1016 PNRPAutoReg - ok
16:25:00.0227 1016 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:25:00.0242 1016 PNRPsvc - ok
16:25:00.0289 1016 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
16:25:00.0289 1016 Point64 - ok
16:25:00.0336 1016 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
16:25:00.0352 1016 PolicyAgent - ok
16:25:00.0383 1016 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:25:00.0383 1016 Power - ok
16:25:00.0430 1016 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:25:00.0430 1016 PptpMiniport - ok
16:25:00.0461 1016 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
16:25:00.0461 1016 Processor - ok
16:25:00.0508 1016 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
16:25:00.0508 1016 ProfSvc - ok
16:25:00.0554 1016 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:25:00.0554 1016 ProtectedStorage - ok
16:25:00.0586 1016 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:25:00.0601 1016 Psched - ok
16:25:00.0617 1016 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
16:25:00.0632 1016 QIOMem - ok
16:25:00.0710 1016 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
16:25:00.0742 1016 ql2300 - ok
16:25:00.0835 1016 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
16:25:00.0835 1016 ql40xx - ok
16:25:00.0882 1016 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:25:00.0898 1016 QWAVE - ok
16:25:00.0929 1016 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:25:00.0929 1016 QWAVEdrv - ok
16:25:00.0960 1016 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:25:00.0960 1016 RasAcd - ok
16:25:01.0007 1016 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:25:01.0007 1016 RasAgileVpn - ok
16:25:01.0038 1016 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:25:01.0054 1016 RasAuto - ok
16:25:01.0069 1016 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:25:01.0085 1016 Rasl2tp - ok
16:25:01.0116 1016 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
16:25:01.0132 1016 RasMan - ok
16:25:01.0178 1016 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:25:01.0178 1016 RasPppoe - ok
16:25:01.0194 1016 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:25:01.0194 1016 RasSstp - ok
16:25:01.0210 1016 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:25:01.0210 1016 rdbss - ok
16:25:01.0241 1016 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
16:25:01.0241 1016 rdpbus - ok
16:25:01.0256 1016 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:25:01.0256 1016 RDPCDD - ok
16:25:01.0256 1016 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:25:01.0256 1016 RDPENCDD - ok
16:25:01.0272 1016 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:25:01.0272 1016 RDPREFMP - ok
16:25:01.0319 1016 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
16:25:01.0319 1016 RDPWD - ok
16:25:01.0350 1016 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:25:01.0366 1016 rdyboost - ok
16:25:01.0522 1016 RegFilter (8ccf1201a14d5ad7568e192b835abb7e) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
16:25:01.0522 1016 RegFilter - ok
16:25:01.0568 1016 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:25:01.0568 1016 RemoteAccess - ok
16:25:01.0600 1016 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:25:01.0615 1016 RemoteRegistry - ok
16:25:01.0646 1016 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:25:01.0646 1016 RpcEptMapper - ok
16:25:01.0678 1016 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:25:01.0678 1016 RpcLocator - ok
16:25:01.0709 1016 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:25:01.0724 1016 RpcSs - ok
16:25:01.0740 1016 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:25:01.0740 1016 rspndr - ok
16:25:01.0771 1016 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
16:25:01.0771 1016 RSUSBSTOR - ok
16:25:01.0802 1016 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
16:25:01.0818 1016 RSUSBVSTOR - ok
16:25:01.0865 1016 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:25:01.0880 1016 RTL8192Ce - ok
16:25:01.0912 1016 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:25:01.0912 1016 SamSs - ok
16:25:01.0927 1016 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:25:01.0927 1016 sbp2port - ok
16:25:01.0974 1016 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:25:01.0974 1016 SCardSvr - ok
16:25:01.0990 1016 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:25:01.0990 1016 scfilter - ok
16:25:02.0052 1016 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
16:25:02.0068 1016 Schedule - ok
16:25:02.0099 1016 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:25:02.0099 1016 SCPolicySvc - ok
16:25:02.0130 1016 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
16:25:02.0130 1016 SDRSVC - ok
16:25:02.0177 1016 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:25:02.0177 1016 secdrv - ok
16:25:02.0208 1016 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
16:25:02.0224 1016 seclogon - ok
16:25:02.0239 1016 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
16:25:02.0255 1016 SENS - ok
16:25:02.0286 1016 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:25:02.0286 1016 SensrSvc - ok
