Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All browsers redirect to login.live.com, Firefox crashes


  • Please log in to reply
24 replies to this topic

#1 527

527

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 August 2012 - 01:37 PM

My dad asked me to help him with his computer: Windows XP 64 bit.

Problems:
-Firefox would open and crash immediately
-IE redirects all links and new tabs to login.live.com (a hotmail sign in page)
-Safari redirects all links and tabs to login.live.com (a hotmail sign in page)
-Type a url into browser and redirects to login.live.com

Attempt to fix:
-Change home page to http://housecall.trendmicro.com (the only way to reach this URL I could think of)
-Run Housecall, found 8 trojans
-Fix trojans and restart
-Also delete all cookies and browsing history

Current status:
-Browser redirects are still happening, but not as aggressive
-Firefox will not open at all

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 AM

Posted 25 August 2012 - 04:57 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 August 2012 - 05:32 PM

Thank you. This is a challenge since I can't download the files, they all redirect. I had to get creative to run the scans.

TDSSKiller log first:

18:24:48.0807 4576 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:24:49.0088 4576 ============================================================
18:24:49.0088 4576 Current date / time: 2012/08/25 18:24:49.0088
18:24:49.0088 4576 SystemInfo:
18:24:49.0088 4576
18:24:49.0088 4576 OS Version: 6.1.7601 ServicePack: 1.0
18:24:49.0088 4576 Product type: Workstation
18:24:49.0088 4576 ComputerName: TONY-PC
18:24:49.0088 4576 UserName: Tony
18:24:49.0088 4576 Windows directory: C:\Windows
18:24:49.0088 4576 System windows directory: C:\Windows
18:24:49.0088 4576 Running under WOW64
18:24:49.0088 4576 Processor architecture: Intel x64
18:24:49.0088 4576 Number of processors: 4
18:24:49.0088 4576 Page size: 0x1000
18:24:49.0088 4576 Boot type: Normal boot
18:24:49.0088 4576 ============================================================
18:24:50.0492 4576 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:50.0507 4576 ============================================================
18:24:50.0507 4576 \Device\Harddisk0\DR0:
18:24:50.0507 4576 MBR partitions:
18:24:50.0507 4576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:24:50.0507 4576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x72E25FC1
18:24:50.0507 4576 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72E58800, BlocksNum 0x18AD800
18:24:50.0507 4576 ============================================================
18:24:50.0538 4576 C: <-> \Device\Harddisk0\DR0\Partition2
18:24:50.0570 4576 D: <-> \Device\Harddisk0\DR0\Partition3
18:24:50.0570 4576 ============================================================
18:24:50.0570 4576 Initialize success
18:24:50.0570 4576 ============================================================
18:25:06.0295 4644 ============================================================
18:25:06.0310 4644 Scan started
18:25:06.0310 4644 Mode: Manual; TDLFS;
18:25:06.0310 4644 ============================================================
18:25:06.0685 4644 ================ Scan system memory ========================
18:25:06.0685 4644 System memory - ok
18:25:06.0700 4644 ================ Scan services =============================
18:25:06.0809 4644 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:25:06.0825 4644 1394ohci - ok
18:25:06.0856 4644 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:25:06.0872 4644 ACPI - ok
18:25:06.0887 4644 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:25:06.0887 4644 AcpiPmi - ok
18:25:06.0997 4644 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:25:06.0997 4644 AdobeARMservice - ok
18:25:07.0075 4644 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:25:07.0090 4644 AdobeFlashPlayerUpdateSvc - ok
18:25:07.0121 4644 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:25:07.0137 4644 adp94xx - ok
18:25:07.0153 4644 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:25:07.0168 4644 adpahci - ok
18:25:07.0168 4644 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:25:07.0184 4644 adpu320 - ok
18:25:07.0215 4644 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:25:07.0215 4644 AeLookupSvc - ok
18:25:07.0246 4644 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:25:07.0262 4644 AFD - ok
18:25:07.0277 4644 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:25:07.0277 4644 agp440 - ok
18:25:07.0309 4644 [ 3327E85CADB3B65EE36016E35BCC0ADC ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys
18:25:07.0324 4644 ahcix64s - ok
18:25:07.0340 4644 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:25:07.0340 4644 ALG - ok
18:25:07.0355 4644 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:25:07.0371 4644 aliide - ok
18:25:07.0402 4644 [ 2FDCB3E855076CE97CCB58E2CF8F2A09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:25:07.0402 4644 AMD External Events Utility - ok
18:25:07.0418 4644 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:25:07.0418 4644 amdide - ok
18:25:07.0433 4644 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:25:07.0449 4644 AmdK8 - ok
18:25:07.0683 4644 [ 9920704BF815A5B42DA5264F013AAEB7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:25:07.0901 4644 amdkmdag - ok
18:25:07.0948 4644 [ 0D1055A47A8F5DC1CAA2701831293EBB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:25:07.0948 4644 amdkmdap - ok
18:25:07.0979 4644 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:25:07.0979 4644 AmdPPM - ok
18:25:08.0011 4644 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:25:08.0011 4644 amdsata - ok
18:25:08.0026 4644 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:25:08.0042 4644 amdsbs - ok
18:25:08.0057 4644 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:25:08.0057 4644 amdxata - ok
18:25:08.0104 4644 [ B01289CC07A2E21C4EFCA722D1EFB243 ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
18:25:08.0104 4644 AMD_RAIDXpert - ok
18:25:08.0135 4644 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:25:08.0151 4644 AppID - ok
18:25:08.0167 4644 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:25:08.0167 4644 AppIDSvc - ok
18:25:08.0198 4644 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:25:08.0198 4644 Appinfo - ok
18:25:08.0245 4644 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:25:08.0245 4644 Apple Mobile Device - ok
18:25:08.0260 4644 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:25:08.0260 4644 arc - ok
18:25:08.0276 4644 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:25:08.0276 4644 arcsas - ok
18:25:08.0307 4644 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:25:08.0307 4644 AsyncMac - ok
18:25:08.0338 4644 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:25:08.0338 4644 atapi - ok
18:25:08.0385 4644 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:25:08.0432 4644 athr - ok
18:25:08.0666 4644 [ 9920704BF815A5B42DA5264F013AAEB7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:25:08.0806 4644 atikmdag - ok
18:25:08.0837 4644 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
18:25:08.0837 4644 AtiPcie - ok
18:25:08.0884 4644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:25:08.0900 4644 AudioEndpointBuilder - ok
18:25:08.0915 4644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:25:08.0931 4644 AudioSrv - ok
18:25:08.0978 4644 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:25:08.0993 4644 AxInstSV - ok
18:25:09.0025 4644 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:25:09.0025 4644 b06bdrv - ok
18:25:09.0056 4644 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:25:09.0056 4644 b57nd60a - ok
18:25:09.0087 4644 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:25:09.0087 4644 BDESVC - ok
18:25:09.0103 4644 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:25:09.0103 4644 Beep - ok
18:25:09.0134 4644 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:25:09.0134 4644 blbdrive - ok
