Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-direct/Random pop-ups


  • Please log in to reply
11 replies to this topic

#1 uga_dawgs24

uga_dawgs24

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 August 2012 - 09:49 AM

I noticed this morning that when I had googled something it had redirected me to other sites that wouldn't load. Tried again and it did end up redirecting me to google.com/webhp. A quick search turned up some other people with a similar problem but no real solutions. I had noticed recently (as of in the last 5 minutes), that I had been getting random pop-ups that when you try to close out you get the "are you sure, you will lose your chance to..." messages. I haven't done anything yet but I am in the process of backing up some of my important documents.

Thanks for any help.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 PM

Posted 20 August 2012 - 09:57 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 uga_dawgs24

uga_dawgs24
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 August 2012 - 10:07 AM

When I ran it it came up that it found something:
Virus.win32.zaccess.m
File: c:/windows/system32/services.exe

I cliked on cure (it was the default) and it rebooted.


10:59:46.0687 5108 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
10:59:46.0952 5108 ============================================================
10:59:46.0952 5108 Current date / time: 2012/08/20 10:59:46.0952
10:59:46.0952 5108 SystemInfo:
10:59:46.0952 5108
10:59:46.0952 5108 OS Version: 6.1.7601 ServicePack: 1.0
10:59:46.0952 5108 Product type: Workstation
10:59:46.0952 5108 ComputerName: DONALD-PC
10:59:46.0952 5108 UserName: Donald
10:59:46.0952 5108 Windows directory: C:\Windows
10:59:46.0952 5108 System windows directory: C:\Windows
10:59:46.0952 5108 Processor architecture: Intel x86
10:59:46.0952 5108 Number of processors: 4
10:59:46.0952 5108 Page size: 0x1000
10:59:46.0952 5108 Boot type: Normal boot
10:59:46.0952 5108 ============================================================
10:59:47.0872 5108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:59:47.0888 5108 ============================================================
10:59:47.0888 5108 \Device\Harddisk0\DR0:
10:59:47.0888 5108 MBR partitions:
10:59:47.0888 5108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
10:59:47.0888 5108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x3A2EF000
10:59:47.0888 5108 ============================================================
10:59:47.0888 5108 C: <-> \Device\Harddisk0\DR0\Partition2
10:59:47.0888 5108 ============================================================
10:59:47.0888 5108 Initialize success
10:59:47.0888 5108 ============================================================
11:00:16.0239 4592 ============================================================
11:00:16.0239 4592 Scan started
11:00:16.0239 4592 Mode: Manual; TDLFS;
11:00:16.0239 4592 ============================================================
11:00:19.0267 4592 ================ Scan system memory ========================
11:00:19.0267 4592 System memory - ok
11:00:19.0267 4592 ================ Scan services =============================
11:00:19.0455 4592 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:00:19.0455 4592 1394ohci - ok
11:00:19.0486 4592 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:00:19.0486 4592 ACPI - ok
11:00:19.0501 4592 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:00:19.0501 4592 AcpiPmi - ok
11:00:19.0579 4592 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:00:19.0579 4592 AdobeFlashPlayerUpdateSvc - ok
11:00:19.0611 4592 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:00:19.0626 4592 adp94xx - ok
11:00:19.0626 4592 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:00:19.0642 4592 adpahci - ok
11:00:19.0657 4592 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:00:19.0657 4592 adpu320 - ok
11:00:19.0689 4592 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:00:19.0689 4592 AeLookupSvc - ok
11:00:19.0720 4592 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
11:00:19.0735 4592 AFD - ok
11:00:19.0751 4592 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:00:19.0767 4592 agp440 - ok
11:00:19.0798 4592 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:00:19.0813 4592 aic78xx - ok
11:00:19.0829 4592 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:00:19.0829 4592 ALG - ok
11:00:19.0845 4592 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
11:00:19.0845 4592 aliide - ok
11:00:19.0860 4592 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:00:19.0876 4592 amdagp - ok
11:00:19.0876 4592 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
11:00:19.0891 4592 amdide - ok
11:00:19.0891 4592 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:00:19.0907 4592 AmdK8 - ok
11:00:19.0907 4592 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:00:19.0907 4592 AmdPPM - ok
11:00:19.0938 4592 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:00:19.0938 4592 amdsata - ok
11:00:19.0954 4592 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:00:19.0954 4592 amdsbs - ok
11:00:19.0969 4592 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:00:19.0969 4592 amdxata - ok
11:00:20.0001 4592 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
11:00:20.0016 4592 AppID - ok
11:00:20.0047 4592 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:00:20.0047 4592 AppIDSvc - ok
11:00:20.0079 4592 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
11:00:20.0079 4592 Appinfo - ok
11:00:20.0172 4592 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:00:20.0172 4592 Apple Mobile Device - ok
11:00:20.0219 4592 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:00:20.0219 4592 arc - ok
11:00:20.0235 4592 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:00:20.0235 4592 arcsas - ok
11:00:20.0250 4592 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:00:20.0250 4592 AsyncMac - ok
11:00:20.0281 4592 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
11:00:20.0281 4592 atapi - ok
11:00:20.0313 4592 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:00:20.0328 4592 AudioEndpointBuilder - ok
11:00:20.0328 4592 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:00:20.0328 4592 Audiosrv - ok
11:00:20.0359 4592 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:00:20.0359 4592 AxInstSV - ok
11:00:20.0375 4592 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:00:20.0391 4592 b06bdrv - ok
11:00:20.0422 4592 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:00:20.0422 4592 b57nd60x - ok
11:00:20.0453 4592 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:00:20.0453 4592 BDESVC - ok
11:00:20.0453 4592 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:00:20.0469 4592 Beep - ok
11:00:20.0469 4592 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:00:20.0469 4592 blbdrive - ok
11:00:20.0531 4592 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:00:20.0531 4592 Bonjour Service - ok
11:00:20.0562 4592 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:00:20.0562 4592 bowser - ok
11:00:20.0578 4592 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:00:20.0593 4592 BrFiltLo - ok
11:00:20.0593 4592 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:00:20.0593 4592 BrFiltUp - ok
11:00:20.0625 4592 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
11:00:20.0625 4592 Browser - ok
11:00:20.0656 4592 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:00:20.0656 4592 Brserid - ok
11:00:20.0671 4592 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:00:20.0671 4592 BrSerWdm - ok
11:00:20.0671 4592 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:00:20.0671 4592 BrUsbMdm - ok
11:00:20.0687 4592 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:00:20.0687 4592 BrUsbSer - ok
11:00:20.0703 4592 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:00:20.0703 4592 BTHMODEM - ok
11:00:20.0734 4592 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:00:20.0734 4592 bthserv - ok
11:00:20.0749 4592 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:00:20.0749 4592 cdfs - ok
11:00:20.0796 4592 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:00:20.0812 4592 cdrom - ok
11:00:20.0827 4592 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
11:00:20.0827 4592 CertPropSvc - ok
11:00:20.0843 4592 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:00:20.0843 4592 circlass - ok
11:00:20.0859 4592 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:00:20.0874 4592 CLFS - ok
11:00:20.0921 4592 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:00:20.0937 4592 clr_optimization_v2.0.50727_32 - ok
11:00:20.0999 4592 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:00:20.0999 4592 clr_optimization_v4.0.30319_32 - ok
11:00:21.0030 4592 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:00:21.0030 4592 CmBatt - ok
11:00:21.0061 4592 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:00:21.0061 4592 cmdide - ok
11:00:21.0093 4592 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
11:00:21.0108 4592 CNG - ok
11:00:21.0108 4592 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:00:21.0124 4592 Compbatt - ok
11:00:21.0139 4592 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:00:21.0139 4592 CompositeBus - ok
11:00:21.0155 4592 COMSysApp - ok
11:00:21.0171 4592 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:00:21.0171 4592 crcdisk - ok
11:00:21.0186 4592 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:00:21.0202 4592 CryptSvc - ok
11:00:21.0233 4592 [ B6672F62F75FB952D7AE7CB4E80011A9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:00:21.0249 4592 dc3d - ok