16:25:02.0317 1016 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
16:25:02.0317 1016 Serenum - ok
16:25:02.0348 1016 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
16:25:02.0348 1016 Serial - ok
16:25:02.0364 1016 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
16:25:02.0380 1016 sermouse - ok
16:25:02.0426 1016 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
16:25:02.0426 1016 SessionEnv - ok
16:25:02.0442 1016 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:25:02.0442 1016 sffdisk - ok
16:25:02.0473 1016 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:25:02.0473 1016 sffp_mmc - ok
16:25:02.0489 1016 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:25:02.0489 1016 sffp_sd - ok
16:25:02.0504 1016 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
16:25:02.0536 1016 sfloppy - ok
16:25:02.0582 1016 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
16:25:02.0598 1016 SharedAccess - ok
16:25:02.0645 1016 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
16:25:02.0660 1016 ShellHWDetection - ok
16:25:02.0676 1016 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
16:25:02.0676 1016 SiSRaid2 - ok
16:25:02.0707 1016 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
16:25:02.0707 1016 SiSRaid4 - ok
16:25:02.0754 1016 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\windows\system32\Drivers\SmartDefragDriver.sys
16:25:02.0754 1016 SmartDefragDriver - ok
16:25:02.0770 1016 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:25:02.0770 1016 Smb - ok
16:25:02.0785 1016 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:25:02.0801 1016 SNMPTRAP - ok
16:25:02.0832 1016 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:25:02.0832 1016 spldr - ok
16:25:02.0863 1016 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
16:25:02.0879 1016 Spooler - ok
16:25:03.0066 1016 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
16:25:03.0175 1016 sppsvc - ok
16:25:03.0284 1016 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:25:03.0284 1016 sppuinotify - ok
16:25:03.0362 1016 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:25:03.0378 1016 srv - ok
16:25:03.0409 1016 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:25:03.0425 1016 srv2 - ok
16:25:03.0472 1016 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
16:25:03.0472 1016 SrvHsfHDA - ok
16:25:03.0550 1016 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
16:25:03.0581 1016 SrvHsfV92 - ok
16:25:03.0706 1016 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
16:25:03.0721 1016 SrvHsfWinac - ok
16:25:03.0752 1016 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:25:03.0768 1016 srvnet - ok
16:25:03.0799 1016 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:25:03.0815 1016 SSDPSRV - ok
16:25:03.0830 1016 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:25:03.0830 1016 SstpSvc - ok
16:25:03.0862 1016 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
16:25:03.0877 1016 stexstor - ok
16:25:03.0924 1016 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
16:25:03.0955 1016 stisvc - ok
16:25:03.0986 1016 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
16:25:03.0986 1016 swenum - ok
16:25:04.0033 1016 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:25:04.0033 1016 swprv - ok
16:25:04.0111 1016 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
16:25:04.0127 1016 SynTP - ok
16:25:04.0298 1016 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
16:25:04.0314 1016 SysMain - ok
16:25:04.0408 1016 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
16:25:04.0423 1016 TabletInputService - ok
16:25:04.0454 1016 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
16:25:04.0470 1016 TapiSrv - ok
16:25:04.0486 1016 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:25:04.0501 1016 TBS - ok
16:25:04.0642 1016 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
16:25:04.0657 1016 Tcpip - ok
16:25:04.0829 1016 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
16:25:04.0844 1016 TCPIP6 - ok
16:25:04.0954 1016 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:25:04.0954 1016 tcpipreg - ok
16:25:05.0000 1016 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:25:05.0000 1016 tdcmdpst - ok
16:25:05.0047 1016 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:25:05.0047 1016 TDPIPE - ok
16:25:05.0078 1016 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
16:25:05.0078 1016 TDTCP - ok
16:25:05.0110 1016 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:25:05.0110 1016 tdx - ok
16:25:05.0125 1016 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
16:25:05.0125 1016 TermDD - ok
16:25:05.0172 1016 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
16:25:05.0188 1016 TermService - ok
16:25:05.0219 1016 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:25:05.0219 1016 Themes - ok
16:25:05.0266 1016 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:25:05.0266 1016 THREADORDER - ok
16:25:05.0344 1016 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:25:05.0344 1016 TMachInfo - ok
16:25:05.0390 1016 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
16:25:05.0406 1016 TODDSrv - ok