18:25:09.0196 4644 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:25:09.0212 4644 Bonjour Service - ok
18:25:09.0243 4644 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:25:09.0243 4644 bowser - ok
18:25:09.0274 4644 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:25:09.0274 4644 BrFiltLo - ok
18:25:09.0290 4644 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:25:09.0290 4644 BrFiltUp - ok
18:25:09.0321 4644 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
18:25:09.0321 4644 Browser - ok
18:25:09.0337 4644 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
18:25:09.0352 4644 Brserid - ok
18:25:09.0368 4644 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:25:09.0368 4644 BrSerWdm - ok
18:25:09.0383 4644 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:25:09.0383 4644 BrUsbMdm - ok
18:25:09.0399 4644 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
18:25:09.0399 4644 BrUsbSer - ok
18:25:09.0415 4644 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:25:09.0415 4644 BTHMODEM - ok
18:25:09.0430 4644 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:25:09.0446 4644 bthserv - ok
18:25:09.0461 4644 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:25:09.0461 4644 cdfs - ok
18:25:09.0493 4644 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:25:09.0493 4644 cdrom - ok
18:25:09.0524 4644 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:25:09.0524 4644 CertPropSvc - ok
18:25:09.0539 4644 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:25:09.0539 4644 circlass - ok
18:25:09.0586 4644 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:25:09.0586 4644 CLFS - ok
18:25:09.0649 4644 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:09.0649 4644 clr_optimization_v2.0.50727_32 - ok
18:25:09.0695 4644 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:25:09.0695 4644 clr_optimization_v2.0.50727_64 - ok
18:25:09.0773 4644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:25:09.0773 4644 clr_optimization_v4.0.30319_32 - ok
18:25:09.0805 4644 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:25:09.0805 4644 clr_optimization_v4.0.30319_64 - ok
18:25:09.0820 4644 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:25:09.0820 4644 CmBatt - ok
18:25:09.0867 4644 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:25:09.0867 4644 cmdide - ok
18:25:09.0898 4644 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
18:25:09.0914 4644 CNG - ok
18:25:09.0929 4644 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:25:09.0929 4644 Compbatt - ok
18:25:09.0945 4644 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:25:09.0945 4644 CompositeBus - ok
18:25:09.0961 4644 COMSysApp - ok
18:25:09.0976 4644 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:25:09.0976 4644 crcdisk - ok
18:25:10.0023 4644 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:25:10.0023 4644 CryptSvc - ok
18:25:10.0054 4644 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
18:25:10.0054 4644 dc3d - ok
18:25:10.0101 4644 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:25:10.0117 4644 DcomLaunch - ok
18:25:10.0163 4644 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:25:10.0163 4644 defragsvc - ok
18:25:10.0195 4644 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:25:10.0210 4644 DfsC - ok
18:25:10.0241 4644 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:25:10.0241 4644 Dhcp - ok
18:25:10.0273 4644 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:25:10.0273 4644 discache - ok
18:25:10.0288 4644 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:25:10.0288 4644 Disk - ok
18:25:10.0335 4644 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:25:10.0335 4644 Dnscache - ok
18:25:10.0366 4644 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:25:10.0366 4644 dot3svc - ok
18:25:10.0397 4644 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:25:10.0413 4644 Dot4 - ok
18:25:10.0444 4644 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
18:25:10.0444 4644 Dot4Print - ok
18:25:10.0491 4644 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:25:10.0491 4644 dot4usb - ok
18:25:10.0507 4644 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:25:10.0507 4644 DPS - ok
18:25:10.0538 4644 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:25:10.0538 4644 drmkaud - ok
18:25:10.0600 4644 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:25:10.0616 4644 DXGKrnl - ok
18:25:10.0663 4644 [ BBD683974D4BF2B9E2D8638CF503ACD8 ] eac_notifysvc C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
18:25:10.0663 4644 eac_notifysvc - ok
18:25:10.0694 4644 [ 44BCE248CA00DAC64BC1CE25ADF18ACA ] eac_productsvc C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
18:25:10.0694 4644 eac_productsvc - ok
18:25:10.0725 4644 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:25:10.0725 4644 EapHost - ok
18:25:10.0819 4644 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:25:10.0897 4644 ebdrv - ok
18:25:10.0928 4644 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:25:10.0928 4644 EFS - ok
18:25:10.0975 4644 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:25:10.0990 4644 ehRecvr - ok
18:25:11.0021 4644 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:25:11.0021 4644 ehSched - ok
18:25:11.0053 4644 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:25:11.0068 4644 elxstor - ok
18:25:11.0084 4644 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:25:11.0084 4644 ErrDev - ok
18:25:11.0115 4644 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:25:11.0131 4644 EventSystem - ok
18:25:11.0146 4644 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:25:11.0146 4644 exfat - ok
18:25:11.0162 4644 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:25:11.0177 4644 fastfat - ok
18:25:11.0224 4644 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:25:11.0240 4644 Fax - ok
18:25:11.0240 4644 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:25:11.0255 4644 fdc - ok
18:25:11.0271 4644 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:25:11.0271 4644 fdPHost - ok
18:25:11.0302 4644 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:25:11.0302 4644 FDResPub - ok
18:25:11.0318 4644 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:25:11.0318 4644 FileInfo - ok
18:25:11.0333 4644 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:25:11.0333 4644 Filetrace - ok
18:25:11.0349 4644 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:25:11.0349 4644 flpydisk - ok
18:25:11.0396 4644 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:25:11.0396 4644 FltMgr - ok
18:25:11.0458 4644 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:25:11.0489 4644 FontCache - ok
18:25:11.0536 4644 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:25:11.0536 4644 FontCache3.0.0.0 - ok
18:25:11.0567 4644 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:25:11.0567 4644 FsDepends - ok
18:25:11.0599 4644 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:25:11.0599 4644 Fs_Rec - ok
18:25:11.0614 4644 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:25:11.0630 4644 fvevol - ok
18:25:11.0645 4644 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:25:11.0645 4644 gagp30kx - ok
18:25:11.0708 4644 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:25:11.0708 4644 GameConsoleService - ok
18:25:11.0739 4644 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:25:11.0739 4644 GEARAspiWDM - ok
18:25:11.0786 4644 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:25:11.0801 4644 gpsvc - ok
18:25:11.0895 4644 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:25:11.0895 4644 gupdate - ok
18:25:11.0911 4644 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:25:11.0911 4644 gupdatem - ok
18:25:11.0926 4644 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:25:11.0942 4644 hcw85cir - ok
18:25:11.0973 4644 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:25:11.0973 4644 HDAudBus - ok
18:25:11.0989 4644 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:25:11.0989 4644 HidBatt - ok
