Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a zero access virus on my computer


  • Please log in to reply
14 replies to this topic

#1 jt02

jt02

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 September 2012 - 09:16 AM

Hi, I believe I have this virus. It has disabled my Windows updates. Computer appears to be running normal but at first I had the redirects. I used hitmanpro to remove it but I don't think it got rid of everything. It disabled my Windows Firwall and updates. I think it may be in registry because I ran rkill and said this under miscellaneous: ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
Please help, I have been trying to get rid of this for a while, don't know what to do. My computer is a Windows 7, 64 bit.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 PM

Posted 01 September 2012 - 09:41 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 jt02

jt02
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 September 2012 - 10:13 AM

Hi, here are the logs for tdsskiller and aswMBR. I did not post the Eset, When I downloaded this and press start a windows pops up and says to click start to start scanning but under there it says remove found threats and it has a check mark on it, do I uncheck this? Under there it also says scan archives and that one is unchecked.




11:48:36.0774 4408 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:48:37.0180 4408 ============================================================
11:48:37.0180 4408 Current date / time: 2012/08/31 11:48:37.0180
11:48:37.0180 4408 SystemInfo:
11:48:37.0180 4408
11:48:37.0180 4408 OS Version: 6.1.7601 ServicePack: 1.0
11:48:37.0180 4408 Product type: Workstation
11:48:37.0196 4408 ComputerName: MARCOS-HP
11:48:37.0196 4408 UserName: bombona
11:48:37.0196 4408 Windows directory: C:\Windows
11:48:37.0196 4408 System windows directory: C:\Windows
11:48:37.0196 4408 Running under WOW64
11:48:37.0196 4408 Processor architecture: Intel x64
11:48:37.0196 4408 Number of processors: 2
11:48:37.0196 4408 Page size: 0x1000
11:48:37.0196 4408 Boot type: Normal boot
11:48:37.0196 4408 ============================================================
11:48:40.0799 4408 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:48:40.0846 4408 ============================================================
11:48:40.0846 4408 \Device\Harddisk0\DR0:
11:48:40.0877 4408 MBR partitions:
11:48:40.0877 4408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:48:40.0877 4408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7305D800
11:48:40.0877 4408 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73090000, BlocksNum 0x1676000
11:48:40.0877 4408 ============================================================
11:48:40.0893 4408 C: <-> \Device\Harddisk0\DR0\Partition2
11:48:41.0002 4408 D: <-> \Device\Harddisk0\DR0\Partition3
11:48:41.0002 4408 ============================================================
11:48:41.0002 4408 Initialize success
11:48:41.0002 4408 ============================================================
11:48:42.0921 4924 ============================================================
11:48:42.0921 4924 Scan started
11:48:42.0921 4924 Mode: Manual;
11:48:42.0921 4924 ============================================================
11:48:44.0840 4924 ================ Scan system memory ========================
11:48:44.0840 4924 System memory - ok
11:48:44.0840 4924 ================ Scan services =============================
11:48:45.0276 4924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:48:45.0292 4924 1394ohci - ok
11:48:45.0323 4924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:48:45.0323 4924 ACPI - ok
11:48:45.0339 4924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:48:45.0370 4924 AcpiPmi - ok
11:48:45.0479 4924 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:48:45.0479 4924 AdobeARMservice - ok
11:48:45.0526 4924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:48:45.0542 4924 adp94xx - ok
11:48:45.0557 4924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:48:45.0573 4924 adpahci - ok
11:48:45.0604 4924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:48:45.0604 4924 adpu320 - ok
11:48:45.0620 4924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:48:45.0620 4924 AeLookupSvc - ok
11:48:45.0666 4924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:48:45.0666 4924 AFD - ok
11:48:45.0713 4924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:48:45.0713 4924 agp440 - ok
11:48:45.0963 4924 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
11:48:45.0963 4924 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
11:48:45.0978 4924 Akamai ( HiddenFile.Multi.Generic ) - warning
11:48:45.0978 4924 Akamai - detected HiddenFile.Multi.Generic (1)
11:48:45.0994 4924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:48:46.0010 4924 ALG - ok
11:48:46.0025 4924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:48:46.0041 4924 aliide - ok
11:48:46.0088 4924 [ CA0D6C1390F4B3BAF2A0A69D1A7F8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:48:46.0088 4924 AMD External Events Utility - ok
11:48:46.0103 4924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:48:46.0119 4924 amdide - ok
11:48:46.0119 4924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:48:46.0134 4924 AmdK8 - ok
11:48:46.0368 4924 [ 75E4BACA583AE02C11E9AC8747E2ABE0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:48:46.0462 4924 amdkmdag - ok
11:48:46.0478 4924 [ B765CF4B32F347BE747B21AE22641025 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:48:46.0493 4924 amdkmdap - ok
11:48:46.0509 4924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:48:46.0509 4924 AmdPPM - ok
11:48:46.0540 4924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:48:46.0556 4924 amdsata - ok
11:48:46.0602 4924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:48:46.0602 4924 amdsbs - ok
11:48:46.0618 4924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:48:46.0618 4924 amdxata - ok
11:48:46.0649 4924 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
11:48:46.0649 4924 amd_sata - ok
11:48:46.0665 4924 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
11:48:46.0665 4924 amd_xata - ok
11:48:46.0712 4924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:48:46.0712 4924 AppID - ok
