Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleared a virus off my Computer...don't think it's entirely gone?


  • Please log in to reply
9 replies to this topic

#1 PersonaUser314

PersonaUser314

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 30 August 2012 - 10:02 PM

I picked up another lovely variant of that damn Ukash virus that's all the rage recently and rebooted my computer to safe mode with networking and ran Malwarebytes AM and ESET's scanner to clean it up (logs to follow in the post) but I'm not entirely sure I'm clean. Microsoft security essentials won't turn on (it claims not to exist as an installed service, despite being in the control panel in Installed programs) and every so often a tab to some unsafe site or another will open in firefox without my input.

Since these things seem pretty hinky, I think I'm still infected with something, can anyone offer me some help in finishing clean up?

Malwarebytes log (I asked it to remove all detected items)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.06

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Lauren :: LAUREN-PC [administrator]

31/08/2012 00:05:11
mbam-log-2012-08-31 (00-05-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342673
Time elapsed: 39 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|erfgp (Spyware.Password) -> Data: rundll32.exe "C:\Users\Lauren\AppData\Roaming\erfgp.dll",ADeviceStartPlay -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Trojan.Ransom) -> Data: C:\Users\Lauren\AppData\Local\temp\exsnrwacom.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Lauren\AppData\Roaming\erfgp.dll (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Lauren\AppData\Local\temp\exsnrwacom.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\Lauren\AppData\Local\temp\ewnacrxosm.exe (Spyware.Password) -> Quarantined and deleted successfully.

List of found threats in ESET's online scanner (It could only quarantine and remove the Ransom.A trojan, I don't know what to do about the operating memory threats)

C:\Users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6E5VF2U\get[2].htm HTML/Ransom.A trojan
Operating memory multiple threats

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 30 August 2012 - 10:09 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 30 August 2012 - 11:47 PM

Here you go,

Tdss log:

04:43:50.0609 2504 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
04:43:50.0749 2504 ============================================================
04:43:50.0749 2504 Current date / time: 2012/08/31 04:43:50.0749
04:43:50.0749 2504 SystemInfo:
04:43:50.0749 2504
04:43:50.0749 2504 OS Version: 6.1.7601 ServicePack: 1.0
04:43:50.0749 2504 Product type: Workstation
04:43:50.0749 2504 ComputerName: LAUREN-PC
04:43:50.0749 2504 UserName: Lauren
04:43:50.0749 2504 Windows directory: C:\Windows
04:43:50.0749 2504 System windows directory: C:\Windows
04:43:50.0749 2504 Processor architecture: Intel x86
04:43:50.0749 2504 Number of processors: 4
04:43:50.0749 2504 Page size: 0x1000
04:43:50.0749 2504 Boot type: Normal boot
04:43:50.0749 2504 ============================================================
04:43:51.0763 2504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:43:51.0779 2504 ============================================================
04:43:51.0779 2504 \Device\Harddisk0\DR0:
04:43:51.0779 2504 MBR partitions:
04:43:51.0779 2504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
04:43:51.0779 2504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x38566000
04:43:51.0779 2504 ============================================================
04:43:51.0810 2504 C: <-> \Device\Harddisk0\DR0\Partition2
04:43:51.0857 2504 D: <-> \Device\Harddisk0\DR0\Partition1
04:43:51.0857 2504 ============================================================
04:43:51.0857 2504 Initialize success
04:43:51.0857 2504 ============================================================
04:44:10.0187 1352 ============================================================
04:44:10.0187 1352 Scan started
04:44:10.0187 1352 Mode: Manual; TDLFS;
04:44:10.0187 1352 ============================================================
04:44:13.0588 1352 ================ Scan system memory ========================
04:44:13.0588 1352 System memory - ok
04:44:13.0588 1352 ================ Scan services =============================
04:44:13.0697 1352 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
04:44:13.0697 1352 1394ohci - ok
04:44:13.0728 1352 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
04:44:13.0728 1352 ACPI - ok
04:44:13.0744 1352 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
04:44:13.0744 1352 AcpiPmi - ok
04:44:13.0869 1352 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
04:44:13.0869 1352 AdobeARMservice - ok
04:44:13.0915 1352 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
04:44:13.0915 1352 AdobeFlashPlayerUpdateSvc - ok
04:44:13.0962 1352 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
04:44:13.0962 1352 adp94xx - ok
04:44:13.0978 1352 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
04:44:13.0978 1352 adpahci - ok
04:44:13.0978 1352 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
04:44:13.0978 1352 adpu320 - ok
04:44:14.0025 1352 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:44:14.0025 1352 AeLookupSvc - ok
04:44:14.0071 1352 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
04:44:14.0087 1352 AFD - ok
04:44:14.0103 1352 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
04:44:14.0103 1352 agp440 - ok
04:44:14.0134 1352 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
04:44:14.0134 1352 aic78xx - ok
04:44:14.0149 1352 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
04:44:14.0149 1352 ALG - ok
04:44:14.0181 1352 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
04:44:14.0181 1352 aliide - ok
04:44:14.0196 1352 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
04:44:14.0196 1352 amdagp - ok
04:44:14.0196 1352 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
04:44:14.0196 1352 amdide - ok
04:44:14.0227 1352 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
04:44:14.0227 1352 AmdK8 - ok
04:44:14.0243 1352 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
04:44:14.0243 1352 AmdPPM - ok
04:44:14.0290 1352 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
04:44:14.0290 1352 amdsata - ok
04:44:14.0290 1352 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
04:44:14.0290 1352 amdsbs - ok
04:44:14.0305 1352 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
04:44:14.0305 1352 amdxata - ok
04:44:14.0337 1352 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
04:44:14.0337 1352 AppID - ok
04:44:14.0368 1352 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
04:44:14.0368 1352 AppIDSvc - ok
04:44:14.0399 1352 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
04:44:14.0399 1352 Appinfo - ok
04:44:14.0446 1352 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:44:14.0461 1352 Apple Mobile Device - ok
04:44:14.0524 1352 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
04:44:14.0524 1352 arc - ok
04:44:14.0524 1352 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
04:44:14.0524 1352 arcsas - ok
04:44:14.0539 1352 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:44:14.0539 1352 AsyncMac - ok
04:44:14.0571 1352 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
04:44:14.0571 1352 atapi - ok
04:44:14.0602 1352 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:44:14.0617 1352 AudioEndpointBuilder - ok
04:44:14.0617 1352 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
04:44:14.0633 1352 Audiosrv - ok
04:44:14.0649 1352 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
04:44:14.0664 1352 AxInstSV - ok
04:44:14.0695 1352 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
04:44:14.0695 1352 b06bdrv - ok
04:44:14.0742 1352 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
04:44:14.0742 1352 b57nd60x - ok
04:44:14.0789 1352 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
04:44:14.0789 1352 BDESVC - ok
04:44:14.0805 1352 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
04:44:14.0805 1352 Beep - ok
04:44:14.0836 1352 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
04:44:14.0836 1352 blbdrive - ok
04:44:14.0898 1352 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:44:14.0898 1352 Bonjour Service - ok
04:44:14.0945 1352 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:44:14.0945 1352 bowser - ok
04:44:14.0976 1352 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:44:14.0976 1352 BrFiltLo - ok
04:44:14.0992 1352 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:44:14.0992 1352 BrFiltUp - ok
04:44:15.0007 1352 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
04:44:15.0007 1352 BridgeMP - ok
04:44:15.0023 1352 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
04:44:15.0023 1352 Browser - ok
04:44:15.0039 1352 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
04:44:15.0039 1352 Brserid - ok
04:44:15.0039 1352 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
04:44:15.0039 1352 BrSerWdm - ok
04:44:15.0054 1352 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
04:44:15.0054 1352 BrUsbMdm - ok
04:44:15.0054 1352 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
04:44:15.0054 1352 BrUsbSer - ok
04:44:15.0054 1352 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
04:44:15.0070 1352 BTHMODEM - ok
04:44:15.0101 1352 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
04:44:15.0101 1352 bthserv - ok
04:44:15.0117 1352 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:44:15.0117 1352 cdfs - ok
04:44:15.0148 1352 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
04:44:15.0148 1352 cdrom - ok
04:44:15.0163 1352 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
04:44:15.0163 1352 CertPropSvc - ok
04:44:15.0210 1352 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
04:44:15.0210 1352 circlass - ok
04:44:15.0257 1352 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
04:44:15.0257 1352 CLFS - ok
04:44:15.0335 1352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:44:15.0335 1352 clr_optimization_v2.0.50727_32 - ok
04:44:15.0413 1352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:44:15.0413 1352 clr_optimization_v4.0.30319_32 - ok
04:44:15.0429 1352 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:44:15.0429 1352 CmBatt - ok
04:44:15.0444 1352 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:44:15.0444 1352 cmdide - ok
04:44:15.0460 1352 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys
04:44:15.0475 1352 CNG - ok
04:44:15.0491 1352 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:44:15.0491 1352 Compbatt - ok
04:44:15.0522 1352 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
04:44:15.0522 1352 CompositeBus - ok
04:44:15.0538 1352 COMSysApp - ok
04:44:15.0538 1352 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
04:44:15.0538 1352 crcdisk - ok
04:44:15.0569 1352 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:44:15.0569 1352 CryptSvc - ok
04:44:15.0585 1352 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
04:44:15.0600 1352 DcomLaunch - ok
04:44:15.0631 1352 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
04:44:15.0631 1352 defragsvc - ok
04:44:15.0647 1352 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:44:15.0663 1352 DfsC - ok
04:44:15.0678 1352 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
04:44:15.0678 1352 Dhcp - ok
04:44:15.0725 1352 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
04:44:15.0725 1352 discache - ok
04:44:15.0756 1352 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
04:44:15.0756 1352 Disk - ok
04:44:15.0787 1352 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:44:15.0803 1352 Dnscache - ok
04:44:15.0819 1352 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
04:44:15.0819 1352 dot3svc - ok
04:44:15.0850 1352 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
04:44:15.0850 1352 DPS - ok
04:44:15.0897 1352 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:44:15.0897 1352 drmkaud - ok
04:44:15.0928 1352 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:44:15.0943 1352 DXGKrnl - ok
04:44:15.0975 1352 EagleXNt - ok
04:44:16.0021 1352 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
04:44:16.0021 1352 EapHost - ok
04:44:16.0099 1352 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
04:44:16.0115 1352 ebdrv - ok
04:44:16.0146 1352 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
04:44:16.0146 1352 EFS - ok
04:44:16.0209 1352 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:44:16.0209 1352 ehRecvr - ok
04:44:16.0240 1352 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
04:44:16.0240 1352 ehSched - ok
04:44:16.0255 1352 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
04:44:16.0255 1352 elxstor - ok
04:44:16.0271 1352 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:44:16.0271 1352 ErrDev - ok
04:44:16.0318 1352 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
04:44:16.0318 1352 EventSystem - ok
04:44:16.0333 1352 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
04:44:16.0349 1352 exfat - ok
04:44:16.0349 1352 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:44:16.0365 1352 fastfat - ok
04:44:16.0380 1352 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
04:44:16.0396 1352 Fax - ok
04:44:16.0411 1352 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:44:16.0411 1352 fdc - ok
04:44:16.0411 1352 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
04:44:16.0411 1352 fdPHost - ok
04:44:16.0427 1352 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
04:44:16.0427 1352 FDResPub - ok
04:44:16.0443 1352 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:44:16.0443 1352 FileInfo - ok
04:44:16.0458 1352 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:44:16.0458 1352 Filetrace - ok
04:44:16.0458 1352 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:44:16.0458 1352 flpydisk - ok
04:44:16.0489 1352 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:44:16.0489 1352 FltMgr - ok