18:25:12.0020 4644 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:25:12.0020 4644 HidBth - ok
18:25:12.0020 4644 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:25:12.0020 4644 HidIr - ok
18:25:12.0051 4644 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:25:12.0067 4644 hidserv - ok
18:25:12.0098 4644 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:25:12.0098 4644 HidUsb - ok
18:25:12.0129 4644 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:25:12.0129 4644 hkmsvc - ok
18:25:12.0160 4644 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:25:12.0160 4644 HomeGroupListener - ok
18:25:12.0191 4644 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:25:12.0191 4644 HomeGroupProvider - ok
18:25:12.0254 4644 [ 58C91CCA61A948DC6E789C93C05A1D6F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:25:12.0269 4644 HP Health Check Service - ok
18:25:12.0347 4644 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:25:12.0347 4644 hpqcxs08 - ok
18:25:12.0379 4644 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:25:12.0379 4644 hpqddsvc - ok
18:25:12.0425 4644 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:25:12.0425 4644 hpqwmiex - ok
18:25:12.0441 4644 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:25:12.0441 4644 HpSAMD - ok
18:25:12.0503 4644 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:25:12.0519 4644 HTTP - ok
18:25:12.0535 4644 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:25:12.0535 4644 hwpolicy - ok
18:25:12.0566 4644 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:25:12.0566 4644 i8042prt - ok
18:25:12.0613 4644 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:25:12.0613 4644 iaStorV - ok
18:25:12.0644 4644 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:25:12.0659 4644 IDriverT - ok
18:25:12.0706 4644 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:25:12.0722 4644 idsvc - ok
18:25:12.0769 4644 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:25:12.0769 4644 iirsp - ok
18:25:12.0815 4644 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:25:12.0831 4644 IKEEXT - ok
18:25:12.0925 4644 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:25:12.0971 4644 IntcAzAudAddService - ok
18:25:12.0987 4644 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:25:12.0987 4644 intelide - ok
18:25:13.0003 4644 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:25:13.0003 4644 intelppm - ok
18:25:13.0034 4644 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:25:13.0034 4644 IPBusEnum - ok
18:25:13.0065 4644 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:25:13.0081 4644 IpFilterDriver - ok
18:25:13.0096 4644 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:25:13.0096 4644 IPMIDRV - ok
18:25:13.0112 4644 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:25:13.0127 4644 IPNAT - ok
18:25:13.0190 4644 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:25:13.0221 4644 iPod Service - ok
18:25:13.0237 4644 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:25:13.0237 4644 IRENUM - ok
18:25:13.0268 4644 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:25:13.0268 4644 isapnp - ok
18:25:13.0299 4644 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:25:13.0299 4644 iScsiPrt - ok
18:25:13.0330 4644 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:25:13.0330 4644 kbdclass - ok
18:25:13.0361 4644 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:25:13.0361 4644 kbdhid - ok
18:25:13.0393 4644 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:25:13.0393 4644 KeyIso - ok
18:25:13.0408 4644 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:25:13.0424 4644 KSecDD - ok
18:25:13.0439 4644 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:25:13.0439 4644 KSecPkg - ok
18:25:13.0455 4644 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:25:13.0455 4644 ksthunk - ok
18:25:13.0486 4644 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:25:13.0502 4644 KtmRm - ok
18:25:13.0533 4644 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:25:13.0549 4644 LanmanServer - ok
18:25:13.0564 4644 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:25:13.0580 4644 LanmanWorkstation - ok
18:25:13.0627 4644 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:25:13.0642 4644 LightScribeService - ok
18:25:13.0658 4644 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:25:13.0658 4644 lltdio - ok
18:25:13.0689 4644 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:25:13.0689 4644 lltdsvc - ok
18:25:13.0720 4644 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:25:13.0720 4644 lmhosts - ok
18:25:13.0751 4644 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:25:13.0751 4644 LSI_FC - ok
18:25:13.0767 4644 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:25:13.0767 4644 LSI_SAS - ok
18:25:13.0767 4644 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:25:13.0783 4644 LSI_SAS2 - ok
18:25:13.0798 4644 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:25:13.0798 4644 LSI_SCSI - ok
18:25:13.0829 4644 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:25:13.0829 4644 luafv - ok
18:25:13.0861 4644 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:25:13.0861 4644 Mcx2Svc - ok
18:25:13.0876 4644 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:25:13.0876 4644 megasas - ok
18:25:13.0907 4644 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:25:13.0907 4644 MegaSR - ok
18:25:13.0970 4644 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:25:13.0970 4644 Microsoft Office Groove Audit Service - ok
18:25:13.0985 4644 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:25:14.0001 4644 MMCSS - ok
18:25:14.0032 4644 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:25:14.0032 4644 Modem - ok
18:25:14.0048 4644 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:25:14.0048 4644 monitor - ok
18:25:14.0079 4644 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:25:14.0079 4644 mouclass - ok
18:25:14.0095 4644 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:25:14.0110 4644 mouhid - ok
18:25:14.0126 4644 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:25:14.0141 4644 mountmgr - ok
18:25:14.0157 4644 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:25:14.0173 4644 mpio - ok
18:25:14.0188 4644 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:25:14.0188 4644 mpsdrv - ok
18:25:14.0219 4644 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:25:14.0235 4644 MRxDAV - ok
18:25:14.0266 4644 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:25:14.0266 4644 mrxsmb - ok
18:25:14.0313 4644 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:25:14.0313 4644 mrxsmb10 - ok
18:25:14.0329 4644 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:25:14.0329 4644 mrxsmb20 - ok
18:25:14.0360 4644 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:25:14.0360 4644 msahci - ok
18:25:14.0375 4644 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:25:14.0391 4644 msdsm - ok
18:25:14.0407 4644 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:25:14.0407 4644 MSDTC - ok
18:25:14.0422 4644 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:25:14.0422 4644 Msfs - ok
18:25:14.0469 4644 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:25:14.0469 4644 mshidkmdf - ok
18:25:14.0500 4644 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:25:14.0500 4644 msisadrv - ok
18:25:14.0531 4644 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:25:14.0531 4644 MSiSCSI - ok
18:25:14.0547 4644 msiserver - ok
18:25:14.0563 4644 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:25:14.0563 4644 MSKSSRV - ok
18:25:14.0578 4644 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:25:14.0594 4644 MSPCLOCK - ok
18:25:14.0594 4644 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:25:14.0609 4644 MSPQM - ok
18:25:14.0641 4644 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:25:14.0656 4644 MsRPC - ok
18:25:14.0672 4644 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:25:14.0672 4644 mssmbios - ok
