Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirection?


  • Please log in to reply
5 replies to this topic

#1 doubletriple

doubletriple

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 25 August 2012 - 11:26 PM

Okay so I've just had this little problem for a while.

Whenever I google something simple, like this site and click on the link, I get redirected to some random site, or just straight back to google.com itself!

It happens on Internet Explorer and Google Chrome for me. I'm also using Windows 7.

Any ideas on how to fix this?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:17 PM

Posted 25 August 2012 - 11:27 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 doubletriple

doubletriple
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 26 August 2012 - 12:27 AM

TDSS Killer:

00:28:42.0059 4600 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:28:42.0339 4600 ============================================================
00:28:42.0339 4600 Current date / time: 2012/08/26 00:28:42.0339
00:28:42.0339 4600 SystemInfo:
00:28:42.0339 4600
00:28:42.0339 4600 OS Version: 6.1.7601 ServicePack: 1.0
00:28:42.0339 4600 Product type: Workstation
00:28:42.0349 4600 ComputerName: JEREMIAH-PC
00:28:42.0349 4600 UserName: Jeremiah
00:28:42.0349 4600 Windows directory: C:\Windows
00:28:42.0349 4600 System windows directory: C:\Windows
00:28:42.0349 4600 Running under WOW64
00:28:42.0349 4600 Processor architecture: Intel x64
00:28:42.0349 4600 Number of processors: 2
00:28:42.0349 4600 Page size: 0x1000
00:28:42.0349 4600 Boot type: Normal boot
00:28:42.0349 4600 ============================================================
00:28:43.0239 4600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:28:43.0249 4600 ============================================================
00:28:43.0249 4600 \Device\Harddisk0\DR0:
00:28:43.0249 4600 GPT partitions:
00:28:43.0249 4600 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BE627B81-1750-461B-B660-8825DC254D0C}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
00:28:43.0249 4600 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {BAECD884-3E89-4992-AACF-3B3923FDF99F}, Name: Customer, StartLBA 0x64028, BlocksNum 0x315C0000
00:28:43.0249 4600 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8D86D232-650C-44D6-8EC7-83559C1DB6F2}, Name: Untitled, StartLBA 0x31664800, BlocksNum 0x8D21800
00:28:43.0249 4600 MBR partitions:
00:28:43.0249 4600 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x31664800, BlocksNum 0x8D21800
00:28:43.0249 4600 ============================================================
00:28:43.0299 4600 C: <-> \Device\Harddisk0\DR0\Partition4
00:28:43.0299 4600 ============================================================
00:28:43.0299 4600 Initialize success
00:28:43.0299 4600 ============================================================
00:29:25.0406 4492 ============================================================
00:29:25.0406 4492 Scan started
00:29:25.0406 4492 Mode: Manual; TDLFS;
00:29:25.0406 4492 ============================================================
00:29:27.0696 4492 ================ Scan system memory ========================
00:29:27.0696 4492 System memory - ok
00:29:27.0696 4492 ================ Scan services =============================
00:29:27.0866 4492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:29:27.0866 4492 1394ohci - ok
00:29:27.0896 4492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:29:27.0896 4492 ACPI - ok
00:29:27.0916 4492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:29:27.0916 4492 AcpiPmi - ok
00:29:28.0006 4492 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:29:28.0006 4492 AdobeFlashPlayerUpdateSvc - ok
00:29:28.0026 4492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:29:28.0036 4492 adp94xx - ok
00:29:28.0046 4492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:29:28.0056 4492 adpahci - ok
00:29:28.0076 4492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:29:28.0076 4492 adpu320 - ok
00:29:28.0106 4492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:29:28.0106 4492 AeLookupSvc - ok
00:29:28.0146 4492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:29:28.0156 4492 AFD - ok
00:29:28.0176 4492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:29:28.0176 4492 agp440 - ok
00:29:28.0196 4492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:29:28.0196 4492 ALG - ok
00:29:28.0206 4492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:29:28.0206 4492 aliide - ok
00:29:28.0246 4492 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:29:28.0246 4492 AMD External Events Utility - ok
00:29:28.0266 4492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:29:28.0266 4492 amdide - ok
00:29:28.0276 4492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:29:28.0276 4492 AmdK8 - ok
00:29:28.0286 4492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
00:29:28.0286 4492 AmdPPM - ok
00:29:28.0316 4492 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:29:28.0316 4492 amdsata - ok
00:29:28.0326 4492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
00:29:28.0326 4492 amdsbs - ok
00:29:28.0346 4492 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:29:28.0346 4492 amdxata - ok
00:29:28.0356 4492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:29:28.0356 4492 AppID - ok
00:29:28.0376 4492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:29:28.0376 4492 AppIDSvc - ok
00:29:28.0386 4492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:29:28.0386 4492 Appinfo - ok
00:29:28.0456 4492 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:29:28.0456 4492 Apple Mobile Device - ok
00:29:28.0476 4492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
00:29:28.0476 4492 arc - ok
00:29:28.0496 4492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:29:28.0496 4492 arcsas - ok
00:29:28.0516 4492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:29:28.0516 4492 AsyncMac - ok
00:29:28.0536 4492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:29:28.0536 4492 atapi - ok
00:29:28.0736 4492 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:29:28.0906 4492 atikmdag - ok
00:29:28.0946 4492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:29:28.0956 4492 AudioEndpointBuilder - ok
00:29:28.0966 4492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:29:28.0976 4492 AudioSrv - ok
00:29:29.0006 4492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:29:29.0006 4492 AxInstSV - ok
00:29:29.0036 4492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
00:29:29.0046 4492 b06bdrv - ok
00:29:29.0076 4492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:29:29.0076 4492 b57nd60a - ok
00:29:29.0146 4492 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
00:29:29.0186 4492 BCM43XX - ok
00:29:29.0196 4492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:29:29.0196 4492 BDESVC - ok
00:29:29.0216 4492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:29:29.0216 4492 Beep - ok
00:29:29.0226 4492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:29:29.0226 4492 blbdrive - ok
00:29:29.0296 4492 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:29:29.0306 4492 Bonjour Service - ok
00:29:29.0326 4492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:29:29.0326 4492 bowser - ok
00:29:29.0326 4492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
00:29:29.0336 4492 BrFiltLo - ok
00:29:29.0336 4492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
00:29:29.0336 4492 BrFiltUp - ok
00:29:29.0347 4492 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
00:29:29.0347 4492 Browser - ok
00:29:29.0367 4492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:29:29.0367 4492 Brserid - ok
00:29:29.0377 4492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:29:29.0377 4492 BrSerWdm - ok
00:29:29.0377 4492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:29:29.0377 4492 BrUsbMdm - ok
00:29:29.0387 4492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:29:29.0387 4492 BrUsbSer - ok
00:29:29.0417 4492 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:29:29.0417 4492 BthEnum - ok
00:29:29.0417 4492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:29:29.0427 4492 BTHMODEM - ok
00:29:29.0427 4492 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:29:29.0437 4492 BthPan - ok
00:29:29.0467 4492 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:29:29.0477 4492 BTHPORT - ok
00:29:29.0477 4492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:29:29.0477 4492 bthserv - ok
00:29:29.0497 4492 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:29:29.0507 4492 BTHUSB - ok
00:29:29.0517 4492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:29:29.0517 4492 cdfs - ok
00:29:29.0557 4492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:29:29.0557 4492 cdrom - ok
00:29:29.0577 4492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:29:29.0577 4492 CertPropSvc - ok
00:29:29.0597 4492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
00:29:29.0597 4492 circlass - ok
00:29:29.0617 4492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:29:29.0627 4492 CLFS - ok
00:29:29.0687 4492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:29:29.0697 4492 clr_optimization_v2.0.50727_32 - ok
00:29:29.0737 4492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:29:29.0737 4492 clr_optimization_v2.0.50727_64 - ok