04:44:16.0536 1352 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
04:44:16.0536 1352 FontCache - ok
04:44:16.0614 1352 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
04:44:16.0614 1352 FontCache3.0.0.0 - ok
04:44:16.0630 1352 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
04:44:16.0630 1352 FsDepends - ok
04:44:16.0661 1352 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:44:16.0661 1352 Fs_Rec - ok
04:44:16.0723 1352 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
04:44:16.0723 1352 fvevol - ok
04:44:16.0770 1352 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
04:44:16.0770 1352 gagp30kx - ok
04:44:16.0801 1352 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:44:16.0801 1352 GEARAspiWDM - ok
04:44:16.0833 1352 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
04:44:16.0833 1352 gpsvc - ok
04:44:16.0911 1352 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
04:44:16.0911 1352 gupdate - ok
04:44:16.0926 1352 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
04:44:16.0926 1352 gupdatem - ok
04:44:16.0957 1352 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
04:44:16.0957 1352 hcw85cir - ok
04:44:16.0989 1352 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:44:17.0004 1352 HdAudAddService - ok
04:44:17.0020 1352 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
04:44:17.0020 1352 HDAudBus - ok
04:44:17.0020 1352 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
04:44:17.0020 1352 HidBatt - ok
04:44:17.0020 1352 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
04:44:17.0020 1352 HidBth - ok
04:44:17.0035 1352 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
04:44:17.0035 1352 HidIr - ok
04:44:17.0082 1352 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
04:44:17.0082 1352 hidserv - ok
04:44:17.0098 1352 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:44:17.0098 1352 HidUsb - ok
04:44:17.0129 1352 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:44:17.0129 1352 hkmsvc - ok
04:44:17.0160 1352 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:44:17.0160 1352 HomeGroupListener - ok
04:44:17.0160 1352 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:44:17.0176 1352 HomeGroupProvider - ok
04:44:17.0191 1352 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
04:44:17.0191 1352 HpSAMD - ok
04:44:17.0223 1352 [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
04:44:17.0223 1352 HssDRV6 - ok
04:44:17.0254 1352 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:44:17.0254 1352 HTTP - ok
04:44:17.0269 1352 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
04:44:17.0269 1352 hwpolicy - ok
04:44:17.0301 1352 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
04:44:17.0301 1352 i8042prt - ok
04:44:17.0347 1352 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
04:44:17.0347 1352 iaStorV - ok
04:44:17.0394 1352 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:44:17.0394 1352 idsvc - ok
04:44:17.0488 1352 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
04:44:17.0519 1352 igfx - ok
04:44:17.0613 1352 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
04:44:17.0613 1352 iirsp - ok
04:44:17.0644 1352 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
04:44:17.0644 1352 IKEEXT - ok
04:44:17.0659 1352 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
04:44:17.0659 1352 intelide - ok
04:44:17.0691 1352 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:44:17.0691 1352 intelppm - ok
04:44:17.0722 1352 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:44:17.0722 1352 IPBusEnum - ok
04:44:17.0737 1352 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:44:17.0737 1352 IpFilterDriver - ok
04:44:17.0753 1352 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
04:44:17.0753 1352 IPMIDRV - ok
04:44:17.0769 1352 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
04:44:17.0769 1352 IPNAT - ok
04:44:17.0831 1352 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
04:44:17.0831 1352 iPod Service - ok
04:44:17.0847 1352 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:44:17.0847 1352 IRENUM - ok
04:44:17.0878 1352 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:44:17.0878 1352 isapnp - ok
04:44:17.0893 1352 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
04:44:17.0893 1352 iScsiPrt - ok
04:44:17.0925 1352 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
04:44:17.0925 1352 kbdclass - ok
04:44:17.0940 1352 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
04:44:17.0940 1352 kbdhid - ok
04:44:17.0956 1352 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
04:44:17.0956 1352 KeyIso - ok
04:44:17.0971 1352 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:44:17.0971 1352 KSecDD - ok
04:44:18.0003 1352 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
04:44:18.0003 1352 KSecPkg - ok
04:44:18.0034 1352 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
04:44:18.0034 1352 KtmRm - ok
04:44:18.0065 1352 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
04:44:18.0065 1352 LanmanServer - ok
04:44:18.0081 1352 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:44:18.0096 1352 LanmanWorkstation - ok
04:44:18.0143 1352 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:44:18.0143 1352 lltdio - ok
04:44:18.0190 1352 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:44:18.0190 1352 lltdsvc - ok
04:44:18.0190 1352 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
04:44:18.0190 1352 lmhosts - ok
04:44:18.0221 1352 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
04:44:18.0221 1352 LSI_FC - ok
04:44:18.0237 1352 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
04:44:18.0237 1352 LSI_SAS - ok
04:44:18.0252 1352 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:44:18.0252 1352 LSI_SAS2 - ok
04:44:18.0252 1352 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:44:18.0252 1352 LSI_SCSI - ok
04:44:18.0268 1352 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
04:44:18.0268 1352 luafv - ok
04:44:18.0283 1352 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
04:44:18.0283 1352 mcdbus - ok
04:44:18.0315 1352 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:44:18.0315 1352 Mcx2Svc - ok
04:44:18.0330 1352 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
04:44:18.0330 1352 megasas - ok
04:44:18.0330 1352 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
04:44:18.0330 1352 MegaSR - ok
04:44:18.0361 1352 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
04:44:18.0361 1352 MMCSS - ok
04:44:18.0361 1352 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
04:44:18.0377 1352 Modem - ok
04:44:18.0408 1352 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:44:18.0408 1352 monitor - ok
04:44:18.0424 1352 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
04:44:18.0424 1352 mouclass - ok
04:44:18.0424 1352 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:44:18.0424 1352 mouhid - ok
04:44:18.0439 1352 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
04:44:18.0439 1352 mountmgr - ok
04:44:18.0486 1352 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
04:44:18.0486 1352 MozillaMaintenance - ok
04:44:18.0517 1352 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
04:44:18.0533 1352 MpFilter - ok
04:44:18.0549 1352 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
04:44:18.0549 1352 mpio - ok
04:44:18.0580 1352 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:44:18.0580 1352 mpsdrv - ok
04:44:18.0689 1352 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:44:18.0689 1352 MRxDAV - ok
04:44:18.0736 1352 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:44:18.0736 1352 mrxsmb - ok
04:44:18.0767 1352 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:44:18.0767 1352 mrxsmb10 - ok
04:44:18.0783 1352 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:44:18.0783 1352 mrxsmb20 - ok
04:44:18.0814 1352 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
04:44:18.0814 1352 msahci - ok
04:44:18.0829 1352 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:44:18.0829 1352 msdsm - ok
04:44:18.0829 1352 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
04:44:18.0845 1352 MSDTC - ok
04:44:18.0876 1352 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:44:18.0876 1352 Msfs - ok
04:44:18.0892 1352 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
04:44:18.0892 1352 mshidkmdf - ok
04:44:18.0907 1352 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:44:18.0907 1352 msisadrv - ok
04:44:18.0954 1352 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:44:18.0954 1352 MSiSCSI - ok
04:44:18.0954 1352 msiserver - ok
04:44:18.0970 1352 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:44:18.0970 1352 MSKSSRV - ok
04:44:18.0985 1352 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:44:18.0985 1352 MSPCLOCK - ok
04:44:19.0001 1352 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:44:19.0001 1352 MSPQM - ok
04:44:19.0017 1352 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:44:19.0017 1352 MsRPC - ok
04:44:19.0048 1352 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
04:44:19.0048 1352 mssmbios - ok
04:44:19.0048 1352 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:44:19.0048 1352 MSTEE - ok
04:44:19.0063 1352 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
04:44:19.0063 1352 MTConfig - ok
04:44:19.0095 1352 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
04:44:19.0095 1352 Mup - ok
04:44:19.0110 1352 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
04:44:19.0126 1352 napagent - ok
04:44:19.0141 1352 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:44:19.0157 1352 NativeWifiP - ok
04:44:19.0188 1352 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
04:44:19.0204 1352 NDIS - ok
04:44:19.0204 1352 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
04:44:19.0204 1352 NdisCap - ok
04:44:19.0235 1352 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:44:19.0235 1352 NdisTapi - ok
04:44:19.0282 1352 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:44:19.0282 1352 Ndisuio - ok
04:44:19.0329 1352 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:44:19.0329 1352 NdisWan - ok
04:44:19.0407 1352 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:44:19.0407 1352 NDProxy - ok
04:44:19.0547 1352 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:44:19.0547 1352 NetBIOS - ok
04:44:19.0594 1352 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
04:44:19.0594 1352 NetBT - ok
04:44:19.0641 1352 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
04:44:19.0641 1352 Netlogon - ok
04:44:19.0828 1352 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
04:44:19.0828 1352 Netman - ok
04:44:19.0859 1352 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
04:44:19.0859 1352 netprofm - ok
04:44:19.0890 1352 [ 847B64E9069946556BCFCDCE638566D8 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
04:44:19.0890 1352 netr73 - ok
04:44:19.0906 1352 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:44:19.0906 1352 NetTcpPortSharing - ok
04:44:19.0937 1352 NEWDRIVER - ok
04:44:19.0968 1352 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
04:44:19.0968 1352 nfrd960 - ok
04:44:19.0984 1352 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:44:19.0984 1352 NisDrv - ok
04:44:20.0015 1352 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
04:44:20.0015 1352 NisSrv - ok
04:44:20.0031 1352 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:44:20.0031 1352 NlaSvc - ok
04:44:20.0046 1352 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:44:20.0046 1352 Npfs - ok
04:44:20.0077 1352 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
04:44:20.0077 1352 nsi - ok