18:25:14.0687 4644 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:25:14.0687 4644 MSTEE - ok
18:25:14.0703 4644 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:25:14.0703 4644 MTConfig - ok
18:25:14.0719 4644 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:25:14.0719 4644 Mup - ok
18:25:14.0750 4644 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:25:14.0765 4644 napagent - ok
18:25:14.0797 4644 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:25:14.0812 4644 NativeWifiP - ok
18:25:14.0843 4644 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:25:14.0859 4644 NDIS - ok
18:25:14.0890 4644 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:25:14.0890 4644 NdisCap - ok
18:25:14.0921 4644 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:25:14.0921 4644 NdisTapi - ok
18:25:14.0953 4644 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:25:14.0953 4644 Ndisuio - ok
18:25:14.0984 4644 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:25:14.0984 4644 NdisWan - ok
18:25:15.0015 4644 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:25:15.0015 4644 NDProxy - ok
18:25:15.0062 4644 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:25:15.0062 4644 Net Driver HPZ12 - ok
18:25:15.0077 4644 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:25:15.0077 4644 NetBIOS - ok
18:25:15.0109 4644 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:25:15.0109 4644 NetBT - ok
18:25:15.0124 4644 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:25:15.0124 4644 Netlogon - ok
18:25:15.0155 4644 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:25:15.0171 4644 Netman - ok
18:25:15.0187 4644 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:25:15.0202 4644 netprofm - ok
18:25:15.0233 4644 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:25:15.0233 4644 NetTcpPortSharing - ok
18:25:15.0249 4644 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:25:15.0249 4644 nfrd960 - ok
18:25:15.0280 4644 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:25:15.0280 4644 NlaSvc - ok
18:25:15.0296 4644 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:25:15.0296 4644 Npfs - ok
18:25:15.0311 4644 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:25:15.0327 4644 nsi - ok
18:25:15.0343 4644 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:25:15.0343 4644 nsiproxy - ok
18:25:15.0421 4644 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:25:15.0452 4644 Ntfs - ok
18:25:15.0483 4644 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:25:15.0483 4644 Null - ok
18:25:15.0499 4644 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:25:15.0514 4644 nvraid - ok
18:25:15.0545 4644 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:25:15.0545 4644 nvstor - ok
18:25:15.0577 4644 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:25:15.0577 4644 nv_agp - ok
18:25:15.0655 4644 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:25:15.0655 4644 odserv - ok
18:25:15.0686 4644 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:25:15.0686 4644 ohci1394 - ok
18:25:15.0733 4644 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:25:15.0733 4644 ose - ok
18:25:15.0764 4644 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:25:15.0779 4644 p2pimsvc - ok
18:25:15.0795 4644 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:25:15.0811 4644 p2psvc - ok
18:25:15.0842 4644 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:25:15.0842 4644 Parport - ok
18:25:15.0857 4644 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:25:15.0857 4644 partmgr - ok
18:25:15.0873 4644 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:25:15.0889 4644 PcaSvc - ok
18:25:15.0904 4644 PCDSRVC{61A6314B-67E718C5-06000000}_0 - ok
18:25:15.0951 4644 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:25:15.0951 4644 pci - ok
18:25:15.0982 4644 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:25:15.0982 4644 pciide - ok
18:25:15.0998 4644 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:25:16.0013 4644 pcmcia - ok
18:25:16.0045 4644 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
18:25:16.0045 4644 pcouffin - ok
18:25:16.0060 4644 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:25:16.0060 4644 pcw - ok
18:25:16.0091 4644 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:25:16.0107 4644 PEAUTH - ok
18:25:16.0169 4644 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:25:16.0169 4644 PerfHost - ok
18:25:16.0247 4644 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:25:16.0294 4644 pla - ok
18:25:16.0341 4644 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:25:16.0357 4644 PlugPlay - ok
18:25:16.0388 4644 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:25:16.0403 4644 Pml Driver HPZ12 - ok
18:25:16.0419 4644 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:25:16.0419 4644 PNRPAutoReg - ok
18:25:16.0450 4644 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:25:16.0450 4644 PNRPsvc - ok
18:25:16.0481 4644 [ A6D06378F37BDBA0C0019294C2AABBD0 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys
18:25:16.0481 4644 Point64 - ok
18:25:16.0513 4644 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:25:16.0528 4644 PolicyAgent - ok
18:25:16.0559 4644 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:25:16.0575 4644 Power - ok
18:25:16.0591 4644 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:25:16.0591 4644 PptpMiniport - ok
18:25:16.0637 4644 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:25:16.0637 4644 Processor - ok
18:25:16.0669 4644 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:25:16.0684 4644 ProfSvc - ok
18:25:16.0684 4644 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:25:16.0700 4644 ProtectedStorage - ok
18:25:16.0715 4644 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:25:16.0731 4644 Psched - ok
18:25:16.0778 4644 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:25:16.0825 4644 ql2300 - ok
18:25:16.0840 4644 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:25:16.0856 4644 ql40xx - ok
18:25:16.0887 4644 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:25:16.0887 4644 QWAVE - ok
18:25:16.0918 4644 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:25:16.0918 4644 QWAVEdrv - ok
18:25:16.0934 4644 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:25:16.0934 4644 RasAcd - ok
18:25:16.0949 4644 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:25:16.0965 4644 RasAgileVpn - ok
18:25:16.0981 4644 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:25:16.0981 4644 RasAuto - ok
18:25:16.0996 4644 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:16.0996 4644 Rasl2tp - ok
18:25:17.0027 4644 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:25:17.0027 4644 RasMan - ok
18:25:17.0043 4644 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:17.0059 4644 RasPppoe - ok
18:25:17.0074 4644 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:25:17.0074 4644 RasSstp - ok
18:25:17.0090 4644 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:25:17.0105 4644 rdbss - ok
18:25:17.0121 4644 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:25:17.0121 4644 rdpbus - ok
18:25:17.0137 4644 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:17.0137 4644 RDPCDD - ok
18:25:17.0168 4644 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:25:17.0168 4644 RDPENCDD - ok
18:25:17.0183 4644 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:25:17.0183 4644 RDPREFMP - ok
18:25:17.0199 4644 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:25:17.0199 4644 RDPWD - ok
18:25:17.0246 4644 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:25:17.0246 4644 rdyboost - ok
18:25:17.0277 4644 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:25:17.0293 4644 RemoteAccess - ok
18:25:17.0308 4644 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:25:17.0324 4644 RemoteRegistry - ok
18:25:17.0339 4644 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:25:17.0355 4644 RpcEptMapper - ok