11:00:21.0280 4592 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:00:21.0295 4592 DcomLaunch - ok
11:00:21.0327 4592 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:00:21.0327 4592 defragsvc - ok
11:00:21.0358 4592 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:00:21.0358 4592 DfsC - ok
11:00:21.0389 4592 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:00:21.0389 4592 Dhcp - ok
11:00:21.0405 4592 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:00:21.0405 4592 discache - ok
11:00:21.0436 4592 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:00:21.0436 4592 Disk - ok
11:00:21.0467 4592 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:00:21.0467 4592 Dnscache - ok
11:00:21.0498 4592 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
11:00:21.0498 4592 dot3svc - ok
11:00:21.0529 4592 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
11:00:21.0545 4592 DPS - ok
11:00:21.0576 4592 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:00:21.0576 4592 drmkaud - ok
11:00:21.0623 4592 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:00:21.0623 4592 DXGKrnl - ok
11:00:21.0639 4592 [ A13F07A0422E4A04E7FF6F6F3B05E729 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
11:00:21.0654 4592 e1kexpress - ok
11:00:21.0685 4592 [ AF82DC664E3D8E2CBA3B95E68F6448A7 ] eamon C:\Windows\system32\DRIVERS\eamon.sys
11:00:21.0685 4592 eamon - ok
11:00:21.0732 4592 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:00:21.0732 4592 EapHost - ok
11:00:21.0826 4592 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:00:21.0904 4592 ebdrv - ok
11:00:21.0919 4592 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
11:00:21.0935 4592 EFS - ok
11:00:21.0966 4592 [ 686A799C1BF1B18941994DAF9F45DB06 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
11:00:21.0966 4592 ehdrv - ok
11:00:22.0029 4592 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:00:22.0044 4592 ehRecvr - ok
11:00:22.0060 4592 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:00:22.0060 4592 ehSched - ok
11:00:22.0091 4592 [ 9329BA45C8B97485926A171E34C2ABB8 ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
11:00:22.0091 4592 EhttpSrv - ok
11:00:22.0138 4592 [ 3543C6195D5ED4EDA0316D3E1BA0E6EE ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
11:00:22.0153 4592 ekrn - ok
11:00:22.0185 4592 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:00:22.0200 4592 elxstor - ok
11:00:22.0216 4592 [ 39F48A0784BE8465CD1AC80B36D61613 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
11:00:22.0216 4592 epfw - ok
11:00:22.0231 4592 [ 3B47010B2425B69826004767E59045BA ] Epfwndis C:\Windows\system32\DRIVERS\Epfwndis.sys
11:00:22.0231 4592 Epfwndis - ok
11:00:22.0247 4592 [ 702A4695CA4EBDEFA30235DDA300C9D0 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
11:00:22.0247 4592 epfwwfp - ok
11:00:22.0278 4592 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:00:22.0278 4592 ErrDev - ok
11:00:22.0309 4592 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:00:22.0325 4592 EventSystem - ok
11:00:22.0356 4592 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:00:22.0356 4592 exfat - ok
11:00:22.0372 4592 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:00:22.0387 4592 fastfat - ok
11:00:22.0419 4592 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
11:00:22.0434 4592 Fax - ok
11:00:22.0450 4592 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:00:22.0450 4592 fdc - ok
11:00:22.0481 4592 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:00:22.0481 4592 fdPHost - ok
11:00:22.0497 4592 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:00:22.0497 4592 FDResPub - ok
11:00:22.0512 4592 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:00:22.0512 4592 FileInfo - ok
11:00:22.0528 4592 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:00:22.0528 4592 Filetrace - ok
11:00:22.0543 4592 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:00:22.0543 4592 flpydisk - ok
11:00:22.0559 4592 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:00:22.0559 4592 FltMgr - ok
11:00:22.0590 4592 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
11:00:22.0606 4592 FontCache - ok
11:00:22.0668 4592 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:00:22.0668 4592 FontCache3.0.0.0 - ok
11:00:22.0684 4592 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:00:22.0684 4592 FsDepends - ok
11:00:22.0699 4592 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:00:22.0699 4592 Fs_Rec - ok
11:00:22.0731 4592 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:00:22.0731 4592 fvevol - ok
11:00:22.0746 4592 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:00:22.0746 4592 gagp30kx - ok
11:00:22.0793 4592 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:00:22.0809 4592 GEARAspiWDM - ok
11:00:22.0840 4592 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
11:00:22.0855 4592 gpsvc - ok
11:00:22.0949 4592 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:00:22.0949 4592 gupdate - ok
11:00:22.0965 4592 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:00:22.0965 4592 gupdatem - ok
11:00:22.0996 4592 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:00:22.0996 4592 hcw85cir - ok
11:00:23.0027 4592 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:00:23.0027 4592 HdAudAddService - ok
11:00:23.0058 4592 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:00:23.0058 4592 HDAudBus - ok
11:00:23.0089 4592 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
11:00:23.0089 4592 HECI - ok
11:00:23.0105 4592 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:00:23.0105 4592 HidBatt - ok
11:00:23.0121 4592 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:00:23.0121 4592 HidBth - ok
11:00:23.0136 4592 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:00:23.0136 4592 HidIr - ok
11:00:23.0183 4592 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
11:00:23.0183 4592 hidserv - ok
11:00:23.0214 4592 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:00:23.0214 4592 HidUsb - ok
11:00:23.0230 4592 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:00:23.0245 4592 hkmsvc - ok
11:00:23.0261 4592 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:00:23.0277 4592 HomeGroupListener - ok
11:00:23.0308 4592 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:00:23.0308 4592 HomeGroupProvider - ok
11:00:23.0401 4592 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:00:23.0401 4592 hpqcxs08 - ok
11:00:23.0417 4592 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:00:23.0417 4592 hpqddsvc - ok
11:00:23.0464 4592 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:00:23.0464 4592 HpSAMD - ok
11:00:23.0551 4592 [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:00:23.0561 4592 HPSLPSVC - ok
11:00:23.0601 4592 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:00:23.0611 4592 HTTP - ok
11:00:23.0621 4592 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:00:23.0621 4592 hwpolicy - ok
11:00:23.0651 4592 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:00:23.0651 4592 i8042prt - ok
11:00:23.0681 4592 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:00:23.0681 4592 iaStorV - ok
11:00:23.0721 4592 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:00:23.0741 4592 idsvc - ok
11:00:23.0771 4592 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:00:23.0771 4592 iirsp - ok
11:00:23.0811 4592 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
11:00:23.0821 4592 IKEEXT - ok
11:00:23.0901 4592 [ 810AD686E0C342817B24A631F734850C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:00:23.0941 4592 IntcAzAudAddService - ok
11:00:23.0971 4592 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
11:00:23.0971 4592 intelide - ok
11:00:24.0021 4592 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:00:24.0021 4592 intelppm - ok
11:00:24.0041 4592 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:00:24.0051 4592 IPBusEnum - ok
11:00:24.0061 4592 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:00:24.0061 4592 IpFilterDriver - ok
11:00:24.0071 4592 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:00:24.0071 4592 IPMIDRV - ok
11:00:24.0091 4592 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:00:24.0091 4592 IPNAT - ok
11:00:24.0151 4592 [ 6E27978A4755F4789F912F5F49392F7C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:00:24.0161 4592 iPod Service - ok
11:00:24.0181 4592 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:00:24.0181 4592 IRENUM - ok
11:00:24.0191 4592 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:00:24.0191 4592 isapnp - ok
11:00:24.0211 4592 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:00:24.0211 4592 iScsiPrt - ok
11:00:24.0231 4592 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:00:24.0231 4592 kbdclass - ok
11:00:24.0241 4592 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:00:24.0241 4592 kbdhid - ok
11:00:24.0261 4592 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
11:00:24.0261 4592 KeyIso - ok
11:00:24.0281 4592 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:00:24.0291 4592 KSecDD - ok
11:00:24.0311 4592 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:00:24.0321 4592 KSecPkg - ok
11:00:24.0341 4592 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:00:24.0351 4592 KtmRm - ok
11:00:24.0371 4592 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
11:00:24.0371 4592 LanmanServer - ok
11:00:24.0381 4592 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:00:24.0381 4592 LanmanWorkstation - ok
11:00:24.0461 4592 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
11:00:24.0461 4592 LicCtrlService - ok
11:00:24.0501 4592 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:00:24.0501 4592 lltdio - ok