04:44:20.0093 1352 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:44:20.0093 1352 nsiproxy - ok
04:44:20.0155 1352 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:44:20.0171 1352 Ntfs - ok
04:44:20.0202 1352 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
04:44:20.0202 1352 Null - ok
04:44:20.0218 1352 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:44:20.0218 1352 nvraid - ok
04:44:20.0249 1352 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:44:20.0249 1352 nvstor - ok
04:44:20.0265 1352 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:44:20.0265 1352 nv_agp - ok
04:44:20.0280 1352 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
04:44:20.0280 1352 ohci1394 - ok
04:44:20.0343 1352 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:44:20.0343 1352 ose - ok
04:44:20.0421 1352 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
04:44:20.0436 1352 p2pimsvc - ok
04:44:20.0452 1352 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
04:44:20.0452 1352 p2psvc - ok
04:44:20.0483 1352 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
04:44:20.0483 1352 Parport - ok
04:44:20.0499 1352 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:44:20.0499 1352 partmgr - ok
04:44:20.0530 1352 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
04:44:20.0530 1352 Parvdm - ok
04:44:20.0561 1352 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
04:44:20.0561 1352 PcaSvc - ok
04:44:20.0592 1352 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
04:44:20.0592 1352 pci - ok
04:44:20.0608 1352 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
04:44:20.0608 1352 pciide - ok
04:44:20.0639 1352 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
04:44:20.0639 1352 pcmcia - ok
04:44:20.0655 1352 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
04:44:20.0655 1352 pcw - ok
04:44:20.0686 1352 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:44:20.0686 1352 PEAUTH - ok
04:44:20.0748 1352 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
04:44:20.0748 1352 pla - ok
04:44:20.0795 1352 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:44:20.0795 1352 PlugPlay - ok
04:44:20.0826 1352 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
04:44:20.0842 1352 PNRPAutoReg - ok
04:44:20.0857 1352 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
04:44:20.0857 1352 PNRPsvc - ok
04:44:20.0873 1352 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:44:20.0873 1352 PolicyAgent - ok
04:44:20.0904 1352 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
04:44:20.0904 1352 Power - ok
04:44:20.0951 1352 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:44:20.0951 1352 PptpMiniport - ok
04:44:20.0967 1352 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
04:44:20.0967 1352 Processor - ok
04:44:20.0982 1352 Profos - ok
04:44:21.0013 1352 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
04:44:21.0013 1352 ProfSvc - ok
04:44:21.0029 1352 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:44:21.0029 1352 ProtectedStorage - ok
04:44:21.0045 1352 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
04:44:21.0045 1352 Psched - ok
04:44:21.0076 1352 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
04:44:21.0091 1352 ql2300 - ok
04:44:21.0091 1352 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
04:44:21.0091 1352 ql40xx - ok
04:44:21.0138 1352 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
04:44:21.0138 1352 QWAVE - ok
04:44:21.0154 1352 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:44:21.0154 1352 QWAVEdrv - ok
04:44:21.0388 1352 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
04:44:21.0388 1352 RapportCerberus_42020 - ok
04:44:21.0653 1352 [ 2986121F03420EE5EE808B92CAC0E4AF ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
04:44:21.0653 1352 RapportEI - ok
04:44:21.0793 1352 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
04:44:21.0793 1352 RapportIaso - ok
04:44:21.0809 1352 [ C27596B51039A1DC4A572796E681B534 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
04:44:21.0825 1352 RapportKELL - ok
04:44:21.0840 1352 [ CED99B16C8C7ACB45BACE79B8B8E23AB ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
04:44:21.0856 1352 RapportMgmtService - ok
04:44:21.0903 1352 [ F7482C0AA64C2ADC3A96A643AA48E6D1 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
04:44:21.0903 1352 RapportPG - ok
04:44:21.0934 1352 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:44:21.0934 1352 RasAcd - ok
04:44:21.0981 1352 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
04:44:21.0981 1352 RasAgileVpn - ok
04:44:22.0027 1352 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
04:44:22.0027 1352 RasAuto - ok
04:44:22.0043 1352 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:44:22.0043 1352 Rasl2tp - ok
04:44:22.0074 1352 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
04:44:22.0074 1352 RasMan - ok
04:44:22.0090 1352 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:44:22.0090 1352 RasPppoe - ok
04:44:22.0121 1352 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:44:22.0121 1352 RasSstp - ok
04:44:22.0152 1352 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:44:22.0152 1352 rdbss - ok
04:44:22.0168 1352 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
04:44:22.0168 1352 rdpbus - ok
04:44:22.0183 1352 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:44:22.0183 1352 RDPCDD - ok
04:44:22.0215 1352 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:44:22.0215 1352 RDPENCDD - ok
04:44:22.0230 1352 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
04:44:22.0230 1352 RDPREFMP - ok
04:44:22.0261 1352 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:44:22.0261 1352 RDPWD - ok
04:44:22.0308 1352 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
04:44:22.0308 1352 rdyboost - ok
04:44:22.0339 1352 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
04:44:22.0339 1352 RemoteAccess - ok
04:44:22.0355 1352 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:44:22.0355 1352 RemoteRegistry - ok
04:44:22.0371 1352 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
04:44:22.0371 1352 RpcEptMapper - ok
04:44:22.0402 1352 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
04:44:22.0402 1352 RpcLocator - ok
04:44:22.0417 1352 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
04:44:22.0433 1352 RpcSs - ok
04:44:22.0464 1352 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:44:22.0464 1352 rspndr - ok
04:44:22.0495 1352 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
04:44:22.0495 1352 RTL8167 - ok
04:44:22.0511 1352 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
04:44:22.0511 1352 SamSs - ok
04:44:22.0542 1352 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:44:22.0542 1352 sbp2port - ok
04:44:22.0573 1352 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:44:22.0573 1352 SCardSvr - ok
04:44:22.0605 1352 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
04:44:22.0605 1352 scfilter - ok
04:44:22.0636 1352 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
04:44:22.0636 1352 Schedule - ok
04:44:22.0651 1352 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
04:44:22.0651 1352 SCPolicySvc - ok
04:44:22.0683 1352 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:44:22.0683 1352 SDRSVC - ok
04:44:22.0714 1352 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:44:22.0714 1352 secdrv - ok
04:44:22.0745 1352 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
04:44:22.0745 1352 seclogon - ok
04:44:22.0761 1352 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
04:44:22.0776 1352 SENS - ok
04:44:22.0807 1352 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
04:44:22.0807 1352 SensrSvc - ok
04:44:22.0823 1352 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
04:44:22.0823 1352 Serenum - ok
04:44:22.0839 1352 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
04:44:22.0839 1352 Serial - ok
04:44:22.0854 1352 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
04:44:22.0854 1352 sermouse - ok
04:44:22.0885 1352 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
04:44:22.0885 1352 SessionEnv - ok
04:44:22.0901 1352 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:44:22.0901 1352 sffdisk - ok
04:44:22.0917 1352 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:44:22.0917 1352 sffp_mmc - ok
04:44:22.0932 1352 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:44:22.0932 1352 sffp_sd - ok
04:44:22.0963 1352 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
04:44:22.0963 1352 sfloppy - ok
04:44:22.0995 1352 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:44:22.0995 1352 ShellHWDetection - ok
04:44:23.0010 1352 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
04:44:23.0010 1352 sisagp - ok
04:44:23.0026 1352 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:44:23.0026 1352 SiSRaid2 - ok
04:44:23.0026 1352 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
04:44:23.0041 1352 SiSRaid4 - ok
04:44:23.0041 1352 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:44:23.0041 1352 Smb - ok
04:44:23.0088 1352 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:44:23.0088 1352 SNMPTRAP - ok
04:44:23.0104 1352 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
04:44:23.0104 1352 spldr - ok
04:44:23.0135 1352 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
04:44:23.0135 1352 Spooler - ok
04:44:23.0197 1352 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
04:44:23.0229 1352 sppsvc - ok
04:44:23.0260 1352 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
04:44:23.0260 1352 sppuinotify - ok
04:44:23.0494 1352 sptd - ok
04:44:23.0619 1352 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
04:44:23.0619 1352 srv - ok
04:44:23.0712 1352 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:44:23.0712 1352 srv2 - ok
04:44:23.0759 1352 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:44:23.0759 1352 srvnet - ok
04:44:24.0243 1352 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:44:24.0243 1352 SSDPSRV - ok
04:44:24.0274 1352 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:44:24.0274 1352 SstpSvc - ok
04:44:24.0336 1352 Steam Client Service - ok
04:44:24.0383 1352 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
04:44:24.0383 1352 stexstor - ok
04:44:24.0414 1352 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
04:44:24.0414 1352 StiSvc - ok
04:44:24.0445 1352 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
04:44:24.0445 1352 swenum - ok
04:44:24.0461 1352 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
04:44:24.0461 1352 swprv - ok
04:44:24.0492 1352 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
04:44:24.0508 1352 SysMain - ok
04:44:24.0523 1352 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:44:24.0523 1352 TabletInputService - ok
04:44:24.0555 1352 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
04:44:24.0555 1352 taphss - ok
04:44:24.0570 1352 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
04:44:24.0570 1352 TapiSrv - ok
04:44:24.0586 1352 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
04:44:24.0586 1352 TBS - ok
04:44:24.0633 1352 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:44:24.0648 1352 Tcpip - ok
04:44:24.0679 1352 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
04:44:24.0695 1352 TCPIP6 - ok
04:44:24.0711 1352 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:44:24.0711 1352 tcpipreg - ok
04:44:24.0726 1352 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:44:24.0726 1352 TDPIPE - ok
04:44:24.0742 1352 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:44:24.0742 1352 TDTCP - ok
04:44:24.0773 1352 [ 9E4D646179E342C234440BF908B59BEC ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:44:24.0773 1352 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 9E4D646179E342C234440BF908B59BEC, Fake md5: B459575348C20E8121D6039DA063C704