18:25:17.0371 4644 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:25:17.0371 4644 RpcLocator - ok
18:25:17.0417 4644 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:25:17.0433 4644 RpcSs - ok
18:25:17.0449 4644 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:25:17.0449 4644 rspndr - ok
18:25:17.0495 4644 [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:25:17.0511 4644 RTL8167 - ok
18:25:17.0527 4644 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:25:17.0527 4644 SamSs - ok
18:25:17.0558 4644 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:25:17.0558 4644 sbp2port - ok
18:25:17.0589 4644 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:25:17.0605 4644 SCardSvr - ok
18:25:17.0620 4644 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:25:17.0620 4644 scfilter - ok
18:25:17.0667 4644 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:25:17.0698 4644 Schedule - ok
18:25:17.0729 4644 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:25:17.0729 4644 SCPolicySvc - ok
18:25:17.0745 4644 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:25:17.0745 4644 SDRSVC - ok
18:25:17.0807 4644 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:25:17.0807 4644 SeaPort - ok
18:25:17.0823 4644 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:25:17.0823 4644 secdrv - ok
18:25:17.0854 4644 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:25:17.0854 4644 seclogon - ok
18:25:17.0870 4644 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:25:17.0870 4644 SENS - ok
18:25:17.0885 4644 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:25:17.0901 4644 SensrSvc - ok
18:25:17.0917 4644 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:25:17.0917 4644 Serenum - ok
18:25:17.0932 4644 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:25:17.0932 4644 Serial - ok
18:25:17.0963 4644 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:25:17.0963 4644 sermouse - ok
18:25:18.0010 4644 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:25:18.0026 4644 SessionEnv - ok
18:25:18.0041 4644 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:25:18.0041 4644 sffdisk - ok
18:25:18.0057 4644 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:25:18.0057 4644 sffp_mmc - ok
18:25:18.0073 4644 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:25:18.0073 4644 sffp_sd - ok
18:25:18.0088 4644 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:25:18.0088 4644 sfloppy - ok
18:25:18.0119 4644 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:25:18.0135 4644 ShellHWDetection - ok
18:25:18.0166 4644 [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132 C:\Windows\system32\DRIVERS\SI3132.sys
18:25:18.0166 4644 SI3132 - ok
18:25:18.0182 4644 [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
18:25:18.0197 4644 SiFilter - ok
18:25:18.0197 4644 [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
18:25:18.0197 4644 SiRemFil - ok
18:25:18.0213 4644 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:25:18.0213 4644 SiSRaid2 - ok
18:25:18.0229 4644 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:25:18.0229 4644 SiSRaid4 - ok
18:25:18.0260 4644 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:25:18.0260 4644 Smb - ok
18:25:18.0291 4644 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:25:18.0291 4644 SNMPTRAP - ok
18:25:18.0307 4644 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:25:18.0307 4644 spldr - ok
18:25:18.0322 4644 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
18:25:18.0338 4644 Spooler - ok
18:25:18.0447 4644 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:25:18.0541 4644 sppsvc - ok
18:25:18.0556 4644 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:25:18.0556 4644 sppuinotify - ok
18:25:18.0587 4644 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:25:18.0603 4644 srv - ok
18:25:18.0619 4644 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:25:18.0634 4644 srv2 - ok
18:25:18.0650 4644 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:25:18.0650 4644 srvnet - ok
18:25:18.0697 4644 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:25:18.0697 4644 SSDPSRV - ok
18:25:18.0712 4644 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:25:18.0712 4644 SstpSvc - ok
18:25:18.0743 4644 [ BBD683974D4BF2B9E2D8638CF503ACD8 ] sstsmonsvc C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
18:25:18.0743 4644 sstsmonsvc - ok
18:25:18.0759 4644 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:25:18.0759 4644 stexstor - ok
18:25:18.0790 4644 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:25:18.0806 4644 stisvc - ok
18:25:18.0837 4644 [ 5D3D9CC54EBBE9777364F311E4B19EBF ] StopSign Update Manager C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
18:25:18.0837 4644 StopSign Update Manager - ok
18:25:18.0868 4644 [ 745E8BDD1AD92BCE97DBCF1BA60D4045 ] SUSTUCAM C:\Windows\system32\DRIVERS\sustucam.sys
18:25:18.0868 4644 SUSTUCAM - ok
18:25:18.0899 4644 [ C7C1C5CA51447B273A6C8BC972397BA5 ] SUSTUCAP C:\Windows\system32\DRIVERS\sustucap.sys
18:25:18.0899 4644 SUSTUCAP - ok
18:25:18.0931 4644 [ A69A9A9FE119907E85BB30CDFBFB2A38 ] SUSTUCAU C:\Windows\system32\DRIVERS\sustucau.sys
18:25:18.0931 4644 SUSTUCAU - ok
18:25:18.0962 4644 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:25:18.0962 4644 swenum - ok
18:25:18.0993 4644 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:25:19.0009 4644 swprv - ok
18:25:19.0071 4644 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:25:19.0118 4644 SysMain - ok
18:25:19.0133 4644 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:25:19.0133 4644 TabletInputService - ok
18:25:19.0165 4644 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:25:19.0180 4644 TapiSrv - ok
18:25:19.0196 4644 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:25:19.0211 4644 TBS - ok
18:25:19.0274 4644 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:25:19.0336 4644 Tcpip - ok
18:25:19.0399 4644 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:25:19.0430 4644 TCPIP6 - ok
18:25:19.0477 4644 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:25:19.0477 4644 tcpipreg - ok
18:25:19.0508 4644 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:25:19.0508 4644 TDPIPE - ok
18:25:19.0539 4644 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:25:19.0539 4644 TDTCP - ok
18:25:19.0570 4644 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:25:19.0570 4644 tdx - ok
18:25:19.0586 4644 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:25:19.0586 4644 TermDD - ok
18:25:19.0617 4644 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:25:19.0633 4644 TermService - ok
18:25:19.0664 4644 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:25:19.0679 4644 Themes - ok
18:25:19.0679 4644 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:25:19.0695 4644 THREADORDER - ok
18:25:19.0711 4644 [ 99559F8DE53EAC2C8DBC23595803A69D ] TMEBC C:\Windows\system32\DRIVERS\TMEBC64.sys
18:25:19.0711 4644 TMEBC - ok
18:25:19.0726 4644 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:25:19.0726 4644 TrkWks - ok
18:25:19.0773 4644 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:25:19.0789 4644 TrustedInstaller - ok
18:25:19.0820 4644 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:19.0820 4644 tssecsrv - ok
18:25:19.0851 4644 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:25:19.0851 4644 TsUsbFlt - ok
18:25:19.0882 4644 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:25:19.0898 4644 tunnel - ok
18:25:19.0913 4644 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:25:19.0913 4644 uagp35 - ok
18:25:19.0929 4644 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:25:19.0945 4644 udfs - ok
18:25:19.0976 4644 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:25:19.0991 4644 UI0Detect - ok
18:25:20.0023 4644 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:25:20.0023 4644 uliagpkx - ok
18:25:20.0054 4644 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:25:20.0054 4644 umbus - ok