16:25:05.0484 1016 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:25:05.0500 1016 TosCoSrv - ok
16:25:05.0562 1016 TOSHIBA eco Utility Service (d0f868a67cb4d817a3f7abef8c42f49c) C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:25:05.0562 1016 TOSHIBA eco Utility Service - ok
16:25:05.0624 1016 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:25:05.0624 1016 TOSHIBA HDD SSD Alert Service - ok
16:25:05.0702 1016 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
16:25:05.0702 1016 tos_sps64 - ok
16:25:05.0780 1016 TPCHSrv (d65c6b0c070534336b72005391b6168a) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:25:05.0796 1016 TPCHSrv - ok
16:25:05.0890 1016 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:25:05.0890 1016 TrkWks - ok
16:25:05.0952 1016 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
16:25:05.0952 1016 TrustedInstaller - ok
16:25:06.0014 1016 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:25:06.0014 1016 tssecsrv - ok
16:25:06.0046 1016 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:25:06.0046 1016 TsUsbFlt - ok
16:25:06.0061 1016 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
16:25:06.0077 1016 TsUsbGD - ok
16:25:06.0092 1016 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:25:06.0092 1016 tunnel - ok
16:25:06.0139 1016 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:25:06.0139 1016 TVALZ - ok
16:25:06.0170 1016 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
16:25:06.0170 1016 TVALZFL - ok
16:25:06.0186 1016 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
16:25:06.0186 1016 uagp35 - ok
16:25:06.0233 1016 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:25:06.0233 1016 udfs - ok
16:25:06.0264 1016 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:25:06.0280 1016 UI0Detect - ok
16:25:06.0295 1016 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:25:06.0311 1016 uliagpkx - ok
16:25:06.0326 1016 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
16:25:06.0326 1016 umbus - ok
16:25:06.0342 1016 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
16:25:06.0342 1016 UmPass - ok
16:25:06.0514 1016 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:25:06.0560 1016 UNS - ok
16:25:06.0670 1016 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:25:06.0685 1016 upnphost - ok
16:25:06.0826 1016 UrlFilter (1aa6ca6b150f85f07804cba5f814d9b2) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
16:25:06.0826 1016 UrlFilter - ok
16:25:06.0888 1016 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:25:06.0904 1016 usbccgp - ok
16:25:06.0935 1016 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:25:06.0950 1016 usbcir - ok
16:25:06.0966 1016 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
16:25:06.0982 1016 usbehci - ok
16:25:07.0013 1016 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:25:07.0028 1016 usbhub - ok
16:25:07.0044 1016 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
16:25:07.0060 1016 usbohci - ok
16:25:07.0075 1016 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
16:25:07.0075 1016 usbprint - ok
16:25:07.0106 1016 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:25:07.0106 1016 USBSTOR - ok
16:25:07.0138 1016 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
16:25:07.0138 1016 usbuhci - ok
16:25:07.0184 1016 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
16:25:07.0184 1016 usbvideo - ok
16:25:07.0231 1016 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:25:07.0231 1016 UxSms - ok
16:25:07.0262 1016 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:25:07.0262 1016 VaultSvc - ok
16:25:07.0294 1016 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:25:07.0294 1016 vdrvroot - ok
16:25:07.0340 1016 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
16:25:07.0356 1016 vds - ok
16:25:07.0387 1016 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:25:07.0387 1016 vga - ok
16:25:07.0403 1016 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:25:07.0418 1016 VgaSave - ok
16:25:07.0450 1016 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:25:07.0450 1016 vhdmp - ok
16:25:07.0465 1016 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:25:07.0465 1016 viaide - ok
16:25:07.0496 1016 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:25:07.0496 1016 volmgr - ok
16:25:07.0528 1016 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:25:07.0528 1016 volmgrx - ok
16:25:07.0559 1016 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
16:25:07.0559 1016 volsnap - ok
16:25:07.0590 1016 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
16:25:07.0590 1016 vsmraid - ok
16:25:07.0684 1016 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
16:25:07.0731 1016 VSS - ok
16:25:07.0871 1016 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\TooaswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 16:26:27
-----------------------------
16:26:27.832 OS Version: Windows x64 6.1.7601 Service Pack 1
16:26:27.832 Number of processors: 2 586 0x2A07
16:26:27.832 ComputerName: JEFF-PC UserName: Jeff
16:26:29.673 Initialize success
16:26:29.845 AVAST engine defs: 12081100
16:27:38.169 The log file has been saved successfully to "C:\Users\Jeff\Documents\aswMBR.txt"