04:44:24.0773 1352 tdx ( Virus.Win32.ZAccess.aml ) - infected
04:44:24.0773 1352 tdx - detected Virus.Win32.ZAccess.aml (0)
04:44:24.0804 1352 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
04:44:24.0804 1352 TermDD - ok
04:44:24.0820 1352 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
04:44:24.0820 1352 TermService - ok
04:44:24.0867 1352 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
04:44:24.0867 1352 Themes - ok
04:44:24.0867 1352 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
04:44:24.0867 1352 THREADORDER - ok
04:44:24.0882 1352 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
04:44:24.0882 1352 TrkWks - ok
04:44:24.0898 1352 Trufos - ok
04:44:24.0945 1352 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:44:24.0960 1352 TrustedInstaller - ok
04:44:24.0991 1352 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:44:24.0991 1352 tssecsrv - ok
04:44:25.0007 1352 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
04:44:25.0007 1352 TsUsbFlt - ok
04:44:25.0038 1352 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:44:25.0038 1352 tunnel - ok
04:44:25.0069 1352 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
04:44:25.0069 1352 uagp35 - ok
04:44:25.0085 1352 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:44:25.0085 1352 udfs - ok
04:44:25.0132 1352 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:44:25.0132 1352 UI0Detect - ok
04:44:25.0147 1352 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:44:25.0147 1352 uliagpkx - ok
04:44:25.0163 1352 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
04:44:25.0163 1352 umbus - ok
04:44:25.0194 1352 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
04:44:25.0194 1352 UmPass - ok
04:44:25.0241 1352 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
04:44:25.0241 1352 upnphost - ok
04:44:25.0303 1352 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
04:44:25.0303 1352 USBAAPL - ok
04:44:25.0366 1352 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
04:44:25.0366 1352 usbaudio - ok
04:44:25.0397 1352 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:44:25.0397 1352 usbccgp - ok
04:44:25.0428 1352 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:44:25.0428 1352 usbcir - ok
04:44:25.0444 1352 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:44:25.0444 1352 usbehci - ok
04:44:25.0459 1352 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:44:25.0459 1352 usbhub - ok
04:44:25.0491 1352 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
04:44:25.0491 1352 usbohci - ok
04:44:25.0506 1352 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
04:44:25.0506 1352 usbprint - ok
04:44:25.0522 1352 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:44:25.0522 1352 USBSTOR - ok
04:44:25.0537 1352 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
04:44:25.0537 1352 usbuhci - ok
04:44:25.0569 1352 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
04:44:25.0569 1352 UxSms - ok
04:44:25.0584 1352 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
04:44:25.0584 1352 VaultSvc - ok
04:44:25.0600 1352 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
04:44:25.0600 1352 vdrvroot - ok
04:44:25.0615 1352 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
04:44:25.0631 1352 vds - ok
04:44:25.0662 1352 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:44:25.0662 1352 vga - ok
04:44:25.0678 1352 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
04:44:25.0678 1352 VgaSave - ok
04:44:25.0693 1352 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
04:44:25.0693 1352 vhdmp - ok
04:44:25.0709 1352 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
04:44:25.0709 1352 viaagp - ok
04:44:25.0725 1352 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
04:44:25.0725 1352 ViaC7 - ok
04:44:25.0740 1352 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
04:44:25.0740 1352 viaide - ok
04:44:25.0740 1352 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:44:25.0740 1352 volmgr - ok
04:44:25.0771 1352 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:44:25.0771 1352 volmgrx - ok
04:44:25.0787 1352 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:44:25.0787 1352 volsnap - ok
04:44:25.0803 1352 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
04:44:25.0803 1352 vsmraid - ok
04:44:25.0834 1352 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
04:44:25.0849 1352 VSS - ok
04:44:25.0865 1352 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
04:44:25.0865 1352 vwifibus - ok
04:44:25.0896 1352 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
04:44:25.0912 1352 W32Time - ok
04:44:25.0912 1352 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
04:44:25.0912 1352 WacomPen - ok
04:44:25.0943 1352 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
04:44:25.0943 1352 WANARP - ok
04:44:25.0943 1352 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:44:25.0943 1352 Wanarpv6 - ok
04:44:26.0037 1352 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
04:44:26.0037 1352 WatAdminSvc - ok
04:44:26.0083 1352 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
04:44:26.0099 1352 wbengine - ok
04:44:26.0130 1352 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
04:44:26.0130 1352 WbioSrvc - ok
04:44:26.0161 1352 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:44:26.0161 1352 wcncsvc - ok
04:44:26.0177 1352 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:44:26.0177 1352 WcsPlugInService - ok
04:44:26.0224 1352 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
04:44:26.0224 1352 Wd - ok
04:44:26.0239 1352 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:44:26.0239 1352 Wdf01000 - ok
04:44:26.0255 1352 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:44:26.0255 1352 WdiServiceHost - ok
04:44:26.0271 1352 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:44:26.0271 1352 WdiSystemHost - ok
04:44:26.0286 1352 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
04:44:26.0286 1352 WebClient - ok
04:44:26.0302 1352 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:44:26.0302 1352 Wecsvc - ok
04:44:26.0317 1352 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:44:26.0317 1352 wercplsupport - ok
04:44:26.0333 1352 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
04:44:26.0333 1352 WerSvc - ok
04:44:26.0364 1352 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
04:44:26.0364 1352 WfpLwf - ok
04:44:26.0395 1352 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
04:44:26.0395 1352 WIMMount - ok
04:44:26.0395 1352 WinHttpAutoProxySvc - ok
04:44:26.0473 1352 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:44:26.0473 1352 Winmgmt - ok
04:44:26.0505 1352 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
04:44:26.0520 1352 WinRM - ok
04:44:26.0551 1352 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
04:44:26.0551 1352 WinUsb - ok
04:44:26.0598 1352 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
04:44:26.0614 1352 Wlansvc - ok
04:44:26.0676 1352 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:44:26.0692 1352 wlidsvc - ok
04:44:26.0707 1352 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
04:44:26.0707 1352 WmiAcpi - ok
04:44:26.0754 1352 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:44:26.0754 1352 wmiApSrv - ok
04:44:26.0817 1352 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
04:44:26.0817 1352 WMPNetworkSvc - ok
04:44:26.0863 1352 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:44:26.0863 1352 WPCSvc - ok
04:44:26.0879 1352 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:44:26.0879 1352 WPDBusEnum - ok
04:44:26.0910 1352 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:44:26.0910 1352 ws2ifsl - ok
04:44:26.0910 1352 WSearch - ok
04:44:26.0926 1352 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
04:44:26.0941 1352 WudfPf - ok
04:44:26.0957 1352 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
04:44:26.0957 1352 WUDFRd - ok
04:44:26.0973 1352 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:44:26.0973 1352 wudfsvc - ok
04:44:27.0019 1352 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
04:44:27.0019 1352 WwanSvc - ok
04:44:27.0051 1352 ================ Scan global ===============================
04:44:27.0082 1352 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
04:44:27.0129 1352 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
04:44:27.0129 1352 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
04:44:27.0175 1352 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
04:44:27.0207 1352 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
04:44:27.0207 1352 [Global] - ok
04:44:27.0207 1352 ================ Scan MBR ==================================
04:44:27.0285 1352 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:44:27.0612 1352 \Device\Harddisk0\DR0 - ok
04:44:27.0612 1352 ================ Scan VBR ==================================
04:44:27.0643 1352 [ 8932AD8F8D26FD7C88492EB9DB4D99F7 ] \Device\Harddisk0\DR0\Partition1
04:44:27.0659 1352 \Device\Harddisk0\DR0\Partition1 - ok
04:44:27.0659 1352 [ 26A6788CBEA3E7FFA6374235105A91E1 ] \Device\Harddisk0\DR0\Partition2
04:44:27.0659 1352 \Device\Harddisk0\DR0\Partition2 - ok
04:44:27.0659 1352 ============================================================
04:44:27.0659 1352 Scan finished
04:44:27.0659 1352 ============================================================
04:44:27.0675 2580 Detected object count: 1
04:44:27.0675 2580 Actual detected object count: 1
04:44:49.0749 2580 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
04:44:50.0966 2580 C:\Windows\$NtUninstallKB37703$\3432406993\@ - copied to quarantine
04:44:50.0981 2580 C:\Windows\$NtUninstallKB37703$\3432406993\Desktop.ini - copied to quarantine
04:44:50.0981 2580 C:\Windows\$NtUninstallKB37703$\3432406993\L\00000004.@ - copied to quarantine
04:44:50.0981 2580 C:\Windows\$NtUninstallKB37703$\3432406993\L\201d3dde - copied to quarantine
04:44:50.0997 2580 C:\Windows\$NtUninstallKB37703$\3432406993\L\xadqgnnk - copied to quarantine
04:44:51.0012 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\00000004.@ - copied to quarantine
04:44:51.0028 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\00000008.@ - copied to quarantine
04:44:51.0044 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\000000cb.@ - copied to quarantine
04:44:51.0059 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\80000000.@ - copied to quarantine
04:44:51.0075 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\80000032.@ - copied to quarantine
04:44:51.0231 2580 Backup copy found, using it..
04:44:51.0246 2580 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
04:44:51.0309 2580 C:\Windows\$NtUninstallKB37703$\2622807436 - will be deleted on reboot
04:44:51.0309 2580 C:\Windows\$NtUninstallKB37703$\3432406993\@ - will be deleted on reboot
04:44:51.0309 2580 C:\Windows\$NtUninstallKB37703$\3432406993\Desktop.ini - will be deleted on reboot
04:44:51.0340 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\00000004.@ - will be deleted on reboot
04:44:51.0340 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\00000008.@ - will be deleted on reboot
04:44:51.0340 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\000000cb.@ - will be deleted on reboot
04:44:51.0340 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\80000000.@ - will be deleted on reboot
04:44:51.0340 2580 C:\Windows\$NtUninstallKB37703$\3432406993\U\80000032.@ - will be deleted on reboot
04:44:51.0340 2580 tdx ( Virus.Win32.ZAccess.aml ) - User select action: Cure
04:45:05.0286 2444 Deinitialize success


MBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-31 04:48:35
-----------------------------
04:48:35.720 OS Version: Windows 6.1.7601 Service Pack 1
04:48:35.720 Number of processors: 4 586 0x1707
04:48:35.720 ComputerName: LAUREN-PC UserName: Lauren
04:48:56.608 Initialize success
04:52:21.763 AVAST engine defs: 12083001
04:52:36.698 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:52:36.708 Disk 0 Vendor: ST3500418AS CC44 Size: 476940MB BusType: 3
04:52:36.728 Disk 0 MBR read successfully
04:52:36.728 Disk 0 MBR scan
04:52:36.758 Disk 0 Windows 7 default MBR code
04:52:36.758 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
04:52:36.778 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
04:52:36.788 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
04:52:36.798 Disk 0 scanning sectors +976771072
04:52:36.858 Disk 0 scanning C:\Windows\system32\drivers
04:52:45.590 Service scanning
04:53:01.854 Modules scanning
04:53:06.954 Disk 0 trace - called modules:
04:53:06.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
04:53:06.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a5030]
04:53:06.994 3 CLASSPNP.SYS[8320459e] -> nt!IofCallDriver -> [0x85e87918]
04:53:06.994 5 ACPI.sys[8b8a33d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8556f908]
04:53:10.864 AVAST engine scan C:\Windows
04:53:13.834 AVAST engine scan C:\Windows\system32
04:55:33.682 AVAST engine scan C:\Windows\system32\drivers
04:55:44.404 AVAST engine scan C:\Users\Lauren
04:56:20.009 Disk 0 MBR has been saved successfully to "C:\Users\Lauren\Desktop\MBR.dat"
04:56:20.019 The log file has been saved successfully to "C:\Users\Lauren\Desktop\aswMBR.txt"