18:25:20.0069 4644 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:25:20.0069 4644 UmPass - ok
18:25:20.0101 4644 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:25:20.0101 4644 upnphost - ok
18:25:20.0147 4644 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:25:20.0147 4644 USBAAPL64 - ok
18:25:20.0179 4644 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:25:20.0179 4644 usbccgp - ok
18:25:20.0225 4644 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:25:20.0225 4644 usbcir - ok
18:25:20.0241 4644 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:25:20.0241 4644 usbehci - ok
18:25:20.0272 4644 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
18:25:20.0272 4644 usbfilter - ok
18:25:20.0303 4644 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:25:20.0303 4644 usbhub - ok
18:25:20.0319 4644 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:25:20.0319 4644 usbohci - ok
18:25:20.0350 4644 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:25:20.0350 4644 usbprint - ok
18:25:20.0381 4644 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:25:20.0381 4644 usbscan - ok
18:25:20.0397 4644 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:25:20.0397 4644 USBSTOR - ok
18:25:20.0413 4644 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:25:20.0413 4644 usbuhci - ok
18:25:20.0444 4644 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:25:20.0444 4644 UxSms - ok
18:25:20.0459 4644 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:25:20.0459 4644 VaultSvc - ok
18:25:20.0491 4644 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:25:20.0491 4644 vdrvroot - ok
18:25:20.0537 4644 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:25:20.0553 4644 vds - ok
18:25:20.0553 4644 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:20.0569 4644 vga - ok
18:25:20.0584 4644 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:25:20.0584 4644 VgaSave - ok
18:25:20.0615 4644 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:25:20.0631 4644 vhdmp - ok
18:25:20.0647 4644 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:25:20.0662 4644 viaide - ok
18:25:20.0678 4644 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:25:20.0678 4644 volmgr - ok
18:25:20.0725 4644 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:25:20.0725 4644 volmgrx - ok
18:25:20.0756 4644 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:25:20.0756 4644 volsnap - ok
18:25:20.0787 4644 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:25:20.0787 4644 vsmraid - ok
18:25:20.0849 4644 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:25:20.0896 4644 VSS - ok
18:25:20.0912 4644 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:25:20.0912 4644 vwifibus - ok
18:25:20.0927 4644 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:25:20.0927 4644 vwififlt - ok
18:25:20.0959 4644 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:25:20.0959 4644 W32Time - ok
18:25:20.0974 4644 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:25:20.0974 4644 WacomPen - ok
18:25:21.0005 4644 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:25:21.0005 4644 WANARP - ok
18:25:21.0005 4644 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:25:21.0005 4644 Wanarpv6 - ok
18:25:21.0083 4644 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:25:21.0130 4644 WatAdminSvc - ok
18:25:21.0177 4644 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:25:21.0224 4644 wbengine - ok
18:25:21.0239 4644 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:25:21.0239 4644 WbioSrvc - ok
18:25:21.0286 4644 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:25:21.0286 4644 wcncsvc - ok
18:25:21.0317 4644 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:25:21.0333 4644 WcsPlugInService - ok
18:25:21.0333 4644 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:25:21.0333 4644 Wd - ok
18:25:21.0364 4644 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
18:25:21.0364 4644 WDC_SAM - ok
18:25:21.0395 4644 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:25:21.0411 4644 Wdf01000 - ok
18:25:21.0427 4644 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:25:21.0442 4644 WdiServiceHost - ok
18:25:21.0442 4644 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:25:21.0458 4644 WdiSystemHost - ok
18:25:21.0489 4644 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:25:21.0489 4644 WebClient - ok
18:25:21.0520 4644 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:25:21.0520 4644 Wecsvc - ok
18:25:21.0551 4644 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:25:21.0551 4644 wercplsupport - ok
18:25:21.0567 4644 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:25:21.0583 4644 WerSvc - ok
18:25:21.0598 4644 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:25:21.0598 4644 WfpLwf - ok
18:25:21.0629 4644 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:25:21.0629 4644 WIMMount - ok
18:25:21.0629 4644 WinHttpAutoProxySvc - ok
18:25:21.0692 4644 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:25:21.0707 4644 Winmgmt - ok
18:25:21.0770 4644 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:25:21.0817 4644 WinRM - ok
18:25:21.0879 4644 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:25:21.0879 4644 WinUsb - ok
18:25:21.0926 4644 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:25:21.0941 4644 Wlansvc - ok
18:25:21.0957 4644 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:25:21.0957 4644 WmiAcpi - ok
18:25:22.0004 4644 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:25:22.0004 4644 wmiApSrv - ok
18:25:22.0035 4644 WMPNetworkSvc - ok
18:25:22.0051 4644 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:25:22.0051 4644 WPCSvc - ok
18:25:22.0066 4644 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:25:22.0066 4644 WPDBusEnum - ok
18:25:22.0082 4644 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:25:22.0082 4644 ws2ifsl - ok
18:25:22.0113 4644 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:25:22.0113 4644 wscsvc - ok
18:25:22.0113 4644 WSearch - ok
18:25:22.0160 4644 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:25:22.0160 4644 WudfPf - ok
18:25:22.0175 4644 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:25:22.0175 4644 WUDFRd - ok
18:25:22.0207 4644 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:25:22.0222 4644 wudfsvc - ok
18:25:22.0238 4644 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:25:22.0253 4644 WwanSvc - ok
18:25:22.0285 4644 ================ Scan global ===============================
18:25:22.0300 4644 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:25:22.0316 4644 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:25:22.0331 4644 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:25:22.0363 4644 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:25:22.0409 4644 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
18:25:22.0425 4644 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
18:25:22.0425 4644 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
18:25:22.0425 4644 ================ Scan MBR ==================================
18:25:22.0425 4644 [ D903658E313289C7E22A468124057BEC ] \Device\Harddisk0\DR0
18:25:22.0643 4644 \Device\Harddisk0\DR0 - ok
18:25:22.0643 4644 ================ Scan VBR ==================================
18:25:22.0643 4644 [ 39590E0073E64473A2A87DFF4B1F0429 ] \Device\Harddisk0\DR0\Partition1
18:25:22.0643 4644 \Device\Harddisk0\DR0\Partition1 - ok
18:25:22.0675 4644 [ E65BB95580D64ECFC7064FF50B86F343 ] \Device\Harddisk0\DR0\Partition2
18:25:22.0690 4644 \Device\Harddisk0\DR0\Partition2 - ok
18:25:22.0721 4644 [ C03AE3B0D098EECD1866A775F9E73C98 ] \Device\Harddisk0\DR0\Partition3
18:25:22.0721 4644 \Device\Harddisk0\DR0\Partition3 - ok
18:25:22.0721 4644 ============================================================
18:25:22.0721 4644 Scan finished
18:25:22.0721 4644 ============================================================
18:25:22.0737 4608 Detected object count: 1
18:25:22.0737 4608 Actual detected object count: 1