lbarUpdater.exe
16:25:07.0887 1016 vToolbarUpdater11.2.0 - ok
16:25:07.0980 1016 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:25:07.0996 1016 vwifibus - ok
16:25:08.0011 1016 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:25:08.0011 1016 vwififlt - ok
16:25:08.0058 1016 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:25:08.0074 1016 W32Time - ok
16:25:08.0121 1016 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
16:25:08.0121 1016 WacomPen - ok
16:25:08.0136 1016 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:25:08.0136 1016 WANARP - ok
16:25:08.0136 1016 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:25:08.0136 1016 Wanarpv6 - ok
16:25:08.0214 1016 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
16:25:08.0230 1016 WatAdminSvc - ok
16:25:08.0308 1016 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
16:25:08.0339 1016 wbengine - ok
16:25:08.0433 1016 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:25:08.0448 1016 WbioSrvc - ok
16:25:08.0479 1016 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
16:25:08.0479 1016 wcncsvc - ok
16:25:08.0511 1016 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:25:08.0526 1016 WcsPlugInService - ok
16:25:08.0589 1016 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
16:25:08.0589 1016 Wd - ok
16:25:08.0635 1016 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:25:08.0651 1016 Wdf01000 - ok
16:25:08.0698 1016 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:25:08.0698 1016 WdiServiceHost - ok
16:25:08.0713 1016 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:25:08.0713 1016 WdiSystemHost - ok
16:25:08.0807 1016 Web Assistant Updater (ebffe98048709c7cc7a6f6c36c7de61b) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
16:25:08.0807 1016 Web Assistant Updater - ok
16:25:08.0838 1016 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
16:25:08.0854 1016 WebClient - ok
16:25:08.0869 1016 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:25:08.0885 1016 Wecsvc - ok
16:25:08.0901 1016 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:25:08.0901 1016 wercplsupport - ok
16:25:08.0932 1016 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:25:08.0947 1016 WerSvc - ok
16:25:08.0994 1016 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:25:08.0994 1016 WfpLwf - ok
16:25:09.0025 1016 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:25:09.0025 1016 WIMMount - ok
16:25:09.0072 1016 WinDefend - ok
16:25:09.0088 1016 WinHttpAutoProxySvc - ok
16:25:09.0135 1016 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:25:09.0150 1016 Winmgmt - ok
16:25:09.0244 1016 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
16:25:09.0275 1016 WinRM - ok
16:25:09.0415 1016 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:25:09.0431 1016 Wlansvc - ok
16:25:09.0493 1016 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:25:09.0493 1016 wlcrasvc - ok
16:25:09.0618 1016 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:25:09.0649 1016 wlidsvc - ok
16:25:09.0727 1016 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
16:25:09.0727 1016 WmiAcpi - ok
16:25:09.0790 1016 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:25:09.0790 1016 wmiApSrv - ok
16:25:09.0837 1016 WMPNetworkSvc - ok
16:25:09.0883 1016 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:25:09.0899 1016 WPCSvc - ok
16:25:09.0915 1016 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
16:25:09.0930 1016 WPDBusEnum - ok
16:25:09.0977 1016 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:25:09.0977 1016 ws2ifsl - ok
16:25:10.0008 1016 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
16:25:10.0008 1016 wscsvc - ok
16:25:10.0024 1016 WSearch - ok
16:25:10.0149 1016 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
16:25:10.0180 1016 wuauserv - ok
16:25:10.0273 1016 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:25:10.0289 1016 WudfPf - ok
16:25:10.0305 1016 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:25:10.0305 1016 WUDFRd - ok
16:25:10.0336 1016 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
16:25:10.0336 1016 wudfsvc - ok
16:25:10.0367 1016 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:25:10.0367 1016 WwanSvc - ok
16:25:10.0398 1016 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:25:11.0443 1016 \Device\Harddisk0\DR0 - ok
16:25:12.0114 1016 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:25:12.0317 1016 \Device\Harddisk1\DR1 - ok
16:25:12.0333 1016 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR3
16:25:15.0250 1016 \Device\Harddisk2\DR3 - ok
16:25:15.0297 1016 Boot (0x1200) (a33f24941161d842fbb88a41471599df) \Device\Harddisk0\DR0\Partition0
16:25:15.0297 1016 \Device\Harddisk0\DR0\Partition0 - ok
16:25:15.0297 1016 Boot (0x1200) (dec7192bb68f28e4c832c9a8b649a155) \Device\Harddisk1\DR1\Partition0
16:25:15.0312 1016 \Device\Harddisk1\DR1\Partition0 - ok
16:25:15.0312 1016 Boot (0x1200) (18df5e9d77e4dfd5d76f435a7a7db33a) \Device\Harddisk2\DR3\Partition0
16:25:15.0312 1016 \Device\Harddisk2\DR3\Partition0 - ok
16:25:15.0312 1016 ============================================================
16:25:15.0312 1016 Scan finished
16:25:15.0312 1016 ============================================================
16:25:15.0343 0240 Detected object count: 0
16:25:15.0343 0240 Actual detected object count: 0
16:25:29.0555 1456 Deinitialize success