00:29:29.0807 4492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:29:29.0807 4492 clr_optimization_v4.0.30319_32 - ok
00:29:29.0847 4492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:29:29.0847 4492 clr_optimization_v4.0.30319_64 - ok
00:29:29.0867 4492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
00:29:29.0867 4492 CmBatt - ok
00:29:29.0877 4492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:29:29.0887 4492 cmdide - ok
00:29:29.0917 4492 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:29:29.0917 4492 CNG - ok
00:29:29.0937 4492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
00:29:29.0937 4492 Compbatt - ok
00:29:29.0957 4492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:29:29.0967 4492 CompositeBus - ok
00:29:29.0977 4492 COMSysApp - ok
00:29:29.0997 4492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:29:29.0997 4492 crcdisk - ok
00:29:30.0027 4492 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:29:30.0027 4492 CryptSvc - ok
00:29:30.0067 4492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:29:30.0077 4492 DcomLaunch - ok
00:29:30.0107 4492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:29:30.0107 4492 defragsvc - ok
00:29:30.0127 4492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:29:30.0127 4492 DfsC - ok
00:29:30.0147 4492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:29:30.0157 4492 Dhcp - ok
00:29:30.0167 4492 digitalpower - ok
00:29:30.0177 4492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:29:30.0177 4492 discache - ok
00:29:30.0197 4492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
00:29:30.0197 4492 Disk - ok
00:29:30.0227 4492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:29:30.0237 4492 Dnscache - ok
00:29:30.0267 4492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:29:30.0277 4492 dot3svc - ok
00:29:30.0297 4492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:29:30.0297 4492 DPS - ok
00:29:30.0307 4492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:29:30.0317 4492 drmkaud - ok
00:29:30.0347 4492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:29:30.0377 4492 DXGKrnl - ok
00:29:30.0397 4492 EagleX64 - ok
00:29:30.0407 4492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:29:30.0407 4492 EapHost - ok
00:29:30.0507 4492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
00:29:30.0607 4492 ebdrv - ok
00:29:30.0637 4492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:29:30.0637 4492 EFS - ok
00:29:30.0697 4492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:29:30.0717 4492 ehRecvr - ok
00:29:30.0727 4492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:29:30.0727 4492 ehSched - ok
00:29:30.0757 4492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:29:30.0767 4492 elxstor - ok
00:29:30.0787 4492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:29:30.0787 4492 ErrDev - ok
00:29:30.0817 4492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:29:30.0827 4492 EventSystem - ok
00:29:30.0837 4492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:29:30.0837 4492 exfat - ok
00:29:30.0847 4492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:29:30.0847 4492 fastfat - ok
00:29:30.0877 4492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:29:30.0897 4492 Fax - ok
00:29:30.0907 4492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
00:29:30.0907 4492 fdc - ok
00:29:30.0927 4492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:29:30.0927 4492 fdPHost - ok
00:29:30.0937 4492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:29:30.0937 4492 FDResPub - ok
00:29:30.0947 4492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:29:30.0947 4492 FileInfo - ok
00:29:30.0957 4492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:29:30.0957 4492 Filetrace - ok
00:29:30.0977 4492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
00:29:30.0977 4492 flpydisk - ok
00:29:30.0987 4492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:29:30.0987 4492 FltMgr - ok
00:29:31.0037 4492 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:29:31.0077 4492 FontCache - ok
00:29:31.0107 4492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:29:31.0107 4492 FontCache3.0.0.0 - ok
00:29:31.0127 4492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:29:31.0127 4492 FsDepends - ok
00:29:31.0147 4492 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:29:31.0147 4492 Fs_Rec - ok
00:29:31.0157 4492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:29:31.0167 4492 fvevol - ok
00:29:31.0177 4492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:29:31.0177 4492 gagp30kx - ok
00:29:31.0217 4492 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:29:31.0217 4492 GEARAspiWDM - ok
00:29:31.0257 4492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:29:31.0277 4492 gpsvc - ok
00:29:31.0327 4492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:29:31.0327 4492 gupdate - ok
00:29:31.0347 4492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:29:31.0347 4492 gupdatem - ok
00:29:31.0377 4492 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:29:31.0377 4492 gusvc - ok
00:29:31.0397 4492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:29:31.0397 4492 hcw85cir - ok
00:29:31.0437 4492 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:29:31.0437 4492 HdAudAddService - ok
00:29:31.0467 4492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:29:31.0467 4492 HDAudBus - ok
00:29:31.0487 4492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
00:29:31.0487 4492 HidBatt - ok
00:29:31.0487 4492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:29:31.0497 4492 HidBth - ok
00:29:31.0497 4492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
00:29:31.0497 4492 HidIr - ok
00:29:31.0517 4492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:29:31.0517 4492 hidserv - ok
00:29:31.0537 4492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:29:31.0537 4492 HidUsb - ok
00:29:31.0557 4492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:29:31.0567 4492 hkmsvc - ok
00:29:31.0577 4492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:29:31.0587 4492 HomeGroupListener - ok
00:29:31.0607 4492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:29:31.0617 4492 HomeGroupProvider - ok
00:29:31.0627 4492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:29:31.0637 4492 HpSAMD - ok
00:29:31.0657 4492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:29:31.0687 4492 HTTP - ok
00:29:31.0697 4492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:29:31.0697 4492 hwpolicy - ok
00:29:31.0717 4492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:29:31.0717 4492 i8042prt - ok
00:29:31.0767 4492 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:29:31.0777 4492 iaStorV - ok
00:29:31.0837 4492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:29:31.0867 4492 idsvc - ok
00:29:31.0887 4492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:29:31.0887 4492 iirsp - ok
00:29:31.0917 4492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:29:31.0937 4492 IKEEXT - ok
00:29:31.0947 4492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:29:31.0947 4492 intelide - ok
00:29:31.0977 4492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:29:31.0977 4492 intelppm - ok
00:29:32.0007 4492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:29:32.0007 4492 IPBusEnum - ok
00:29:32.0017 4492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:29:32.0027 4492 IpFilterDriver - ok
00:29:32.0027 4492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:29:32.0027 4492 IPMIDRV - ok
00:29:32.0037 4492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:29:32.0037 4492 IPNAT - ok
00:29:32.0097 4492 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:29:32.0127 4492 iPod Service - ok
00:29:32.0137 4492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:29:32.0137 4492 IRENUM - ok
00:29:32.0157 4492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:29:32.0167 4492 isapnp - ok
00:29:32.0187 4492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:29:32.0197 4492 iScsiPrt - ok
00:29:32.0217 4492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:29:32.0217 4492 kbdclass - ok
00:29:32.0237 4492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:29:32.0237 4492 kbdhid - ok
00:29:32.0257 4492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:29:32.0257 4492 KeyIso - ok
00:29:32.0277 4492 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:29:32.0277 4492 KSecDD - ok
00:29:32.0297 4492 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:29:32.0297 4492 KSecPkg - ok
00:29:32.0307 4492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:29:32.0307 4492 ksthunk - ok
00:29:32.0337 4492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:29:32.0337 4492 KtmRm - ok
00:29:32.0367 4492 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:29:32.0377 4492 LanmanServer - ok
00:29:32.0417 4492 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:29:32.0427 4492 LanmanWorkstation - ok
00:29:32.0447 4492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:29:32.0447 4492 lltdio - ok
00:29:32.0467 4492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:29:32.0477 4492 lltdsvc - ok
00:29:32.0487 4492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:29:32.0497 4492 lmhosts - ok
00:29:32.0507 4492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:29:32.0517 4492 LSI_FC - ok