ESETs:

C:\TDSSKiller_Quarantine\31.08.2012_04.43.50\rtkt0000\zafs0000\tsk0001.dta a variant of Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\31.08.2012_04.43.50\rtkt0000\zafs0000\tsk0005.dta Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\31.08.2012_04.43.50\rtkt0000\zafs0000\tsk0007.dta Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\31.08.2012_04.43.50\rtkt0000\zafs0000\tsk0008.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\31.08.2012_04.43.50\rtkt0000\zafs0000\tsk0009.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 30 August 2012 - 11:50 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 31 August 2012 - 11:08 AM

MWBAM Log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.31.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Lauren :: LAUREN-PC [administrator]

31/08/2012 16:03:27
mbam-log-2012-08-31 (16-03-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344183
Time elapsed: 55 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Minitoolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Lauren (administrator) on 31-08-2012 at 17:00:26
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Belkin 54g Wireless USB Network Adapter = Wireless Network Connection 3 (Connected)
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Lauren-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Belkin 54g Wireless USB Network Adapter #3
Physical Address. . . . . . . . . : 00-22-75-AF-D4-E4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::64ed:8171:2c26:42ff%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 31 August 2012 16:02:40
Lease Expires . . . . . . . . . . : 01 September 2012 16:02:39
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 385884789
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-77-BC-CB-00-24-E8-14-22-80
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-24-E8-14-22-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {782A613D-48D7-4CB2-83F2-C8D9601CD2A8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5292756D-EE0E-432B-9105-EECC825BCECD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2a00:1450:4009:809::1000
173.194.41.167
173.194.41.164
173.194.41.162
173.194.41.166
173.194.41.160
173.194.41.163
173.194.41.169
173.194.41.174
173.194.41.165
173.194.41.161
173.194.41.168


Pinging google.com [173.194.41.161] with 32 bytes of data:
Reply from 173.194.41.161: bytes=32 time=19ms TTL=55
Reply from 173.194.41.161: bytes=32 time=42ms TTL=54