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 AM

Posted 25 August 2012 - 05:34 PM

.

Edited by narenxp, 25 August 2012 - 06:11 PM.


#5 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 August 2012 - 06:03 PM

You have created a topic here

http://www.bleepingcomputer.com/forums/topic466465.html

Multiple topics are not allowed


I am happy to follow the rules of the forum and don't want to create any problems, but that is a different user.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 AM

Posted 25 August 2012 - 06:11 PM

Ignore my previous comment,posted in wrong topic :)

#7 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 August 2012 - 07:20 PM

No problem, Naren. I am grateful for your help and I want to follow the rules.

Here is the ESET results:

C:\SoftonicDownloader_for_safari.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\vlc_12117.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe a variant of Win32/InstallBrain.B application cleaned by deleting - quarantined
C:\Program Files (x86)\Uninstall Information\ib_uninst_539\uninstall.exe a variant of Win32/InstallBrain.B application cleaned by deleting - quarantined
C:\Program Files (x86)\Uninstall Information\ib_uninst_546\uninstall.exe a variant of Win32/InstallBrain.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_18.24.49\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_18.24.49\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_18.24.49\zasubsys0000\zafs0000\tsk0003.dta Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_18.24.49\zasubsys0000\zafs0000\tsk0006.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\25.08.2012_18.24.49\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\Users\Tony\AppData\Local\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\n Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Tony\AppData\Local\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\Users\Tony\AppData\Local\{F0DDA4A1-D03F-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\Tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\10a0dd81-1a959c3e Win32/TrojanDownloader.Vespula.AY trojan cleaned by deleting - quarantined
C:\Users\Tony\Downloads\mozilla-firefox-toDownload (1).exe a variant of Win32/InstallCore.AM application cleaned by deleting - quarantined
C:\Users\Tony\Downloads\mozilla-firefox-toDownload (2).exe a variant of Win32/InstallCore.AM application cleaned by deleting - quarantined
C:\Users\Tony\Downloads\mozilla-firefox-toDownload-1.exe a variant of Win32/InstallCore.AM application cleaned by deleting - quarantined
C:\Users\Tony\Downloads\mozilla-firefox-toDownload-2.exe a variant of Win32/InstallCore.AM application cleaned by deleting - quarantined
C:\Users\Tony\Downloads\mozilla-firefox-toDownload.exe a variant of Win32/InstallCore.AM application cleaned by deleting - quarantined
C:\Windows\Installer\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\Installer\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Spy.Zbot.YW trojan

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 AM

Posted 25 August 2012 - 07:45 PM

ASWMBR log?

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 25 August 2012 - 07:45 PM.


#9 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 August 2012 - 08:58 PM

aswMBR results (sorry for the delay, the download and scan took longer for some reason):

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 20:20:21
-----------------------------
20:20:21.080 OS Version: Windows x64 6.1.7601 Service Pack 1
20:20:21.080 Number of processors: 4 586 0x402
20:20:21.080 ComputerName: TONY-PC UserName: Tony
20:20:24.153 Initialize success
20:21:18.491 AVAST engine defs: 12082501
20:21:23.514 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
20:21:23.514 Disk 0 Vendor: Seagate_ HP35 Size: 953869MB BusType: 8
20:21:23.529 Disk 0 MBR read successfully
20:21:23.529 Disk 0 MBR scan
20:21:23.545 Disk 0 unknown MBR code
20:21:23.561 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:21:23.561 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941131 MB offset 206911
20:21:23.607 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12635 MB offset 1927645184
20:21:23.654 Disk 0 scanning C:\Windows\system32\drivers
20:21:36.602 Service scanning
20:21:37.195 Service 79579027 C:\Windows\system32\drivers\72990475.sys **HIDDEN**
20:21:51.407 Service PCDSRVC{61A6314B-67E718C5-06000000}_0 h:\64_pcdr5\pcdsrvc_x64.pkms **LOCKED** 21
20:22:02.139 Modules scanning
20:22:02.670 Disk 0 trace - called modules:
20:22:02.685 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
20:22:02.701 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007313790]
20:22:02.717 3 CLASSPNP.SYS[fffff880019b143f] -> nt!IofCallDriver -> \Device\00000060[0xfffffa80071ff9c0]
20:22:15.961 AVAST engine scan C:\Windows
20:22:19.456 AVAST engine scan C:\Windows\system32
20:26:35.858 AVAST engine scan C:\Windows\system32\drivers
20:27:01.426 AVAST engine scan C:\Users\Tony
20:30:57.472 File: C:\Users\Tony\AppData\Local\Temp\NOD3D98.tmp **INFECTED** Win64:Sirefef-F [Rtk]
20:31:05.865 File: C:\Users\Tony\AppData\Local\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\U\00000001.@ **INFECTED** Win32:Malware-gen
20:31:06.021 File: C:\Users\Tony\AppData\Local\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\U\800000cb.@ **INFECTED** Win32:Malware-gen
20:31:50.294 File: C:\Users\Tony\AppData\Roaming\Heez\oxhiy.exe **INFECTED** Win32:Spyware-gen [Spy]
20:37:25.336 AVAST engine scan C:\ProgramData
20:40:01.367 Scan finished successfully
21:57:04.392 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
21:57:04.407 The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"

#10 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 August 2012 - 11:14 PM

Ran MBAM. Found 20 threats. Deleted threats, reboot, rescan. No threats detected. On reboot there was a Kaspersky virus warning I have not seen before.

Ran Mini Toolbox. Result:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Tony (administrator) on 26-08-2012 at 00:11:03
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Atheros 802.11 a/b/g/n Dualband Wireless Network Module = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Tony-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-24-81-EC-FF-12
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5f5:a219:7a8d:52b1%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 25, 2012 10:58:57 PM
Lease Expires . . . . . . . . . . : Sunday, August 26, 2012 10:58:56 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 285222017
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-D2-93-52-00-24-81-EC-FF-12
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Physical Address. . . . . . . . . : 00-26-82-14-D4-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9FDC186F-754C-4BD2-8737-0C226F613883}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9734DE3F-0A90-4CF7-B5E8-AEF8625CCF37}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2001:4860:800a::8b
74.125.137.138
74.125.137.139
74.125.137.100
74.125.137.113
74.125.137.102
74.125.137.101


Pinging google.com [74.125.45.101] with 32 bytes of data:
Reply from 74.125.45.101: bytes=32 time=29ms TTL=50
Reply from 74.125.45.101: bytes=32 time=30ms TTL=50

Ping statistics for 74.125.45.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 30ms, Average = 29ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=222ms TTL=47
Reply from 72.30.38.140: bytes=32 time=279ms TTL=47

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 222ms, Maximum = 279ms, Average = 250ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 24 81 ec ff 12 ......Realtek PCIe GBE Family Controller
10...00 26 82 14 d4 e7 ......Atheros 802.11 a/b/g/n Dualband Wireless Network Module
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 276
192.168.1.5 255.255.255.255 On-link 192.168.1.5 276
192.168.1.255 255.255.255.255 On-link 192.168.1.5 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::5f5:a219:7a8d:52b1/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/25/2012 10:52:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/25/2012 06:33:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/25/2012 06:33:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/25/2012 06:33:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/25/2012 06:23:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/25/2012 03:42:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x010fffd0
Faulting process id: 0x11c0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (08/25/2012 02:02:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004b0008
Faulting process id: 0x11e8
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (08/25/2012 00:32:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (08/25/2012 00:31:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (08/25/2012 00:31:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============Error: (08/25/2012 10:59:14 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1079

Error: (08/25/2012 10:59:08 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/25/2012 10:59:02 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/25/2012 10:57:57 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/25/2012 03:51:11 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1079

Error: (08/25/2012 03:51:07 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/25/2012 03:51:06 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/25/2012 03:51:02 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/25/2012 03:49:47 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/25/2012 01:54:12 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1079