11:00:24.0521 4592 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:00:24.0531 4592 lltdsvc - ok
11:00:24.0541 4592 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:00:24.0541 4592 lmhosts - ok
11:00:24.0591 4592 [ 1D82A01A368255FE78C65CF66B5B8281 ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:00:24.0601 4592 LMS - ok
11:00:24.0621 4592 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:00:24.0621 4592 LSI_FC - ok
11:00:24.0631 4592 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:00:24.0641 4592 LSI_SAS - ok
11:00:24.0651 4592 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:00:24.0651 4592 LSI_SAS2 - ok
11:00:24.0661 4592 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:00:24.0661 4592 LSI_SCSI - ok
11:00:24.0691 4592 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:00:24.0691 4592 luafv - ok
11:00:24.0721 4592 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:00:24.0721 4592 Mcx2Svc - ok
11:00:24.0741 4592 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:00:24.0741 4592 megasas - ok
11:00:24.0771 4592 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:00:24.0771 4592 MegaSR - ok
11:00:24.0801 4592 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:00:24.0801 4592 MMCSS - ok
11:00:24.0811 4592 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:00:24.0811 4592 Modem - ok
11:00:24.0831 4592 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:00:24.0831 4592 monitor - ok
11:00:24.0871 4592 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:00:24.0881 4592 mouclass - ok
11:00:24.0881 4592 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:00:24.0891 4592 mouhid - ok
11:00:24.0911 4592 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:00:24.0911 4592 mountmgr - ok
11:00:24.0991 4592 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:00:25.0001 4592 MozillaMaintenance - ok
11:00:25.0021 4592 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
11:00:25.0031 4592 mpio - ok
11:00:25.0041 4592 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:00:25.0051 4592 mpsdrv - ok
11:00:25.0071 4592 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:00:25.0071 4592 MRxDAV - ok
11:00:25.0111 4592 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:00:25.0111 4592 mrxsmb - ok
11:00:25.0141 4592 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:00:25.0141 4592 mrxsmb10 - ok
11:00:25.0151 4592 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:00:25.0161 4592 mrxsmb20 - ok
11:00:25.0181 4592 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
11:00:25.0181 4592 msahci - ok
11:00:25.0201 4592 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:00:25.0201 4592 msdsm - ok
11:00:25.0221 4592 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:00:25.0231 4592 MSDTC - ok
11:00:25.0241 4592 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:00:25.0241 4592 Msfs - ok
11:00:25.0251 4592 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:00:25.0251 4592 mshidkmdf - ok
11:00:25.0281 4592 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:00:25.0281 4592 msisadrv - ok
11:00:25.0301 4592 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:00:25.0301 4592 MSiSCSI - ok
11:00:25.0311 4592 msiserver - ok
11:00:25.0321 4592 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:00:25.0331 4592 MSKSSRV - ok
11:00:25.0331 4592 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:00:25.0341 4592 MSPCLOCK - ok
11:00:25.0341 4592 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:00:25.0341 4592 MSPQM - ok
11:00:25.0361 4592 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:00:25.0361 4592 MsRPC - ok
11:00:25.0371 4592 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:00:25.0371 4592 mssmbios - ok
11:00:25.0381 4592 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:00:25.0381 4592 MSTEE - ok
11:00:25.0391 4592 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:00:25.0391 4592 MTConfig - ok
11:00:25.0401 4592 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:00:25.0411 4592 Mup - ok
11:00:25.0431 4592 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
11:00:25.0441 4592 napagent - ok
11:00:25.0461 4592 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:00:25.0471 4592 NativeWifiP - ok
11:00:25.0491 4592 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:00:25.0501 4592 NDIS - ok
11:00:25.0511 4592 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:00:25.0511 4592 NdisCap - ok
11:00:25.0531 4592 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:00:25.0531 4592 NdisTapi - ok
11:00:25.0561 4592 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:00:25.0561 4592 Ndisuio - ok
11:00:25.0591 4592 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:00:25.0591 4592 NdisWan - ok
11:00:25.0601 4592 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:00:25.0611 4592 NDProxy - ok
11:00:25.0641 4592 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:00:25.0641 4592 Net Driver HPZ12 - ok
11:00:25.0661 4592 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:00:25.0661 4592 NetBIOS - ok
11:00:25.0691 4592 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:00:25.0701 4592 NetBT - ok
11:00:25.0701 4592 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
11:00:25.0711 4592 Netlogon - ok
11:00:25.0751 4592 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:00:25.0751 4592 Netman - ok
11:00:25.0781 4592 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:00:25.0781 4592 netprofm - ok
11:00:25.0801 4592 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:00:25.0801 4592 NetTcpPortSharing - ok
11:00:25.0821 4592 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:00:25.0821 4592 nfrd960 - ok
11:00:25.0851 4592 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:00:25.0861 4592 NlaSvc - ok
11:00:25.0871 4592 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:00:25.0881 4592 Npfs - ok
11:00:25.0891 4592 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:00:25.0891 4592 nsi - ok
11:00:25.0901 4592 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:00:25.0901 4592 nsiproxy - ok
11:00:25.0931 4592 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:00:25.0971 4592 Ntfs - ok
11:00:25.0971 4592 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:00:25.0981 4592 Null - ok
11:00:26.0131 4592 [ 183D63BC27381D96E3B409116FEB50FD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:00:26.0261 4592 nvlddmkm - ok
11:00:26.0291 4592 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:00:26.0291 4592 nvraid - ok
11:00:26.0321 4592 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:00:26.0321 4592 nvstor - ok
11:00:26.0351 4592 [ C0C06EDC2F4BC1FC12BA2C3687027C04 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:00:26.0351 4592 nvsvc - ok
11:00:26.0361 4592 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:00:26.0371 4592 nv_agp - ok
11:00:26.0381 4592 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:00:26.0381 4592 ohci1394 - ok
11:00:26.0441 4592 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:00:26.0451 4592 ose - ok
11:00:26.0556 4592 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:00:26.0619 4592 osppsvc - ok
11:00:26.0650 4592 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:00:26.0650 4592 p2pimsvc - ok
11:00:26.0681 4592 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
11:00:26.0697 4592 p2psvc - ok
11:00:26.0728 4592 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:00:26.0728 4592 Parport - ok
11:00:26.0759 4592 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:00:26.0759 4592 partmgr - ok
11:00:26.0775 4592 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
11:00:26.0775 4592 Parvdm - ok
11:00:26.0790 4592 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:00:26.0790 4592 PcaSvc - ok
11:00:26.0821 4592 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
11:00:26.0821 4592 pci - ok
11:00:26.0853 4592 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
11:00:26.0868 4592 pciide - ok
11:00:26.0884 4592 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:00:26.0884 4592 pcmcia - ok
11:00:26.0899 4592 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:00:26.0899 4592 pcw - ok
11:00:26.0931 4592 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:00:26.0931 4592 PEAUTH - ok
11:00:26.0977 4592 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
11:00:27.0009 4592 pla - ok
11:00:27.0040 4592 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:00:27.0055 4592 PlugPlay - ok
11:00:27.0087 4592 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:00:27.0087 4592 Pml Driver HPZ12 - ok
11:00:27.0118 4592 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:00:27.0118 4592 PNRPAutoReg - ok
11:00:27.0133 4592 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:00:27.0133 4592 PNRPsvc - ok
11:00:27.0165 4592 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:00:27.0180 4592 PolicyAgent - ok
11:00:27.0196 4592 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
11:00:27.0211 4592 Power - ok
11:00:27.0227 4592 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:00:27.0243 4592 PptpMiniport - ok
11:00:27.0258 4592 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:00:27.0258 4592 Processor - ok
11:00:27.0289 4592 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
11:00:27.0289 4592 ProfSvc - ok
11:00:27.0305 4592 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:00:27.0305 4592 ProtectedStorage - ok
11:00:27.0321 4592 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:00:27.0321 4592 Psched - ok
11:00:27.0352 4592 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:00:27.0383 4592 ql2300 - ok
11:00:27.0383 4592 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:00:27.0399 4592 ql40xx - ok