Ping statistics for 173.194.41.161:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 42ms, Average = 30ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=1181ms TTL=52
Reply from 72.30.38.140: bytes=32 time=997ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 997ms, Maximum = 1181ms, Average = 1089ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 22 75 af d4 e4 ......Belkin 54g Wireless USB Network Adapter #3
10...00 24 e8 14 22 80 ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 286
192.168.1.3 255.255.255.255 On-link 192.168.1.3 286
192.168.1.255 255.255.255.255 On-link 192.168.1.3 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 286 fe80::/64 On-link
14 286 fe80::64ed:8171:2c26:42ff/128
On-link
1 306 ff00::/8 On-link
14 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()
Catalog9 38 mswsock.dll [File Not found] ()
Catalog9 39 mswsock.dll [File Not found] ()
Catalog9 40 mswsock.dll [File Not found] ()
Catalog9 41 mswsock.dll [File Not found] ()
Catalog9 42 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/31/2012 00:49:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {347834f1-e423-4362-91d2-2c47a5bd5dca}

Error: (08/31/2012 00:01:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_mauins.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x00064aaf
Faulting process id: 0x17a4
Faulting application start time: 0xrundll32.exe_mauins.dll0
Faulting application path: rundll32.exe_mauins.dll1
Faulting module path: rundll32.exe_mauins.dll2
Report Id: rundll32.exe_mauins.dll3

Error: (08/29/2012 02:50:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36981972

Error: (08/29/2012 02:50:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36981972

Error: (08/29/2012 02:50:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/29/2012 02:50:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36980958

Error: (08/29/2012 02:50:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36980958

Error: (08/29/2012 02:50:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/29/2012 02:50:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36979959

Error: (08/29/2012 02:50:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36979959


System errors:
=============
Error: (08/31/2012 04:02:41 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/31/2012 04:02:41 PM) (Source: Service Control Manager) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
%%2

Error: (08/31/2012 04:02:41 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/31/2012 04:02:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/31/2012 04:46:01 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/31/2012 04:46:01 AM) (Source: Service Control Manager) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
%%2

Error: (08/31/2012 04:46:01 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/31/2012 04:46:01 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/31/2012 00:48:49 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/31/2012 00:48:49 AM) (Source: Service Control Manager) (User: )
Description: The NEWDRIVER service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/31/2012 00:49:05 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {347834f1-e423-4362-91d2-2c47a5bd5dca}

Error: (08/31/2012 00:01:17 AM) (Source: Application Error)(User: )
Description: rundll32.exe_mauins.dll6.1.7600.163854a5bc637ntdll.dll6.1.7601.177254ec49b60c000000500064aaf17a401cd87035b4aeabcC:\Windows\system32\rundll32.exeC:\Windows\SYSTEM32\ntdll.dll9a2afc49-f2f6-11e1-9178-0024e8142280

Error: (08/29/2012 02:50:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36981972

Error: (08/29/2012 02:50:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36981972

Error: (08/29/2012 02:50:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/29/2012 02:50:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36980958

Error: (08/29/2012 02:50:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36980958

Error: (08/29/2012 02:50:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/29/2012 02:50:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36979959

Error: (08/29/2012 02:50:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36979959


=========================== Installed Programs ============================

???????????
7-Zip 4.65
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Akamai NetSession Interface Service
Alon Audio Extractor 3.0
Amazon MP3 Downloader 1.0.9
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Audiosurf
Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.21)
Comical 0.8
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Consolas Font Family (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
ESET Online Scanner v3
GIMP 2.8.0 (Version: 2.8.0)
Google Update Helper (Version: 1.3.21.115)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
IsoBuster 2.8.5 (Version: 2.8.5)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
K-Lite Mega Codec Pack 7.7.0 (Version: 7.7.0)
Katawa Shoujo
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MELTY BLOOD Act Cadenza Ver.B WindowsӁ
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
mkv2vob (Version: 2.4.9)
Mozilla Firefox 15.0 (x86 en-GB) (Version: 15.0)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
Nexon Game Manager
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Origin (Version: 8.5.0.4550)
Pando Media Booster (Version: 2.6.0.7)
Project64 1.6 (Version: 1.6)
QuickTime (Version: 7.72.80.56)
Rapport (Version: 3.5.1205.4)
RPS CRT (Version: 9.0.34)
SEGA Genesis & Mega Drive Classics
Steam (Version: 1.0.0.0)
StepMania 3.9a (remove only)
System Requirements Lab CYRI (Version: 4.5.1.0)
Terraria
The Sims™ 3 (Version: 1.34.27)
The Sims™ 3 Ambitions (Version: 4.0.87)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 Late Night (Version: 6.0.81)
The Sims™ 3 World Adventures (Version: 2.0.86)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VoiceOver Kit (Version: 1.42.128.0)
Vuze (Version: 4.7)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinPatrol (Version: 24.6.2012)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Yume Nikki 0.10 English v3

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3317.18 MB
Available physical RAM: 2113.8 MB
Total Pagefile: 6632.64 MB
Available Pagefile: 5405.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.44 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:121.1 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:14.03 GB) NTFS
3 Drive e: (AbFab S3 02) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
6 Drive j: (MBACverB) (CDROM) (Total:2.36 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\LAUREN-PC

Administrator Guest Lauren


**** End of log ****

FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Lauren (administrator) on 31-08-2012 at 17:03:27
Running from "C:\Users\Lauren\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Adware Cleaner:

# AdwCleaner v2.000 - Logfile created 08/31/2012 at 17:04:49
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Lauren - LAUREN-PC
# Boot Mode : Normal
# Running from : C:\Users\Lauren\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Lauren\AppData\Local\Conduit
Folder Deleted : C:\Users\Lauren\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Lauren\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lauren\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110019&tt=220512_53ctrl&babsrc=NT_ss&mntrId=eed80c340000000000000024e8142280 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-GB)

Profile name : default
File : C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\kj7vdly3.default\prefs.js

C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\kj7vdly3.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110019&tt=220512_53ctrl");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "eed80c340000000000000024e8142280");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "eed80c340000000000000024e8142280");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15495");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:24:34");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Opera v [Unable to get version]

File : C:\Users\Lauren\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://startsear.info

*************************

AdwCleaner[S2].txt - [4395 octets] - [31/08/2012 17:04:49]

########## EOF - C:\AdwCleaner[S2].txt - [4455 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 31 August 2012 - 12:48 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 31 August 2012 - 01:14 PM

New FSS log after running ServiceRepair:

Farbar Service Scanner Version: 06-08-2012
Ran by Lauren (administrator) on 31-08-2012 at 19:12:40
Running from "C:\Users\Lauren\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


RKill log:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/31/2012 07:13:19 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/31/2012 07:13:34 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 31 August 2012 - 01:18 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 31 August 2012 - 05:49 PM

Done all that and re-installed MSE. Thanks for your help^^

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 31 August 2012 - 06:16 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users