00:29:32.0527 4492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:29:32.0527 4492 LSI_SAS - ok
00:29:32.0547 4492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
00:29:32.0547 4492 LSI_SAS2 - ok
00:29:32.0557 4492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:29:32.0557 4492 LSI_SCSI - ok
00:29:32.0567 4492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:29:32.0577 4492 luafv - ok
00:29:32.0597 4492 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:29:32.0597 4492 Mcx2Svc - ok
00:29:32.0617 4492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
00:29:32.0617 4492 megasas - ok
00:29:32.0627 4492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
00:29:32.0637 4492 MegaSR - ok
00:29:32.0657 4492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:29:32.0657 4492 MMCSS - ok
00:29:32.0677 4492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:29:32.0677 4492 Modem - ok
00:29:32.0687 4492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:29:32.0687 4492 monitor - ok
00:29:32.0707 4492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:29:32.0707 4492 mouclass - ok
00:29:32.0727 4492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:29:32.0737 4492 mouhid - ok
00:29:32.0747 4492 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:29:32.0747 4492 mountmgr - ok
00:29:32.0757 4492 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:29:32.0757 4492 mpio - ok
00:29:32.0767 4492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:29:32.0767 4492 mpsdrv - ok
00:29:32.0787 4492 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:29:32.0787 4492 MRxDAV - ok
00:29:32.0807 4492 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:29:32.0807 4492 mrxsmb - ok
00:29:32.0827 4492 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:29:32.0827 4492 mrxsmb10 - ok
00:29:32.0837 4492 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:29:32.0847 4492 mrxsmb20 - ok
00:29:32.0857 4492 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:29:32.0857 4492 msahci - ok
00:29:32.0867 4492 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:29:32.0867 4492 msdsm - ok
00:29:32.0887 4492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:29:32.0887 4492 MSDTC - ok
00:29:32.0907 4492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:29:32.0907 4492 Msfs - ok
00:29:32.0917 4492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:29:32.0917 4492 mshidkmdf - ok
00:29:32.0937 4492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:29:32.0937 4492 msisadrv - ok
00:29:32.0957 4492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:29:32.0957 4492 MSiSCSI - ok
00:29:32.0967 4492 msiserver - ok
00:29:32.0987 4492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:29:32.0987 4492 MSKSSRV - ok
00:29:32.0997 4492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:29:32.0997 4492 MSPCLOCK - ok
00:29:33.0007 4492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:29:33.0007 4492 MSPQM - ok
00:29:33.0017 4492 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:29:33.0027 4492 MsRPC - ok
00:29:33.0037 4492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:29:33.0037 4492 mssmbios - ok
00:29:33.0037 4492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:29:33.0037 4492 MSTEE - ok
00:29:33.0057 4492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
00:29:33.0057 4492 MTConfig - ok
00:29:33.0067 4492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:29:33.0067 4492 Mup - ok
00:29:33.0097 4492 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:29:33.0097 4492 napagent - ok
00:29:33.0127 4492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:29:33.0137 4492 NativeWifiP - ok
00:29:33.0167 4492 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:29:33.0177 4492 NDIS - ok
00:29:33.0197 4492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:29:33.0197 4492 NdisCap - ok
00:29:33.0217 4492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:29:33.0217 4492 NdisTapi - ok
00:29:33.0237 4492 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:29:33.0237 4492 Ndisuio - ok
00:29:33.0247 4492 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:29:33.0247 4492 NdisWan - ok
00:29:33.0257 4492 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:29:33.0257 4492 NDProxy - ok
00:29:33.0277 4492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:29:33.0277 4492 NetBIOS - ok
00:29:33.0287 4492 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:29:33.0297 4492 NetBT - ok
00:29:33.0307 4492 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:29:33.0307 4492 Netlogon - ok
00:29:33.0337 4492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:29:33.0347 4492 Netman - ok
00:29:33.0358 4492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:29:33.0368 4492 netprofm - ok
00:29:33.0388 4492 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:29:33.0388 4492 NetTcpPortSharing - ok
00:29:33.0408 4492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:29:33.0408 4492 nfrd960 - ok
00:29:33.0428 4492 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:29:33.0438 4492 NlaSvc - ok
00:29:33.0448 4492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:29:33.0448 4492 Npfs - ok
00:29:33.0458 4492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:29:33.0458 4492 nsi - ok
00:29:33.0468 4492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:29:33.0468 4492 nsiproxy - ok
00:29:33.0538 4492 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:29:33.0588 4492 Ntfs - ok
00:29:33.0598 4492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:29:33.0598 4492 Null - ok
00:29:33.0638 4492 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:29:33.0638 4492 nvraid - ok
00:29:33.0658 4492 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:29:33.0658 4492 nvstor - ok
00:29:33.0678 4492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:29:33.0678 4492 nv_agp - ok
00:29:33.0688 4492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:29:33.0688 4492 ohci1394 - ok
00:29:33.0718 4492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:29:33.0728 4492 p2pimsvc - ok
00:29:33.0748 4492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:29:33.0748 4492 p2psvc - ok
00:29:33.0758 4492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
00:29:33.0758 4492 Parport - ok
00:29:33.0788 4492 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:29:33.0788 4492 partmgr - ok
00:29:33.0798 4492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:29:33.0798 4492 PcaSvc - ok
00:29:33.0808 4492 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:29:33.0818 4492 pci - ok
00:29:33.0818 4492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:29:33.0818 4492 pciide - ok
00:29:33.0838 4492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:29:33.0838 4492 pcmcia - ok
00:29:33.0858 4492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:29:33.0858 4492 pcw - ok
00:29:33.0878 4492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:29:33.0888 4492 PEAUTH - ok
00:29:33.0948 4492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:29:33.0948 4492 PerfHost - ok
00:29:33.0998 4492 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:29:34.0048 4492 pla - ok
00:29:34.0078 4492 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:29:34.0088 4492 PlugPlay - ok
00:29:34.0098 4492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:29:34.0098 4492 PNRPAutoReg - ok
00:29:34.0118 4492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:29:34.0118 4492 PNRPsvc - ok
00:29:34.0158 4492 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:29:34.0158 4492 PolicyAgent - ok
00:29:34.0188 4492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:29:34.0188 4492 Power - ok
00:29:34.0208 4492 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:29:34.0218 4492 PptpMiniport - ok
00:29:34.0228 4492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
00:29:34.0228 4492 Processor - ok
00:29:34.0258 4492 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:29:34.0258 4492 ProfSvc - ok
00:29:34.0268 4492 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:29:34.0268 4492 ProtectedStorage - ok
00:29:34.0288 4492 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:29:34.0298 4492 Psched - ok
00:29:34.0338 4492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:29:34.0368 4492 ql2300 - ok
00:29:34.0378 4492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:29:34.0378 4492 ql40xx - ok
00:29:34.0398 4492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:29:34.0408 4492 QWAVE - ok
00:29:34.0428 4492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:29:34.0428 4492 QWAVEdrv - ok
00:29:34.0438 4492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:29:34.0438 4492 RasAcd - ok
00:29:34.0458 4492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:29:34.0468 4492 RasAgileVpn - ok
00:29:34.0478 4492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:29:34.0478 4492 RasAuto - ok
00:29:34.0488 4492 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:29:34.0488 4492 Rasl2tp - ok
00:29:34.0508 4492 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:29:34.0508 4492 RasMan - ok
00:29:34.0518 4492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:29:34.0518 4492 RasPppoe - ok
00:29:34.0528 4492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:29:34.0528 4492 RasSstp - ok