11:00:27.0414 4592 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:00:27.0430 4592 QWAVE - ok
11:00:27.0430 4592 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:00:27.0430 4592 QWAVEdrv - ok
11:00:27.0445 4592 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:00:27.0445 4592 RasAcd - ok
11:00:27.0461 4592 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:00:27.0461 4592 RasAgileVpn - ok
11:00:27.0477 4592 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:00:27.0477 4592 RasAuto - ok
11:00:27.0492 4592 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:00:27.0492 4592 Rasl2tp - ok
11:00:27.0523 4592 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
11:00:27.0523 4592 RasMan - ok
11:00:27.0539 4592 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:00:27.0555 4592 RasPppoe - ok
11:00:27.0555 4592 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:00:27.0555 4592 RasSstp - ok
11:00:27.0586 4592 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:00:27.0586 4592 rdbss - ok
11:00:27.0601 4592 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:00:27.0601 4592 rdpbus - ok
11:00:27.0633 4592 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:00:27.0633 4592 RDPCDD - ok
11:00:27.0664 4592 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:00:27.0664 4592 RDPENCDD - ok
11:00:27.0679 4592 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:00:27.0679 4592 RDPREFMP - ok
11:00:27.0695 4592 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:00:27.0711 4592 RDPWD - ok
11:00:27.0726 4592 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:00:27.0742 4592 rdyboost - ok
11:00:27.0757 4592 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:00:27.0773 4592 RemoteAccess - ok
11:00:27.0789 4592 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:00:27.0804 4592 RemoteRegistry - ok
11:00:27.0804 4592 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:00:27.0804 4592 RpcEptMapper - ok
11:00:27.0820 4592 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:00:27.0820 4592 RpcLocator - ok
11:00:27.0835 4592 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
11:00:27.0835 4592 RpcSs - ok
11:00:27.0867 4592 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:00:27.0867 4592 rspndr - ok
11:00:27.0898 4592 [ CB2CDDE9DE96A5BDCA650558BE9D75A9 ] rtl819xp C:\Windows\system32\DRIVERS\rtl819xp.sys
11:00:27.0913 4592 rtl819xp - ok
11:00:27.0913 4592 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
11:00:27.0929 4592 SamSs - ok
11:00:27.0945 4592 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:00:27.0960 4592 sbp2port - ok
11:00:27.0976 4592 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:00:27.0991 4592 SCardSvr - ok
11:00:28.0007 4592 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:00:28.0023 4592 scfilter - ok
11:00:28.0054 4592 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
11:00:28.0069 4592 Schedule - ok
11:00:28.0085 4592 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:00:28.0085 4592 SCPolicySvc - ok
11:00:28.0101 4592 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:00:28.0116 4592 SDRSVC - ok
11:00:28.0132 4592 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:00:28.0132 4592 secdrv - ok
11:00:28.0147 4592 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:00:28.0147 4592 seclogon - ok
11:00:28.0163 4592 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
11:00:28.0163 4592 SENS - ok
11:00:28.0194 4592 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:00:28.0194 4592 SensrSvc - ok
11:00:28.0210 4592 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:00:28.0210 4592 Serenum - ok
11:00:28.0241 4592 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:00:28.0241 4592 Serial - ok
11:00:28.0272 4592 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:00:28.0272 4592 sermouse - ok
11:00:28.0303 4592 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
11:00:28.0319 4592 SessionEnv - ok
11:00:28.0319 4592 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:00:28.0319 4592 sffdisk - ok
11:00:28.0335 4592 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:00:28.0335 4592 sffp_mmc - ok
11:00:28.0350 4592 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:00:28.0350 4592 sffp_sd - ok
11:00:28.0366 4592 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:00:28.0366 4592 sfloppy - ok
11:00:28.0381 4592 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:00:28.0397 4592 ShellHWDetection - ok
11:00:28.0413 4592 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:00:28.0413 4592 sisagp - ok
11:00:28.0428 4592 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:00:28.0428 4592 SiSRaid2 - ok
11:00:28.0444 4592 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:00:28.0444 4592 SiSRaid4 - ok
11:00:28.0491 4592 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:00:28.0522 4592 SkypeUpdate - ok
11:00:28.0537 4592 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:00:28.0537 4592 Smb - ok
11:00:28.0569 4592 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:00:28.0569 4592 SNMPTRAP - ok
11:00:28.0584 4592 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:00:28.0584 4592 spldr - ok
11:00:28.0615 4592 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
11:00:28.0615 4592 Spooler - ok
11:00:28.0693 4592 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
11:00:28.0756 4592 sppsvc - ok
11:00:28.0787 4592 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:00:28.0787 4592 sppuinotify - ok
11:00:28.0818 4592 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:00:28.0818 4592 srv - ok
11:00:28.0834 4592 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:00:28.0834 4592 srv2 - ok
11:00:28.0849 4592 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:00:28.0865 4592 srvnet - ok
11:00:28.0896 4592 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:00:28.0896 4592 SSDPSRV - ok
11:00:28.0927 4592 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:00:28.0927 4592 SstpSvc - ok
11:00:28.0959 4592 [ 004401AA9E3780DE7DA79A3E05A4520A ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:00:28.0974 4592 Stereo Service - ok
11:00:28.0990 4592 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:00:28.0990 4592 stexstor - ok
11:00:29.0021 4592 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:00:29.0021 4592 StillCam - ok
11:00:29.0052 4592 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
11:00:29.0052 4592 StiSvc - ok
11:00:29.0083 4592 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
11:00:29.0099 4592 swenum - ok
11:00:29.0130 4592 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:00:29.0130 4592 swprv - ok
11:00:29.0177 4592 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
11:00:29.0193 4592 SysMain - ok
11:00:29.0208 4592 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:00:29.0208 4592 TabletInputService - ok
11:00:29.0239 4592 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
11:00:29.0239 4592 TapiSrv - ok
11:00:29.0255 4592 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:00:29.0255 4592 TBS - ok
11:00:29.0317 4592 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:00:29.0349 4592 Tcpip - ok
11:00:29.0380 4592 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:00:29.0380 4592 TCPIP6 - ok
11:00:29.0411 4592 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:00:29.0411 4592 tcpipreg - ok
11:00:29.0442 4592 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:00:29.0442 4592 TDPIPE - ok
11:00:29.0442 4592 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:00:29.0458 4592 TDTCP - ok
11:00:29.0458 4592 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:00:29.0458 4592 tdx - ok
11:00:29.0489 4592 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:00:29.0489 4592 TermDD - ok
11:00:29.0520 4592 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
11:00:29.0536 4592 TermService - ok
11:00:29.0551 4592 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:00:29.0567 4592 Themes - ok
11:00:29.0567 4592 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:00:29.0583 4592 THREADORDER - ok
11:00:29.0583 4592 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:00:29.0598 4592 TrkWks - ok
11:00:29.0629 4592 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:00:29.0629 4592 TrustedInstaller - ok
11:00:29.0645 4592 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:00:29.0645 4592 tssecsrv - ok
11:00:29.0676 4592 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:00:29.0692 4592 TsUsbFlt - ok
11:00:29.0723 4592 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:00:29.0723 4592 tunnel - ok
11:00:29.0754 4592 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:00:29.0754 4592 uagp35 - ok
11:00:29.0785 4592 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:00:29.0785 4592 udfs - ok
11:00:29.0817 4592 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:00:29.0817 4592 UI0Detect - ok
11:00:29.0848 4592 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:00:29.0848 4592 uliagpkx - ok
11:00:29.0879 4592 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
11:00:29.0879 4592 umbus - ok
11:00:29.0895 4592 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:00:29.0895 4592 UmPass - ok
11:00:29.0973 4592 [ C6142B8CB72558D91CEA8E38F1B7D905 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:00:30.0004 4592 UNS - ok
11:00:30.0019 4592 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:00:30.0035 4592 upnphost - ok
11:00:30.0035 4592 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:00:30.0035 4592 usbccgp - ok
11:00:30.0051 4592 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:00:30.0051 4592 usbcir - ok