The aswMBR info:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 16:26:27
-----------------------------
16:26:27.832 OS Version: Windows x64 6.1.7601 Service Pack 1
16:26:27.832 Number of processors: 2 586 0x2A07
16:26:27.832 ComputerName: JEFF-PC UserName: Jeff
16:26:29.673 Initialize success
16:26:29.845 AVAST engine defs: 12081100
16:27:38.169 The log file has been saved successfully to "C:\Users\Jeff\Documents\aswMBR.txt"

The ESET info:


C:\Users\Jeff\AppData\Local\Temp\soap0_wsdl.exe Win32/Reveton.H trojan cleaned by deleting - quarantined
C:\Users\Jeff\AppData\Local\Temp\V.class a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined
C:\Users\Jeff\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

I'm hoping that I'm all good now. If more needs be done, let me know. I really appreciate your help. I'll be sure to share it with anyone intersted. Cheers, Jeff

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:09 AM

Posted 11 August 2012 - 04:49 PM

ASWMBR log looks incomplete.Please scan again and post the new log


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 12 August 2012 - 09:02 PM

Hi and thanks again. I missed the scan on aswmbr the first go around. Here is the new scan log. I'm not sure if I go ahead and tell it to fix at this point? FixMBR button?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 21:26:01
-----------------------------
21:26:01.662 OS Version: Windows x64 6.1.7601 Service Pack 1
21:26:01.662 Number of processors: 2 586 0x2A07
21:26:01.662 ComputerName: JEFF-PC UserName: Jeff
21:26:03.363 Initialize success
21:26:04.158 AVAST engine defs: 12081201
21:26:30.725 The log file has been saved successfully to "C:\Users\Jeff\Documents\aswMBR2.txt"
21:27:17.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:27:17.246 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 3
21:27:17.262 Disk 0 MBR read successfully
21:27:17.277 Disk 0 MBR scan
21:27:17.277 Disk 0 Windows VISTA default MBR code
21:27:17.277 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:27:17.293 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289686 MB offset 3074048
21:27:17.324 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 596350976
21:27:17.355 Disk 0 scanning C:\windows\system32\drivers
21:27:33.735 Service scanning
21:28:16.667 Modules scanning
21:28:16.682 Disk 0 trace - called modules:
21:28:16.698 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:28:16.713 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f3a530]
21:28:16.729 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800498b050]
21:28:17.852 AVAST engine scan C:\windows
21:28:20.582 AVAST engine scan C:\windows\system32
21:30:47.332 AVAST engine scan C:\windows\system32\drivers
21:30:57.830 AVAST engine scan C:\Users\Jeff
21:44:57.206 AVAST engine scan C:\ProgramData
21:46:08.763 Scan finished successfully
21:46:24.316 Disk 0 MBR has been saved successfully to "C:\Users\Jeff\Documents\MBR.dat"
21:46:24.316 The log file has been saved successfully to "C:\Users\Jeff\Documents\aswMBR3.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:09 AM

Posted 12 August 2012 - 09:34 PM

Do not click FIXMBR,post the other logs

#7 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 12 August 2012 - 09:46 PM