00:29:34.0538 4492 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:29:34.0538 4492 rdbss - ok
00:29:34.0568 4492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
00:29:34.0568 4492 rdpbus - ok
00:29:34.0578 4492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:29:34.0578 4492 RDPCDD - ok
00:29:34.0598 4492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:29:34.0598 4492 RDPENCDD - ok
00:29:34.0608 4492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:29:34.0608 4492 RDPREFMP - ok
00:29:34.0638 4492 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:29:34.0638 4492 RDPWD - ok
00:29:34.0638 4492 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:29:34.0648 4492 rdyboost - ok
00:29:34.0698 4492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:29:34.0698 4492 RemoteAccess - ok
00:29:34.0718 4492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:29:34.0728 4492 RemoteRegistry - ok
00:29:34.0758 4492 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:29:34.0768 4492 RFCOMM - ok
00:29:34.0778 4492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:29:34.0778 4492 RpcEptMapper - ok
00:29:34.0808 4492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:29:34.0808 4492 RpcLocator - ok
00:29:34.0828 4492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:29:34.0838 4492 RpcSs - ok
00:29:34.0848 4492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:29:34.0848 4492 rspndr - ok
00:29:34.0858 4492 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:29:34.0858 4492 SamSs - ok
00:29:34.0938 4492 [ 495588414F5C62C333F1A69E17E5FB9F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
00:29:34.0938 4492 SbieDrv - ok
00:29:34.0958 4492 [ 099007B7A80E1917FFA110CE7785A3C9 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
00:29:34.0958 4492 SbieSvc - ok
00:29:34.0978 4492 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:29:34.0978 4492 sbp2port - ok
00:29:34.0998 4492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:29:34.0998 4492 SCardSvr - ok
00:29:35.0018 4492 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:29:35.0018 4492 scfilter - ok
00:29:35.0058 4492 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:29:35.0088 4492 Schedule - ok
00:29:35.0108 4492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:29:35.0108 4492 SCPolicySvc - ok
00:29:35.0128 4492 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:29:35.0128 4492 SDRSVC - ok
00:29:35.0148 4492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:29:35.0148 4492 secdrv - ok
00:29:35.0168 4492 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:29:35.0168 4492 seclogon - ok
00:29:35.0178 4492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:29:35.0188 4492 SENS - ok
00:29:35.0188 4492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:29:35.0188 4492 SensrSvc - ok
00:29:35.0198 4492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
00:29:35.0208 4492 Serenum - ok
00:29:35.0228 4492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
00:29:35.0238 4492 Serial - ok
00:29:35.0248 4492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:29:35.0248 4492 sermouse - ok
00:29:35.0278 4492 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:29:35.0278 4492 SessionEnv - ok
00:29:35.0278 4492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:29:35.0288 4492 sffdisk - ok
00:29:35.0288 4492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:29:35.0288 4492 sffp_mmc - ok
00:29:35.0298 4492 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:29:35.0298 4492 sffp_sd - ok
00:29:35.0298 4492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:29:35.0298 4492 sfloppy - ok
00:29:35.0318 4492 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:29:35.0318 4492 ShellHWDetection - ok
00:29:35.0328 4492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
00:29:35.0338 4492 SiSRaid2 - ok
00:29:35.0348 4492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:29:35.0348 4492 SiSRaid4 - ok
00:29:35.0378 4492 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:29:35.0378 4492 SkypeUpdate - ok
00:29:35.0398 4492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:29:35.0398 4492 Smb - ok
00:29:35.0428 4492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:29:35.0438 4492 SNMPTRAP - ok
00:29:35.0438 4492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:29:35.0438 4492 spldr - ok
00:29:35.0468 4492 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
00:29:35.0468 4492 Spooler - ok
00:29:35.0598 4492 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:29:35.0698 4492 sppsvc - ok
00:29:35.0708 4492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:29:35.0708 4492 sppuinotify - ok
00:29:35.0738 4492 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:29:35.0748 4492 srv - ok
00:29:35.0768 4492 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:29:35.0768 4492 srv2 - ok
00:29:35.0788 4492 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:29:35.0788 4492 srvnet - ok
00:29:35.0808 4492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:29:35.0818 4492 SSDPSRV - ok
00:29:35.0828 4492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:29:35.0828 4492 SstpSvc - ok
00:29:35.0838 4492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
00:29:35.0838 4492 stexstor - ok
00:29:35.0878 4492 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:29:35.0908 4492 stisvc - ok
00:29:35.0908 4492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:29:35.0908 4492 swenum - ok
00:29:35.0938 4492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:29:35.0948 4492 swprv - ok
00:29:36.0008 4492 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:29:36.0068 4492 SysMain - ok
00:29:36.0088 4492 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:29:36.0088 4492 TabletInputService - ok
00:29:36.0098 4492 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:29:36.0108 4492 TapiSrv - ok
00:29:36.0108 4492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:29:36.0118 4492 TBS - ok
00:29:36.0208 4492 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:29:36.0218 4492 Tcpip - ok
00:29:36.0298 4492 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:29:36.0308 4492 TCPIP6 - ok
00:29:36.0328 4492 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:29:36.0328 4492 tcpipreg - ok
00:29:36.0338 4492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:29:36.0338 4492 TDPIPE - ok
00:29:36.0368 4492 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:29:36.0368 4492 TDTCP - ok
00:29:36.0398 4492 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:29:36.0398 4492 tdx - ok
00:29:36.0408 4492 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:29:36.0408 4492 TermDD - ok
00:29:36.0438 4492 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:29:36.0448 4492 TermService - ok
00:29:36.0468 4492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:29:36.0468 4492 Themes - ok
00:29:36.0478 4492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:29:36.0478 4492 THREADORDER - ok
00:29:36.0488 4492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:29:36.0488 4492 TrkWks - ok
00:29:36.0528 4492 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:29:36.0528 4492 TrustedInstaller - ok
00:29:36.0538 4492 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:29:36.0548 4492 tssecsrv - ok
00:29:36.0558 4492 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:29:36.0558 4492 TsUsbFlt - ok
00:29:36.0568 4492 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
00:29:36.0568 4492 TsUsbGD - ok
00:29:36.0588 4492 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:29:36.0588 4492 tunnel - ok
00:29:36.0598 4492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:29:36.0598 4492 uagp35 - ok
00:29:36.0608 4492 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:29:36.0618 4492 udfs - ok
00:29:36.0638 4492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:29:36.0648 4492 UI0Detect - ok
00:29:36.0658 4492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:29:36.0658 4492 uliagpkx - ok
00:29:36.0668 4492 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:29:36.0678 4492 umbus - ok
00:29:36.0678 4492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
00:29:36.0678 4492 UmPass - ok
00:29:36.0698 4492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:29:36.0698 4492 upnphost - ok
00:29:36.0728 4492 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:29:36.0728 4492 usbccgp - ok
00:29:36.0748 4492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:29:36.0748 4492 usbcir - ok
00:29:36.0768 4492 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:29:36.0768 4492 usbehci - ok
00:29:36.0788 4492 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:29:36.0788 4492 usbhub - ok
00:29:36.0798 4492 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:29:36.0808 4492 usbohci - ok
00:29:36.0818 4492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
00:29:36.0818 4492 usbprint - ok
00:29:36.0838 4492 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
00:29:36.0838 4492 USBSTOR - ok
00:29:36.0848 4492 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:29:36.0858 4492 usbuhci - ok
00:29:36.0888 4492 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:29:36.0888 4492 usbvideo - ok
00:29:36.0908 4492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:29:36.0908 4492 UxSms - ok
00:29:36.0928 4492 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:29:36.0928 4492 VaultSvc - ok