11:00:30.0082 4592 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:00:30.0082 4592 usbehci - ok
11:00:30.0113 4592 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:00:30.0113 4592 usbhub - ok
11:00:30.0129 4592 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:00:30.0129 4592 usbohci - ok
11:00:30.0160 4592 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:00:30.0160 4592 usbprint - ok
11:00:30.0175 4592 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
11:00:30.0175 4592 USBSTOR - ok
11:00:30.0191 4592 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:00:30.0191 4592 usbuhci - ok
11:00:30.0222 4592 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:00:30.0222 4592 UxSms - ok
11:00:30.0222 4592 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
11:00:30.0222 4592 VaultSvc - ok
11:00:30.0253 4592 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:00:30.0253 4592 vdrvroot - ok
11:00:30.0269 4592 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
11:00:30.0285 4592 vds - ok
11:00:30.0300 4592 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:00:30.0300 4592 vga - ok
11:00:30.0316 4592 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:00:30.0316 4592 VgaSave - ok
11:00:30.0331 4592 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:00:30.0331 4592 vhdmp - ok
11:00:30.0347 4592 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:00:30.0363 4592 viaagp - ok
11:00:30.0363 4592 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
11:00:30.0378 4592 ViaC7 - ok
11:00:30.0378 4592 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
11:00:30.0378 4592 viaide - ok
11:00:30.0394 4592 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:00:30.0394 4592 volmgr - ok
11:00:30.0409 4592 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:00:30.0425 4592 volmgrx - ok
11:00:30.0425 4592 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:00:30.0441 4592 volsnap - ok
11:00:30.0456 4592 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:00:30.0456 4592 vsmraid - ok
11:00:30.0503 4592 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
11:00:30.0519 4592 VSS - ok
11:00:30.0534 4592 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:00:30.0534 4592 vwifibus - ok
11:00:30.0565 4592 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:00:30.0565 4592 vwififlt - ok
11:00:30.0597 4592 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:00:30.0612 4592 W32Time - ok
11:00:30.0628 4592 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:00:30.0628 4592 WacomPen - ok
11:00:30.0659 4592 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:00:30.0659 4592 WANARP - ok
11:00:30.0659 4592 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:00:30.0659 4592 Wanarpv6 - ok
11:00:30.0706 4592 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:00:30.0737 4592 WatAdminSvc - ok
11:00:30.0768 4592 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
11:00:30.0799 4592 wbengine - ok
11:00:30.0831 4592 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:00:30.0831 4592 WbioSrvc - ok
11:00:30.0862 4592 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:00:30.0862 4592 wcncsvc - ok
11:00:30.0877 4592 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:00:30.0877 4592 WcsPlugInService - ok
11:00:30.0909 4592 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:00:30.0909 4592 Wd - ok
11:00:30.0924 4592 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:00:30.0940 4592 Wdf01000 - ok
11:00:30.0940 4592 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:00:30.0955 4592 WdiServiceHost - ok
11:00:30.0955 4592 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:00:30.0955 4592 WdiSystemHost - ok
11:00:30.0971 4592 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
11:00:30.0987 4592 WebClient - ok
11:00:30.0987 4592 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:00:31.0002 4592 Wecsvc - ok
11:00:31.0002 4592 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:00:31.0018 4592 wercplsupport - ok
11:00:31.0018 4592 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:00:31.0018 4592 WerSvc - ok
11:00:31.0049 4592 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:00:31.0049 4592 WfpLwf - ok
11:00:31.0065 4592 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:00:31.0065 4592 WIMMount - ok
11:00:31.0065 4592 WinHttpAutoProxySvc - ok
11:00:31.0111 4592 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:00:31.0127 4592 Winmgmt - ok
11:00:31.0158 4592 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
11:00:31.0174 4592 WinRM - ok
11:00:31.0221 4592 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:00:31.0236 4592 Wlansvc - ok
11:00:31.0267 4592 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:00:31.0267 4592 WmiAcpi - ok
11:00:31.0283 4592 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:00:31.0283 4592 wmiApSrv - ok
11:00:31.0345 4592 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:00:31.0361 4592 WMPNetworkSvc - ok
11:00:31.0377 4592 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:00:31.0377 4592 WPCSvc - ok
11:00:31.0408 4592 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:00:31.0408 4592 WPDBusEnum - ok
11:00:31.0439 4592 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:00:31.0439 4592 ws2ifsl - ok
11:00:31.0455 4592 WSearch - ok
11:00:31.0455 4592 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:00:31.0470 4592 WudfPf - ok
11:00:31.0501 4592 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:00:31.0517 4592 WUDFRd - ok
11:00:31.0533 4592 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:00:31.0533 4592 wudfsvc - ok
11:00:31.0564 4592 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:00:31.0564 4592 WwanSvc - ok
11:00:31.0595 4592 ================ Scan global ===============================
11:00:31.0621 4592 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:00:31.0651 4592 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:00:31.0661 4592 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:00:31.0681 4592 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:00:31.0721 4592 [ A302BBFF2A7278C0E239EE5D471D86A9 ] C:\Windows\system32\services.exe
11:00:31.0731 4592 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
11:00:31.0731 4592 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
11:00:31.0731 4592 ================ Scan MBR ==================================
11:00:31.0741 4592 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:00:31.0981 4592 \Device\Harddisk0\DR0 - ok
11:00:31.0981 4592 ================ Scan VBR ==================================
11:00:31.0991 4592 [ 0B2D20D49AF3CF0D7DFE4B571C9F8DD5 ] \Device\Harddisk0\DR0\Partition1
11:00:31.0991 4592 \Device\Harddisk0\DR0\Partition1 - ok
11:00:32.0021 4592 [ 2F0C0C619791752FDF6865C118F497AE ] \Device\Harddisk0\DR0\Partition2
11:00:32.0021 4592 \Device\Harddisk0\DR0\Partition2 - ok
11:00:32.0021 4592 ============================================================
11:00:32.0021 4592 Scan finished
11:00:32.0021 4592 ============================================================
11:00:32.0031 2476 Detected object count: 1
11:00:32.0031 2476 Actual detected object count: 1
11:01:39.0369 2476 C:\Windows\system32\services.exe - copied to quarantine
11:01:40.0477 2476 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
11:01:40.0633 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\@ - copied to quarantine
11:01:40.0648 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\L\00000004.@ - copied to quarantine
11:01:40.0664 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\L\201d3dde - copied to quarantine
11:01:40.0664 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\n - copied to quarantine
11:01:40.0679 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\00000004.@ - copied to quarantine
11:01:40.0679 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\00000008.@ - copied to quarantine
11:01:40.0679 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\000000cb.@ - copied to quarantine
11:01:40.0695 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\80000000.@ - copied to quarantine
11:01:40.0726 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\80000032.@ - copied to quarantine
11:01:40.0757 2476 C:\Users\Donald\AppData\Local\{f9c91f34-000c-b03a-500c-ff8afcf65529}\@ - copied to quarantine
11:01:40.0757 2476 C:\Users\Donald\AppData\Local\{f9c91f34-000c-b03a-500c-ff8afcf65529}\n - copied to quarantine
11:01:42.0957 2476 Backup copy found, using it..
11:01:43.0097 2476 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
11:01:43.0097 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\@ - will be deleted on reboot
11:01:43.0097 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\n - will be deleted on reboot
11:01:43.0097 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\00000004.@ - will be deleted on reboot
11:01:43.0097 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\00000008.@ - will be deleted on reboot
11:01:43.0097 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\000000cb.@ - will be deleted on reboot
11:01:43.0097 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\80000000.@ - will be deleted on reboot
11:01:43.0097 2476 C:\Windows\installer\{f9c91f34-000c-b03a-500c-ff8afcf65529}\U\80000032.@ - will be deleted on reboot
11:01:43.0097 2476 C:\Users\Donald\AppData\Local\{f9c91f34-000c-b03a-500c-ff8afcf65529}\@ - will be deleted on reboot
11:01:43.0097 2476 C:\Users\Donald\AppData\Local\{f9c91f34-000c-b03a-500c-ff8afcf65529}\n - will be deleted on reboot
11:01:43.0097 2476 C:\Windows\system32\services.exe - will be cured on reboot
11:01:43.0097 2476 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
11:02:08.0962 3900 Deinitialize success