I just reran the mbr scan in safe mode. Not sure if that matters. Do you want the new log?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:09 AM

Posted 12 August 2012 - 09:47 PM

Not needed

#9 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 12 August 2012 - 09:50 PM

OK proceeding with MBAM

#10 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 12 August 2012 - 10:52 PM

I installed and ran MBAM in Safe Mode with the following results as shown in the log. As I read it, no threats shown. Posting the log I copied following the scan. I will now reboot, start normally and rerun the scan and hopefully, if clean, proceed to the Mini Toolbox.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Jeff :: JEFF-PC [administrator]

Protection: Disabled

8/12/2012 11:12:05 PM
mbam-log-2012-08-12 (23-12-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324445
Time elapsed: 32 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0

#11 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 12 August 2012 - 11:44 PM

Clean Scan after reboot. :thumbsup: Now to Mini Toolbox

#12 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 13 August 2012 - 12:38 AM

Greetings, Hopefully these logs show all cleaned and restored. I want to thank you again for all your help, the programs and your patience. I thought I should share that lesson learned as to reckless surfing the web and downloading. I'll be playing World of Tanks, checking Facebook and email, Netflix and that's pretty much it. Ok, I'll probably use Google to find information now and then, but nothing else. Just not worth it.

I'll check back in a little while to see your comments, if any. Again, thanks so very much. The logs follow.

Mini Toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jeff (administrator) on 13-08-2012 at 00:47:42
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jeff-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : nccourts.org
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : E8-9A-8F-55-B4-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : D0-DF-9A-08-02-D1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::80e:a96:5e57:8cb0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.14(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 12, 2012 11:54:06 PM
Lease Expires . . . . . . . . . . : Monday, August 13, 2012 11:54:11 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 248569754
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-80-57-EF-D0-DF-9A-08-02-D1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FCA948D3-706F-43EA-9D33-3D06D371F216}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2001:4860:800a::8a
74.125.137.113
74.125.137.138
74.125.137.139
74.125.137.100
74.125.137.101
74.125.137.102


Pinging google.com [74.125.134.113] with 32 bytes of data:
Reply from 74.125.134.113: bytes=32 time=21ms TTL=48
Reply from 74.125.134.113: bytes=32 time=22ms TTL=48

Ping statistics for 74.125.134.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 22ms, Average = 21ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=36ms TTL=53
Reply from 209.191.122.70: bytes=32 time=39ms TTL=53

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 39ms, Average = 37ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
===========================================================================
Interface List
12...e8 9a 8f 55 b4 5d ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...d0 df 9a 08 02 d1 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.14 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.14 286
192.168.1.14 255.255.255.255 On-link 192.168.1.14 286
192.168.1.255 255.255.255.255 On-link 192.168.1.14 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.14 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.14 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 286 fe80::/64 On-link
11 286 fe80::80e:a96:5e57:8cb0/128
On-link
1 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/12/2012 11:55:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:58:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:25:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:23:26 PM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (08/12/2012 10:23:26 PM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (08/12/2012 10:17:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:10:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/12/2012 10:09:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/12/2012 08:29:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2012 05:45:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/12/2012 11:53:24 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (08/12/2012 10:56:51 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/12/2012 10:56:51 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/12/2012 10:56:49 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/12/2012 10:56:44 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/12/2012 10:56:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswSnx
aswSP
aswTdi
discache
spldr
Wanarpv6

Error: (08/12/2012 10:24:40 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/12/2012 10:24:40 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/12/2012 10:24:39 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/12/2012 10:24:33 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (08/12/2012 11:55:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:58:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:25:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:23:26 PM) (Source: IMFservice)(User: )
Description: The handle is invalid

Error: (08/12/2012 10:23:26 PM) (Source: IMFservice)(User: )
Description: The handle is invalid

Error: (08/12/2012 10:17:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 10:10:31 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Jeff\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\BX5HFTV9\esetsmartinstaller_enu.exe