00:29:36.0948 4492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:29:36.0948 4492 vdrvroot - ok
00:29:36.0968 4492 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:29:36.0968 4492 vds - ok
00:29:36.0988 4492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:29:36.0988 4492 vga - ok
00:29:37.0008 4492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:29:37.0008 4492 VgaSave - ok
00:29:37.0008 4492 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:29:37.0018 4492 vhdmp - ok
00:29:37.0018 4492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:29:37.0018 4492 viaide - ok
00:29:37.0028 4492 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:29:37.0028 4492 volmgr - ok
00:29:37.0048 4492 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:29:37.0048 4492 volmgrx - ok
00:29:37.0058 4492 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:29:37.0068 4492 volsnap - ok
00:29:37.0078 4492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:29:37.0078 4492 vsmraid - ok
00:29:37.0128 4492 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:29:37.0168 4492 VSS - ok
00:29:37.0188 4492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:29:37.0188 4492 vwifibus - ok
00:29:37.0198 4492 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:29:37.0208 4492 vwififlt - ok
00:29:37.0228 4492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:29:37.0248 4492 W32Time - ok
00:29:37.0268 4492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:29:37.0268 4492 WacomPen - ok
00:29:37.0298 4492 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:29:37.0308 4492 WANARP - ok
00:29:37.0308 4492 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:29:37.0308 4492 Wanarpv6 - ok
00:29:37.0378 4492 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:29:37.0418 4492 WatAdminSvc - ok
00:29:37.0488 4492 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:29:37.0548 4492 wbengine - ok
00:29:37.0568 4492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:29:37.0568 4492 WbioSrvc - ok
00:29:37.0588 4492 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:29:37.0598 4492 wcncsvc - ok
00:29:37.0608 4492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:29:37.0608 4492 WcsPlugInService - ok
00:29:37.0628 4492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
00:29:37.0628 4492 Wd - ok
00:29:37.0638 4492 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:29:37.0648 4492 Wdf01000 - ok
00:29:37.0658 4492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:29:37.0658 4492 WdiServiceHost - ok
00:29:37.0668 4492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:29:37.0668 4492 WdiSystemHost - ok
00:29:37.0678 4492 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:29:37.0688 4492 WebClient - ok
00:29:37.0708 4492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:29:37.0708 4492 Wecsvc - ok
00:29:37.0728 4492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:29:37.0728 4492 wercplsupport - ok
00:29:37.0748 4492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:29:37.0748 4492 WerSvc - ok
00:29:37.0758 4492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:29:37.0758 4492 WfpLwf - ok
00:29:37.0768 4492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:29:37.0768 4492 WIMMount - ok
00:29:37.0778 4492 WinHttpAutoProxySvc - ok
00:29:37.0828 4492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:29:37.0838 4492 Winmgmt - ok
00:29:37.0918 4492 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:29:37.0998 4492 WinRM - ok
00:29:38.0058 4492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:29:38.0078 4492 Wlansvc - ok
00:29:38.0078 4492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:29:38.0088 4492 WmiAcpi - ok
00:29:38.0098 4492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:29:38.0098 4492 wmiApSrv - ok
00:29:38.0118 4492 WMPNetworkSvc - ok
00:29:38.0138 4492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:29:38.0138 4492 WPCSvc - ok
00:29:38.0158 4492 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:29:38.0158 4492 WPDBusEnum - ok
00:29:38.0168 4492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:29:38.0168 4492 ws2ifsl - ok
00:29:38.0168 4492 WSearch - ok
00:29:38.0178 4492 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:29:38.0178 4492 WudfPf - ok
00:29:38.0188 4492 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:29:38.0188 4492 wudfsvc - ok
00:29:38.0208 4492 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:29:38.0218 4492 WwanSvc - ok
00:29:38.0248 4492 X6va009 - ok
00:29:38.0288 4492 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
00:29:38.0298 4492 yukonw7 - ok
00:29:38.0308 4492 ================ Scan global ===============================
00:29:38.0318 4492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:29:38.0358 4492 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:29:38.0369 4492 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:29:38.0389 4492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:29:38.0419 4492 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
00:29:38.0429 4492 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
00:29:38.0429 4492 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
00:29:38.0429 4492 ================ Scan MBR ==================================
00:29:38.0459 4492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:29:38.0829 4492 \Device\Harddisk0\DR0 - ok
00:29:38.0829 4492 ================ Scan VBR ==================================
00:29:38.0839 4492 [ E070F80538268FDC36396972C2E4574A ] \Device\Harddisk0\DR0\Partition1
00:29:38.0839 4492 \Device\Harddisk0\DR0\Partition1 - ok
00:29:38.0849 4492 [ 3E1694947E494DA1BBD20DDD3DA37770 ] \Device\Harddisk0\DR0\Partition2
00:29:38.0849 4492 \Device\Harddisk0\DR0\Partition2 - ok
00:29:38.0859 4492 [ 4CE10D433E9943297DB18A25598C6297 ] \Device\Harddisk0\DR0\Partition3
00:29:38.0859 4492 \Device\Harddisk0\DR0\Partition3 - ok
00:29:38.0869 4492 [ 4CE10D433E9943297DB18A25598C6297 ] \Device\Harddisk0\DR0\Partition4
00:29:38.0869 4492 \Device\Harddisk0\DR0\Partition4 - ok
00:29:38.0869 4492 ============================================================
00:29:38.0869 4492 Scan finished
00:29:38.0869 4492 ============================================================
00:29:38.0879 5816 Detected object count: 1
00:29:38.0879 5816 Actual detected object count: 1
00:30:00.0741 5816 C:\Windows\system32\services.exe - copied to quarantine
00:30:01.0491 5816 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
00:30:01.0491 5816 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
00:30:01.0501 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\@ - copied to quarantine
00:30:01.0511 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\L\00000004.@ - copied to quarantine
00:30:01.0521 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\L\201d3dde - copied to quarantine
00:30:01.0531 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\n - copied to quarantine
00:30:01.0531 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\00000004.@ - copied to quarantine
00:30:01.0531 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\00000008.@ - copied to quarantine
00:30:01.0541 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\000000cb.@ - copied to quarantine
00:30:01.0541 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\80000000.@ - copied to quarantine
00:30:01.0541 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\80000032.@ - copied to quarantine
00:30:01.0541 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\80000064.@ - copied to quarantine
00:30:01.0551 5816 C:\Users\Jeremiah\AppData\Local\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\@ - copied to quarantine
00:30:01.0561 5816 C:\Users\Jeremiah\AppData\Local\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\n - copied to quarantine
00:30:07.0362 5816 Backup copy found, using it..
00:30:07.0402 5816 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
00:30:07.0402 5816 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
00:30:07.0412 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\@ - will be deleted on reboot
00:30:07.0422 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\n - will be deleted on reboot
00:30:07.0422 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\00000004.@ - will be deleted on reboot
00:30:07.0422 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\00000008.@ - will be deleted on reboot
00:30:07.0422 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\000000cb.@ - will be deleted on reboot
00:30:07.0422 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\80000000.@ - will be deleted on reboot
00:30:07.0422 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\80000032.@ - will be deleted on reboot
00:30:07.0422 5816 C:\Windows\installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\80000064.@ - will be deleted on reboot
00:30:07.0422 5816 C:\Users\Jeremiah\AppData\Local\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\@ - will be deleted on reboot
00:30:07.0422 5816 C:\Users\Jeremiah\AppData\Local\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\n - will be deleted on reboot
00:30:07.0432 5816 C:\Windows\system32\services.exe - will be cured on reboot
00:30:07.0432 5816 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
00:30:19.0277 2932 Deinitialize success