This log was on my c drive too:
11:03:38.0156 2512 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
11:03:38.0187 2512 ============================================================
11:03:38.0187 2512 Current date / time: 2012/08/20 11:03:38.0187
11:03:38.0187 2512 SystemInfo:
11:03:38.0187 2512
11:03:38.0187 2512 OS Version: 6.1.7601 ServicePack: 1.0
11:03:38.0187 2512 Product type: Workstation
11:03:38.0187 2512 ComputerName: DONALD-PC
11:03:38.0187 2512 UserName: Donald
11:03:38.0187 2512 Windows directory: C:\Windows
11:03:38.0187 2512 System windows directory: C:\Windows
11:03:38.0187 2512 Processor architecture: Intel x86
11:03:38.0187 2512 Number of processors: 4
11:03:38.0187 2512 Page size: 0x1000
11:03:38.0187 2512 Boot type: Normal boot
11:03:38.0187 2512 ============================================================
11:03:39.0107 2512 BG loaded
11:03:39.0419 2512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:03:39.0419 2512 ============================================================
11:03:39.0419 2512 \Device\Harddisk0\DR0:
11:03:39.0419 2512 MBR partitions:
11:03:39.0419 2512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
11:03:39.0419 2512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x3A2EF000
11:03:39.0419 2512 ============================================================
11:03:39.0435 2512 C: <-> \Device\Harddisk0\DR0\Partition2
11:03:39.0435 2512 ============================================================
11:03:39.0435 2512 Initialize success
11:03:39.0435 2512 ============================================================
11:03:46.0591 2464 Deinitialize success