Error: (08/12/2012 10:09:45 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/12/2012 08:29:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2012 05:45:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Advanced SystemCare 5 (Version: 5.4.0)
Ask Toolbar (Version: 1.12.2.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
avast! Free Antivirus (Version: 7.0.1456.0)
AVG 2011 (Version: 10.0.1388)
AVG 2011 (Version: 10.0.1390)
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1410)
AVG 2011 (Version: 10.0.1411)
AVG 2011 (Version: 10.0.1415)
AVG 2011 (Version: 10.0.1416)
Best Buy pc app (Version: 3.2.0.0)
Best Buy pc app (Version: 3.2.523.2)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conexant HD Audio (Version: 8.51.1.0)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
FastStone Image Viewer 4.6 (Version: 4.6)
Google Chrome (Version: 21.0.1180.75)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
HyperCam 2 (Version: 2.27.00)
Incredibar Toolbar on IE
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
IObit Malware Fighter (Version: 1.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Nitro PDF Reader 2 (Version: 2.0.0.29)
OpenOffice.org 3.3 (Version: 3.3.9567)
PhotoScape
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Realtek USB 2.0 Reader Driver (Version: 1.0.0.12)
Realtek WLAN Driver (Version: 2.00.0013)
Smart Defrag 2 (Version: 2.1)
Spotify (Version: 0.8.4.107.g4fa0003f)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.02.02)
Toshiba Book Place (Version: 2.2.6775)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.6 for x64)
TOSHIBA eco Utility (Version: 1.2.25.64)
TOSHIBA Face Recognition (Version: 3.1.8.64)
TOSHIBA Hardware Setup (Version: 4.08.06.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7)
TOSHIBA Media Controller (Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)
TOSHIBA PC Health Monitor (Version: 1.7.4.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Sleep Utility (Version: 1.4.2.7)
TOSHIBA Supervisor Password (Version: 4.08.06.00)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA Web Camera Application (Version: 2.0.0.19)
TOSHIBA Wireless LAN Indicator (Version: 1.0.3)
ToshibaRegistration (Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Web Assistant 2.0.0.462
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
World of Tanks

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 4043.86 MB
Available physical RAM: 2311.52 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 6103.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.55 MB

========================= Partitions: =====================================

1 Drive c: (TI106139W0E) (Fixed) (Total:282.9 GB) (Free:187.59 GB) NTFS
3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT
4 Drive f: (CRUZER 4G) (Removable) (Total:3.76 GB) (Free:3.33 GB) FAT32

========================= Users: ========================================

User accounts for \\JEFF-PC

Administrator Guest Jeff


FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Jeff (administrator) on 13-08-2012 at 00:54:34
Running from "C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7E2TLEL3"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Adware Cleaner:


# AdwCleaner v1.800 - Logfile created 08/13/2012 at 00:59:50
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jeff - JEFF-PC
# Running from : C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BX5HFTV9\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0
Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Jeff\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Jeff\AppData\Local\Conduit
Folder Deleted : C:\Users\Jeff\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Jeff\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Jeff\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jeff\AppData\Roaming\OpenCandy
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Software
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [22198 octets] - [13/08/2012 00:57:14]
AdwCleaner[S1].txt - [335 octets] - [13/08/2012 00:57:53]
AdwCleaner[R2].txt - [22318 octets] - [13/08/2012 00:59:39]
AdwCleaner[S2].txt - [16158 octets] - [13/08/2012 00:59:50]

########## EOF - C:\AdwCleaner[S2].txt - [16287 octets] ##########



**** End of log ****

Cheers, Jeff

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:09 AM

Posted 13 August 2012 - 12:44 AM

I can see you using two antivirus-AVG & avast.Please uninstall AVG

Uninstall Ask toolbar and Incredibar Toolbar on IE

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 13 August 2012 - 12:58 AM

Will do. I tried to open World of Tanks and it said the updater couldn't connect. Can you direct me on whether I need to name it somehwere to bypass software firewall, perhaps with one of the programs I've installed to fix the computer? I need to have World of Tanks.exe and WOTLauncher.exe in the safe applications list. I can't remember where to go. Dumb, I know. Hopefully this program isn't a source of infection???? If you don't know, it is a multi player online environment.

Thanks again, Jeff

I'll go do the other things you said in the meantime. Cheers.

#15 Bulldog1981

Bulldog1981
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 13 August 2012 - 01:04 AM

Used IOBIT Uninstaller to remove AVG. The toolbars aren't listed in the files? I'll try to search for them, but if you can direct me there too, I'd appreciate it. Thanks, Jeff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users