aswMBR:

00:32:04.115 Disk 0 Windows 7 default MBR code
00:32:04.125 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
00:32:04.145 Disk 0 Partition 2 00 AF HFS / HFS+ 404352 MB offset 409640
00:32:04.175 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 72259 MB offset 828786688
00:32:04.205 Disk 0 scanning C:\Windows\system32\drivers
00:32:11.011 Service scanning
00:32:12.225 Service 88235443 C:\Windows\system32\drivers\47545346.sys **HIDDEN**
00:32:24.611 Modules scanning
00:32:24.631 Disk 0 trace - called modules:
00:32:24.631
00:32:25.972 AVAST engine scan C:\Windows
00:32:27.162 AVAST engine scan C:\Windows\system32
00:33:37.139 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:33:38.457 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:34:15.595 AVAST engine scan C:\Windows\system32\drivers
00:34:22.161 AVAST engine scan C:\Users\Jeremiah
00:35:36.302 File: C:\Users\Jeremiah\AppData\Local\Temp\soap1_wsdl.exe **INFECTED** Win32:Kryptik-JOY [Trj]
00:35:37.880 File: C:\Users\Jeremiah\AppData\Local\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\n **INFECTED** Win64:Sirefef-H [Rtk]
00:35:48.797 File: C:\Users\Jeremiah\AppData\Roaming\Itli\ebetl.exe **INFECTED** Win32:Malware-gen
00:36:57.224 Disk 0 MBR has been saved successfully to "C:\Users\Jeremiah\Desktop\MBR.dat"
00:36:57.234 The log file has been saved successfully to "C:\Users\Jeremiah\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 00:43:52
-----------------------------
00:43:52.737 OS Version: Windows x64 6.1.7601 Service Pack 1
00:43:52.737 Number of processors: 2 586 0x1706
00:43:52.738 ComputerName: JEREMIAH-PC UserName: Jeremiah
00:43:53.533 Initialize success
00:43:58.340 AVAST engine defs: 12082501
00:44:01.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
00:44:01.593 Disk 0 Vendor: WDC_WD5000AAKS-40YGA1 58.01E02 Size: 476940MB BusType: 3
00:44:01.643 Disk 0 MBR read successfully
00:44:01.647 Disk 0 MBR scan
00:44:01.651 Disk 0 Windows 7 default MBR code
00:44:01.661 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
00:44:01.673 Disk 0 Partition 2 00 AF HFS / HFS+ 404352 MB offset 409640
00:44:01.710 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 72259 MB offset 828786688
00:44:01.750 Disk 0 scanning C:\Windows\system32\drivers
00:44:12.960 Service scanning
00:44:13.564 Service 88235443 C:\Windows\system32\drivers\47545346.sys **HIDDEN**
00:44:25.503 Modules scanning
00:44:25.525 Disk 0 trace - called modules:
00:44:25.924
00:44:26.667 AVAST engine scan C:\Windows
00:44:28.714 AVAST engine scan C:\Windows\system32
00:45:40.146 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:45:41.477 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:46:19.182 AVAST engine scan C:\Windows\system32\drivers
00:46:28.033 AVAST engine scan C:\Users\Jeremiah
00:47:42.190 File: C:\Users\Jeremiah\AppData\Local\Temp\soap1_wsdl.exe **INFECTED** Win32:Kryptik-JOY [Trj]
00:47:43.860 File: C:\Users\Jeremiah\AppData\Local\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\n **INFECTED** Win64:Sirefef-H [Rtk]
00:47:52.755 File: C:\Users\Jeremiah\AppData\Roaming\Itli\ebetl.exe **INFECTED** Win32:Malware-gen
00:51:06.800 AVAST engine scan C:\ProgramData
00:51:07.310 File: C:\ProgramData\cBiP0jF4.exe **INFECTED** Win32:Kryptik-JOY [Trj]
00:51:07.350 File: C:\ProgramData\cBiP0jF4.exe_ **INFECTED** Win32:Kryptik-JOY [Trj]
00:51:14.570 Scan finished successfully
00:52:04.236 Disk 0 MBR has been saved successfully to "C:\Users\Jeremiah\Desktop\MBR.dat"
00:52:04.246 The log file has been saved successfully to "C:\Users\Jeremiah\Desktop\aswMBR.txt"