#4 uga_dawgs24

uga_dawgs24
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 August 2012 - 10:12 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 11:08:17
-----------------------------
11:08:17.750 OS Version: Windows 6.1.7601 Service Pack 1
11:08:17.750 Number of processors: 4 586 0x2502
11:08:17.750 ComputerName: DONALD-PC UserName: Donald
11:08:35.690 Initialize success
11:10:21.517 AVAST engine defs: 12082000
11:10:28.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
11:10:28.615 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
11:10:28.631 Disk 0 MBR read successfully
11:10:28.631 Disk 0 MBR scan
11:10:28.646 Disk 0 Windows 7 default MBR code
11:10:28.646 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
11:10:28.662 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476638 MB offset 616448
11:10:28.662 Disk 0 scanning sectors +976771072
11:10:28.740 Disk 0 scanning C:\Windows\system32\drivers
11:10:44.340 Service scanning
11:11:11.000 Modules scanning
11:11:18.286 Disk 0 trace - called modules:
11:11:18.317 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:11:18.816 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867c0030]
11:11:18.816 3 CLASSPNP.SYS[8c1cc59e] -> nt!IofCallDriver -> [0x8629a918]
11:11:18.832 5 ACPI.sys[8bebf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x8629c030]
11:11:28.036 AVAST engine scan C:\Windows
11:11:28.628 Disk 0 MBR has been saved successfully to "C:\Users\Donald\Desktop\MBR.dat"
11:11:28.628 The log file has been saved successfully to "C:\Users\Donald\Desktop\aswMBR.txt"

#5 uga_dawgs24

uga_dawgs24
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 August 2012 - 11:11 AM

finally the last one...

C:\TDSSKiller_Quarantine\20.08.2012_10.59.46\zasubsys0000\file0000\tsk0000.dta Win32/Sirefef.FC trojan deleted - quarantined
C:\TDSSKiller_Quarantine\20.08.2012_10.59.46\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\20.08.2012_10.59.46\zasubsys0000\zafs0000\tsk0004.dta Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.08.2012_10.59.46\zasubsys0000\zafs0000\tsk0005.dta Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.08.2012_10.59.46\zasubsys0000\zafs0000\tsk0007.dta Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.08.2012_10.59.46\zasubsys0000\zafs0000\tsk0008.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.08.2012_10.59.46\zasubsys0000\zafs0000\tsk0009.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\20.08.2012_10.59.46\zasubsys0000\zafs0000\tsk0011.dta Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\60a4816\MS60a4_302.exe Win32/Adware.VirusAlarmPro application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\Update\seupd.exe NSIS/TrojanClicker.Agent.BR.Gen trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\bdWSWSy.dll a variant of Win32/Cimag.DG trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\iwadifem.dll a variant of Win32/Cimag.CK trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\0ea30[1].exe Win32/Adware.VirusAlarmPro application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\cgbvd[1].htm a variant of Win32/Cimag.DG trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\index[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\index[2].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\index[3].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\movies[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\mqupjickr[1].htm Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\newsecureapp70700[2].exe a variant of Win32/Kryptik.GJT trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\nezgb[2].htm Win32/TrojanDownloader.Small.NIY trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\qhysq[1].htm Win32/Agent.QNF trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9MX3V6B\videos[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWLQGLLN\107a490115a3d654ebcdd35f344406471d513015511[1].js JS/Fraud.NAB trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWLQGLLN\i2[1].html Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWLQGLLN\index[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWLQGLLN\izqlfr[1].htm a variant of Win32/Ertfor.A trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWLQGLLN\vh[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWLQGLLN\videos[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWLQGLLN\vzgbidyje[1].htm NSIS/TrojanClicker.Agent.BR.Gen trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\I81WO4AD\afr[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\I81WO4AD\GDXbuEXtAjl107_302[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\I81WO4AD\index[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\I81WO4AD\izqlfr[2].htm a variant of Win32/Ertfor.A trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\I81WO4AD\movies[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\I81WO4AD\videos[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\I81WO4AD\Watch%20a%20huge%20collection%20of%20trailers[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\I81WO4AD\www1_my-protection11_in[1].htm HTML/TrojanDownloader.FraudLoad.NAC.Gen trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\index[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\index[2].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\movies[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\movies[2].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\mqupjickr[1].htm Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\packupdate107_302[1].exe Win32/TrojanDownloader.FakeAlert.AEY trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\qhysq[1].htm Win32/Agent.QNF trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\vR107_302[1].php Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E\vzgbidyje[1].htm NSIS/TrojanClicker.Agent.BR.Gen trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QYSENY0W\google_com[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\mpswcovlf\msqrrreshdw.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\0.5212797361687711.exe a variant of Win32/Kryptik.GPR trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\3iQ93c79.exe a variant of Win32/Olmarik.ADC trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\5yWS5.exe a variant of Win32/Olmarik.ADC trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\knam.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\MYW9u1m9.exe a variant of Win32/Olmarik.ADC trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\Oc0.exe a variant of Win32/Kryptik.GJE trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\Oc1.exe a variant of Win32/Kryptik.GJE trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\Oc2.exe a variant of Win32/Kryptik.GJE trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\Oc3.exe a variant of Win32/Kryptik.GJE trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\Oc4.exe a variant of Win32/Kryptik.GJE trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\Ocz.exe a variant of Win32/Kryptik.GJE trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\oscanxwemr.exe a variant of Win32/Kryptik.GJT trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\packupdate107_302[1].exe Win32/TrojanDownloader.FakeAlert.AEY trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\rxconwamse.exe Win32/Olmarik.SC trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\ssvd.exe NSIS/TrojanClicker.Agent.BR.Gen trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\sxcfgslr.exe a variant of Win32/Cimag.DG trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\thuurs.exe a variant of Win32/Ertfor.A trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\ybsidifk.exe Win32/Agent.QNF trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\plugtmp-2\plugin-f_anq.pdf PDF/Exploit.Pidief.PBK.Gen trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Local\Application Data\Temp\plugtmp-4\plugin-uhggck.pdf PDF/Exploit.Pidief.PBK.Gen trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Roaming\E0638C901501D3DA1FAEB34E17E3E05E\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Roaming\E0638C901501D3DA1FAEB34E17E3E05E\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Donald\AppData\Roaming\E0638C901501D3DA1FAEB34E17E3E05E\newsecureapp70700.exe a variant of Win32/Kryptik.GJT trojan cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 PM

Posted 20 August 2012 - 11:16 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Edited by narenxp, 20 August 2012 - 11:16 AM.