Microsoft Office Sessions:
=========================
Error: (12/31/2010 04:14:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 6.2.1)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD USB Filter Driver (Version: 1.0.11.86)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar Updater (Version: 1.2.1.22229)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-8460N (Version: 1.0.0.0)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full Existing (Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Full New (Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Light (Version: 2009.0614.2131.36800)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0614.2131.36800)
Catalyst Control Center InstallProxy (Version: 2009.0614.2131.36800)
Catalyst Control Center Localization All (Version: 2009.0614.2131.36800)
ccc-core-static (Version: 2009.0614.2131.36800)
ccc-utility64 (Version: 2009.0614.2131.36800)
CCC Help Chinese Standard (Version: 2009.0614.2130.36800)
CCC Help Chinese Traditional (Version: 2009.0614.2130.36800)
CCC Help Czech (Version: 2009.0614.2130.36800)
CCC Help Danish (Version: 2009.0614.2130.36800)
CCC Help Dutch (Version: 2009.0614.2130.36800)
CCC Help English (Version: 2009.0614.2130.36800)
CCC Help Finnish (Version: 2009.0614.2130.36800)
CCC Help French (Version: 2009.0614.2130.36800)
CCC Help German (Version: 2009.0614.2130.36800)
CCC Help Greek (Version: 2009.0614.2130.36800)
CCC Help Hungarian (Version: 2009.0614.2130.36800)
CCC Help Italian (Version: 2009.0614.2130.36800)
CCC Help Japanese (Version: 2009.0614.2130.36800)
CCC Help Korean (Version: 2009.0614.2130.36800)
CCC Help Norwegian (Version: 2009.0614.2130.36800)
CCC Help Polish (Version: 2009.0614.2130.36800)
CCC Help Portuguese (Version: 2009.0614.2130.36800)
CCC Help Russian (Version: 2009.0614.2130.36800)
CCC Help Spanish (Version: 2009.0614.2130.36800)
CCC Help Swedish (Version: 2009.0614.2130.36800)
CCC Help Thai (Version: 2009.0614.2130.36800)
CCC Help Turkish (Version: 2009.0614.2130.36800)
CCleaner (Version: 2.33)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
CyberLink DVD Suite Deluxe (Version: 6.0.3101)
D6100_D7100_D7300_Help (Version: 82.0.233.000)
D7300 (Version: 130.0.365.000)
DataPilot (Version: 6.00.0000)
DeviceDiscovery (Version: 130.0.465.000)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 7.0.8.2 (17/07/2010)
DVDFab 8.0.8.5 (19/03/2011)
ESET Online Scanner v3
Google Chrome (Version: 21.0.1180.83)
Google Update Helper (Version: 1.3.21.115)
GPBaseService2 (Version: 130.0.371.000)
Hardware Diagnostic Tools (Version: 6.0.5205.31)
Homepage Protection (Version: )
HP Advisor (Version: 3.2.8946.3086)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A (Version: 13.0)
HP Games (Version: 1.0.0.71)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart Demo (Version: 1.00.0000)
HP MediaSmart DVD (Version: 3.0.3123)
HP MediaSmart Movie Themes (Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (Version: 3.0.3205)
HP MediaSmart SmartMenu (Version: 3.0.28.2)
HP Odometer (Version: 2.10.0000)
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 7510 series Basic Device Software (Version: 25.0.617.0)
HP Photosmart 7510 series Help (Version: 140.0.2.2)
HP Photosmart 7510 series Product Improvement Study (Version: 25.0.617.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Remote Solution (Version: 1.1.9.0)
HP Setup (Version: 1.2.3220.3079)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (Version: 4.4.6.3)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.003.000.004)
HPAsset component for HP Active Support Library (Version: 3.0.0.7)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.3.25)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8117.416)
LabelPrint (Version: 2.5.1901)
LightScribe System Software (Version: 1.18.5.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliPoint 7.0 (Version: 7.0.260.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Live Search Toolbar (Version: 3.0.560.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PictureMover (Version: 3.3.1.19)
PL-2303 USB-to-Serial (Version: 1.00.000)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
QuickTime (Version: 7.72.80.56)
RAIDXpert (Version: 2.4.1540.26)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Safari (Version: 5.34.57.2)
SF_CDA_ProductContext (Version: 130.0.365.000)
SF_CDA_Software (Version: 130.0.396.000)
Shop for HP Supplies (Version: 13.0)
Shop to Win 2 (Version: 1.001)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
StopSign Internet Security
Susteen Launcher (Version: 1.00.0000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 0.9.2 (Version: 0.9.2)
WebReg (Version: 130.0.132.017)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Yahoo! Install Manager
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 7927.89 MB
Available physical RAM: 5947.91 MB
Total Pagefile: 15853.97 MB
Available Pagefile: 13888.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.69 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:919.07 GB) (Free:783.19 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.34 GB) (Free:2.24 GB) NTFS

========================= Users: ========================================

User accounts for \\TONY-PC

Administrator Guest Tony


**** End of log ****

#11 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 August 2012 - 11:16 PM

FSS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by Tony (administrator) on 26-08-2012 at 00:15:14
Running from "C:\Users\Tony\Desktop\scan"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc: ""C:\Windows\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 25 August 2012 - 11:21 PM

Ran AdwCleaner. Reboot to remove threat. No Kaspersky warning. But I am still having the same browser redirect problem to login.live.com

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 00:16:37
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tony - TONY-PC
# Boot Mode : Normal
# Running from : C:\Users\Tony\Desktop\scan\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Tony\AppData\Local\Conduit
Folder Deleted : C:\Users\Tony\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tony\AppData\LocalLow\PriceGong
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Sidekick Manager
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062035.JSOptionsImpl
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062035.JSOptionsImpl.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062035.Shopping
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062035.Shopping.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227980
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Freeze.com
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\j9lcdna0.default\prefs.js

C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\j9lcdna0.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "homepage" : "hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=48",
Deleted : "urls_to_restore_on_startup" : [ "hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=48[...]

*************************

AdwCleaner[S1].txt - [2924 octets] - [26/08/2012 00:16:37]

########## EOF - C:\AdwCleaner[S1].txt - [3052 octets] ##########

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 AM

Posted 25 August 2012 - 11:24 PM

Download

defender
wuauserv
BITS

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair windows updates


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#14 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 26 August 2012 - 12:59 AM

Farbar Service Scanner Version: 06-08-2012
Ran by Tony (administrator) on 26-08-2012 at 00:15:14
Running from "C:\Users\Tony\Desktop\scan"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc: ""C:\Windows\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#15 527

527
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 26 August 2012 - 01:02 AM

When I reboot, I get this warning:

Posted Image

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 01:57:19 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\Tony\AppData\Roaming\Heez\oxhiy.exe (PID: 1904) [UP-HEUR]
* C:\Windows\SysWOW64\WinMsgBalloonServer.exe (PID: 3224) [WD-HEUR]
* C:\Windows\SysWOW64\WinMsgBalloonClient.exe (PID: 3252) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Tony\Desktop\rkill\rkill-08-26-2012-01-57-24.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\Tony\AppData\Local\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\ [ZA Dir]
* C:\Users\Tony\AppData\Local\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\L\ [ZA Dir]
* C:\Users\Tony\AppData\Local\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\U\ [ZA Dir]
* C:\Windows\installer\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\ [ZA Dir]
* C:\Windows\installer\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\L\ [ZA Dir]
* C:\Windows\installer\{ddce05c1-f6dd-e254-af95-ab46b5c9190e}\U\ [ZA Dir]

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* CscService [Missing Service]
* iphlpsvc [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/26/2012 01:57:37 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users