ESET:

C:\ProgramData\cBiP0jF4.exe a variant of Win32/Kryptik.AJOQ trojan cleaned by deleting - quarantined
C:\ProgramData\cBiP0jF4.exe_ a variant of Win32/Kryptik.AJOQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan deleted - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\zafs0000\tsk0005.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\zafs0000\tsk0007.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\zafs0000\tsk0008.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\zafs0000\tsk0009.dta Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.08.2012_00.28.42\zasubsys0000\zafs0000\tsk0013.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Users\Jeremiah\AppData\Local\Temp\soap1_wsdl.exe a variant of Win32/Kryptik.AJOQ trojan cleaned by deleting - quarantined
C:\Users\Jeremiah\AppData\Local\Temp\V.class a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined
C:\Users\Jeremiah\AppData\Local\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\n Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Jeremiah\AppData\Roaming\Itli\ebetl.exe Win32/Spy.Zbot.AAO trojan cleaned by deleting - quarantined
C:\Users\Jeremiah\Downloads\cnet2_BongioviAcousticsDPS_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Windows\Installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\Installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Windows\Installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Windows\Installer\{e2718432-5de8-fa3e-7681-9c4e1ec752a2}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:17 PM

Posted 26 August 2012 - 12:29 AM

Restart the PC and run ASWMBR again and post the new log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 doubletriple

doubletriple
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 26 August 2012 - 02:53 AM

awsMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 02:22:39
-----------------------------
02:22:39.587 OS Version: Windows x64 6.1.7601 Service Pack 1
02:22:39.587 Number of processors: 2 586 0x1706
02:22:39.587 ComputerName: JEREMIAH-PC UserName: Jeremiah
02:22:40.077 Initialize success
02:22:48.227 AVAST engine defs: 12082501
02:23:29.269 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
02:23:29.269 Disk 0 Vendor: WDC_WD5000AAKS-40YGA1 58.01E02 Size: 476940MB BusType: 3
02:23:29.309 Disk 0 MBR read successfully
02:23:29.309 Disk 0 MBR scan
02:23:29.319 Disk 0 Windows 7 default MBR code
02:23:29.329 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
02:23:29.349 Disk 0 Partition 2 00 AF HFS / HFS+ 404352 MB offset 409640
02:23:29.379 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 72259 MB offset 828786688
02:23:29.409 Disk 0 scanning C:\Windows\system32\drivers
02:23:34.776 Service scanning
02:23:57.121 Modules scanning
02:23:57.132 Disk 0 trace - called modules:
02:23:57.169 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
02:23:57.499 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bf7060]
02:23:57.505 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800473d580]
02:23:57.509 5 ACPI.sys[fffff88000d857a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800473f060]
02:23:58.441 AVAST engine scan C:\Windows
02:23:59.465 AVAST engine scan C:\Windows\system32
02:25:48.145 AVAST engine scan C:\Windows\system32\drivers
02:25:55.161 AVAST engine scan C:\Users\Jeremiah
02:32:07.306 AVAST engine scan C:\ProgramData
02:32:15.859 Scan finished successfully
02:34:46.730 Disk 0 MBR has been saved successfully to "C:\Users\Jeremiah\Desktop\MBR.dat"
02:34:46.735 The log file has been saved successfully to "C:\Users\Jeremiah\Desktop\aswMBR.txt"

mini toolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jeremiah (administrator) on 26-08-2012 at 03:46:53
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Marvell Yukon 88E8058 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
Broadcom 802.11n Network Adapter = Wireless Network Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jeremiah-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1E-C2-98-49-4F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : 00-1E-C2-C4-E1-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8058 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1F-F3-4F-C8-48
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8cbb:77f:93ef:c341%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 3:31:26 AM
Lease Expires . . . . . . . . . . : Sunday, September 02, 2012 3:31:26 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234889203
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-29-59-97-00-1F-F3-4F-C8-48
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.in.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FD1CC46C-2814-45C7-A16C-31F3D8B09474}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{481EFEEA-2BD2-4C12-8468-9630E3C77FAA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2001:4860:400a:800::1000
74.125.225.110
74.125.225.103
74.125.225.102
74.125.225.100
74.125.225.96
74.125.225.98
74.125.225.99
74.125.225.101
74.125.225.105
74.125.225.97
74.125.225.104


Pinging google.com [74.125.225.104] with 32 bytes of data:
Reply from 74.125.225.104: bytes=32 time=17ms TTL=55
Reply from 74.125.225.104: bytes=32 time=15ms TTL=55

Ping statistics for 74.125.225.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 17ms, Average = 16ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=82ms TTL=51
Reply from 72.30.38.140: bytes=32 time=192ms TTL=51

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 82ms, Maximum = 192ms, Average = 137ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...00 1e c2 98 49 4f ......Bluetooth Device (Personal Area Network)
14...00 1e c2 c4 e1 35 ......Broadcom 802.11n Network Adapter
11...00 1f f3 4f c8 48 ......Marvell Yukon 88E8058 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 276
192.168.0.101 255.255.255.255 On-link 192.168.0.101 276
192.168.0.255 255.255.255.255 On-link 192.168.0.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::8cbb:77f:93ef:c341/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2012 03:33:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 03:04:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 02:17:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 00:52:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2012 00:52:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2012 00:36:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0xd4c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (08/25/2012 04:35:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10327

Error: (08/25/2012 04:35:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10327

Error: (08/25/2012 04:35:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2012 04:35:37 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9157


System errors:
=============
Error: (08/26/2012 03:42:02 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/26/2012 03:42:02 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/26/2012 03:31:28 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/26/2012 03:31:22 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (08/26/2012 03:31:22 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (08/26/2012 03:03:28 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/26/2012 03:03:28 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/26/2012 03:02:58 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/26/2012 03:02:53 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (08/26/2012 03:02:53 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office Sessions:
=========================
Error: (08/26/2012 03:33:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 03:04:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 02:17:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 00:52:37 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeremiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6AJIUF2\esetsmartinstaller_enu.exe

Error: (08/26/2012 00:52:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jeremiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6AJIUF2\esetsmartinstaller_enu.exe

Error: (08/26/2012 00:36:09 AM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c000000500000204d4c01cd83444ba40542C:\Program Files (x86)\Skype\Phone\Skype.exeunknown8e711b93-ef37-11e1-8bdc-001ec298494f

Error: (08/25/2012 04:35:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10327

Error: (08/25/2012 04:35:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10327

Error: (08/25/2012 04:35:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2012 04:35:37 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9157


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.21)
Combat Arms
Elsword version v2.0814.7.1 (Version: v2.0814.7.1)
ESET Online Scanner v3
Google Chrome (Version: 21.0.1180.83)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Kalydo Player 4.06.04 (Version: 4.06.04)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Nexon Game Manager
Nostale (Version: 0.01.98.0)
Nostale(UK)
Pando Media Booster (Version: 2.6.0.8)
Picasa 3 (Version: 3.8)
Sandboxie 3.72 (64-bit) (Version: 3.72)
Skype™ 5.10 (Version: 5.10.116)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 4076.8 MB
Available physical RAM: 2736.84 MB
Total Pagefile: 8151.8 MB
Available Pagefile: 6664.32 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70.57 GB) (Free:35.48 GB) NTFS

========================= Users: ========================================

User accounts for \\JEREMIAH-PC

Administrator Guest Jeremiah


**** End of log ****


FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Jeremiah (administrator) on 26-08-2012 at 03:29:48
Running from "C:\Users\Jeremiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNDPB46P"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

adware cleaner:

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 03:30:13
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jeremiah - JEREMIAH-PC
# Boot Mode : Normal
# Running from : C:\Users\Jeremiah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJ6UGQYR\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jeremiah\AppData\LocalLow\AskToolbar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Jeremiah\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [4458 octets] - [26/08/2012 03:30:13]

########## EOF - C:\AdwCleaner[S1].txt - [4586 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:17 PM

Posted 26 August 2012 - 07:09 AM

Download

defender
wuauserv
BITS


Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair windows updates


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Edited by narenxp, 26 August 2012 - 07:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users