#7 uga_dawgs24

uga_dawgs24
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 August 2012 - 02:26 PM

Did MBAM. It found a ton but I deleted those and it ran a second time without finding anything.

Here is the mini-toolbox log:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Donald (administrator) on 20-08-2012 at 15:22:59
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC = Wireless Network Connection (Connected)
Intel® 82578DC Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Donald-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : launchmodem.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : launchmodem.com
Description . . . . . . . . . . . : Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC
Physical Address. . . . . . . . . : 00-08-54-99-6E-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::81df:631a:4ccd:a1ce%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.14(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 20, 2012 1:36:00 PM
Lease Expires . . . . . . . . . . : Monday, August 27, 2012 3:21:34 PM
Default Gateway . . . . . . . . . : fe80::218:e7ff:fefe:517b%16
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82578DC Gigabit Network Connection
Physical Address. . . . . . . . . : 70-71-BC-1F-BB-A0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.launchmodem.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F55A718A-5D72-4D1D-98D0-5DEEDAD2C5DA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4002:802::1005
173.194.37.68
173.194.37.69
173.194.37.70
173.194.37.71
173.194.37.72
173.194.37.73
173.194.37.78
173.194.37.64
173.194.37.65
173.194.37.66
173.194.37.67


Pinging google.com [173.194.37.67] with 32 bytes of data:
Reply from 173.194.37.67: bytes=32 time=17ms TTL=53
Reply from 173.194.37.67: bytes=32 time=16ms TTL=53

Ping statistics for 173.194.37.67:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=156ms TTL=49
Reply from 72.30.38.140: bytes=32 time=103ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 156ms, Average = 129ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...00 08 54 99 6e 5f ......Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC
10...70 71 bc 1f bb a0 ......Intel® 82578DC Gigabit Network Connection
1...........................Software Loopback Interface 1
1044...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
1043...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.14 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.14 281
192.168.0.14 255.255.255.255 On-link 192.168.0.14 281
192.168.0.255 255.255.255.255 On-link 192.168.0.14 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.14 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.14 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 281 ::/0 fe80::218:e7ff:fefe:517b
1 306 ::1/128 On-link
16 281 fe80::/64 On-link
16 281 fe80::81df:631a:4ccd:a1ce/128
On-link
1 306 ff00::/8 On-link
16 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 03:20:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1701596

Error: (08/20/2012 03:20:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1701596

Error: (08/20/2012 03:20:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2012 00:49:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6037

Error: (08/20/2012 00:49:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6037

Error: (08/20/2012 00:49:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2012 00:49:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5039

Error: (08/20/2012 00:49:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5039

Error: (08/20/2012 00:49:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2012 00:49:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4025


System errors:
=============
Error: (08/20/2012 03:21:36 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/20/2012 03:21:36 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/20/2012 03:20:40 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/20/2012 03:20:40 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/20/2012 01:36:01 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/20/2012 01:36:01 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/20/2012 01:35:46 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/20/2012 01:35:46 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/20/2012 01:35:46 PM) (Source: Service Control Manager) (User: )
Description: The epfwwfp service failed to start due to the following error:
%%1753

Error: (08/20/2012 01:35:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (08/20/2012 03:20:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1701596

Error: (08/20/2012 03:20:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1701596

Error: (08/20/2012 03:20:27 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2012 00:49:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6037

Error: (08/20/2012 00:49:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6037

Error: (08/20/2012 00:49:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2012 00:49:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5039

Error: (08/20/2012 00:49:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5039

Error: (08/20/2012 00:49:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2012 00:49:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4025


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.1)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader 9.5.1 (Version: 9.5.1)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
AutoUpdate (Version: 1.1)
Bonjour (Version: 2.0.4.0)
BufferChm (Version: 130.0.331.000)
C309g-m (Version: 130.0.396.000)
Corel PaintShop Photo Express 2010 (Version: 1.0.0)
Corel VideoStudio 2010 Express (Version: 1.0.0)
Davis's Drug Guide for Nurses, 12e (Version: 1.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DivX Codec (Version: 6.8.0)
DivX Content Uploader (Version: 1.2.1)
DivX Converter (Version: 6.6.0)
DivX Player (Version: 6.7.0)
DivX Web Player (Version: 1.4.0)
ESET Online Scanner v3
ESET Smart Security (Version: 4.0.474.0)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Intel® Desktop Utilities (Version: 1.0.0)
Intel® Integrator Assistant (Version: 1.0.0)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Network Connections 14.8.43.0 (Version: 14.8.43.0)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network (Version: 130.0.572.000)
NVIDIA Drivers (Version: 1.9)
NVIDIA Stereoscopic 3D Driver (Version: 7.15.11.9045)
PCmover (Version: 3.00.593.0)
PS_AIO_06_C309g-m_SW_Min (Version: 130.0.396.000)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.5964)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 5.8 (Version: 5.8.158)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WebEx
WebReg (Version: 130.0.132.017)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
WorldWinner Games (Version: 1.10.0.25)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3317.4 MB
Available physical RAM: 2519.78 MB
Total Pagefile: 6633.08 MB
Available Pagefile: 5306.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.05 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:465.47 GB) (Free:404.01 GB) NTFS

========================= Users: ========================================

User accounts for \\DONALD-PC

Administrator Donald Guest


**** End of log ****

Farbar:
Farbar Service Scanner Version: 06-08-2012
Ran by Donald (administrator) on 20-08-2012 at 15:26:15
Running from "C:\Users\Donald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L50CSEX"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 uga_dawgs24

uga_dawgs24
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 August 2012 - 02:29 PM

# AdwCleaner v1.801 - Logfile created 08/20/2012 at 15:27:10
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Donald - DONALD-PC
# Boot Mode : Normal
# Running from : C:\Users\Donald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9QS5TSO\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Donald\AppData\Roaming\Mozilla\Firefox\Profiles\3z9ufep9.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [803 octets] - [20/08/2012 15:27:10]

########## EOF - C:\AdwCleaner[S1].txt - [930 octets] ##########

#9 uga_dawgs24

uga_dawgs24
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 August 2012 - 02:31 PM

Rkill 2.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2012 03:30:36 PM in x86 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ESET-phase2.exe (PID: 1188) [AU-HEUR]
* C:\Windows\runservice.exe (PID: 1552) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* BFE [Missing Service]
* BITS [Missing Service]
* CscService [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:
* No issues found.

Program finished at: 08/20/2012 03:30:46 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 PM

Posted 20 August 2012 - 08:44 PM

Download

MpsSvc
BFE
wscsvc
defender
wuauserv
BITS
Sharedaccess

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

#11 uga_dawgs24

uga_dawgs24
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 August 2012 - 09:16 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Donald (administrator) on 20-08-2012 at 22:15:33
Running from "C:\Users\Donald\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:36 PM

Posted 20 August 2012 - 09:19 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users