11:48:46.0743 4924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:48:46.0743 4924 AppIDSvc - ok
11:48:46.0758 4924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:48:46.0774 4924 Appinfo - ok
11:48:46.0790 4924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:48:46.0805 4924 arc - ok
11:48:46.0821 4924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:48:46.0836 4924 arcsas - ok
11:48:46.0930 4924 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:48:46.0946 4924 aspnet_state - ok
11:48:47.0008 4924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:48:47.0008 4924 AsyncMac - ok
11:48:47.0039 4924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:48:47.0039 4924 atapi - ok
11:48:47.0055 4924 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\drivers\AtiPcie64.sys
11:48:47.0070 4924 AtiPcie - ok
11:48:47.0164 4924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:48:47.0164 4924 AudioEndpointBuilder - ok
11:48:47.0180 4924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:48:47.0180 4924 AudioSrv - ok
11:48:47.0429 4924 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
11:48:47.0460 4924 AVGIDSAgent - ok
11:48:47.0492 4924 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:48:47.0492 4924 AVGIDSDriver - ok
11:48:47.0507 4924 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:48:47.0538 4924 AVGIDSFilter - ok
11:48:47.0554 4924 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
11:48:47.0554 4924 AVGIDSHA - ok
11:48:47.0585 4924 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
11:48:47.0601 4924 Avgldx64 - ok
11:48:47.0616 4924 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
11:48:47.0616 4924 Avgmfx64 - ok
11:48:47.0663 4924 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
11:48:47.0663 4924 Avgrkx64 - ok
11:48:47.0694 4924 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:48:47.0694 4924 avgwd - ok
11:48:47.0757 4924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:48:47.0772 4924 AxInstSV - ok
11:48:47.0804 4924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:48:47.0819 4924 b06bdrv - ok
11:48:47.0866 4924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:48:47.0897 4924 b57nd60a - ok
11:48:47.0913 4924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:48:47.0913 4924 BDESVC - ok
11:48:47.0944 4924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:48:47.0944 4924 Beep - ok
11:48:48.0038 4924 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:48:48.0053 4924 BFE - ok
11:48:48.0100 4924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:48:48.0100 4924 blbdrive - ok
11:48:48.0162 4924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:48:48.0162 4924 bowser - ok
11:48:48.0194 4924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:48:48.0209 4924 BrFiltLo - ok
11:48:48.0209 4924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:48:48.0225 4924 BrFiltUp - ok
11:48:48.0240 4924 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
11:48:48.0256 4924 Browser - ok
11:48:48.0287 4924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:48:48.0303 4924 Brserid - ok
11:48:48.0303 4924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:48:48.0303 4924 BrSerWdm - ok
11:48:48.0318 4924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:48:48.0318 4924 BrUsbMdm - ok
11:48:48.0334 4924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:48:48.0334 4924 BrUsbSer - ok
11:48:48.0350 4924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:48:48.0350 4924 BTHMODEM - ok
11:48:48.0381 4924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:48:48.0396 4924 bthserv - ok
11:48:48.0428 4924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:48:48.0443 4924 cdfs - ok
11:48:48.0474 4924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:48:48.0490 4924 cdrom - ok
11:48:48.0521 4924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:48:48.0537 4924 CertPropSvc - ok
11:48:48.0552 4924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:48:48.0552 4924 circlass - ok
11:48:48.0568 4924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:48:48.0568 4924 CLFS - ok
11:48:48.0646 4924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:48.0646 4924 clr_optimization_v2.0.50727_32 - ok
11:48:48.0708 4924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:48:48.0708 4924 clr_optimization_v2.0.50727_64 - ok
11:48:48.0802 4924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:48:48.0864 4924 clr_optimization_v4.0.30319_32 - ok
11:48:48.0880 4924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:48:48.0896 4924 clr_optimization_v4.0.30319_64 - ok
11:48:48.0927 4924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:48:48.0942 4924 CmBatt - ok
11:48:48.0958 4924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:48:48.0958 4924 cmdide - ok
11:48:48.0989 4924 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
11:48:49.0005 4924 CNG - ok
11:48:49.0020 4924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:48:49.0020 4924 Compbatt - ok
11:48:49.0052 4924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:48:49.0052 4924 CompositeBus - ok
11:48:49.0067 4924 COMSysApp - ok
11:48:49.0083 4924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:48:49.0083 4924 crcdisk - ok
11:48:49.0130 4924 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:48:49.0145 4924 CryptSvc - ok
11:48:49.0176 4924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:48:49.0192 4924 DcomLaunch - ok
11:48:49.0208 4924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:48:49.0208 4924 defragsvc - ok
11:48:49.0239 4924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:48:49.0239 4924 DfsC - ok
11:48:49.0270 4924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:48:49.0301 4924 Dhcp - ok
11:48:49.0301 4924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:48:49.0301 4924 discache - ok
11:48:49.0364 4924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:48:49.0364 4924 Disk - ok
11:48:49.0395 4924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:48:49.0395 4924 Dnscache - ok
11:48:49.0426 4924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:48:49.0442 4924 dot3svc - ok
11:48:49.0457 4924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:48:49.0457 4924 DPS - ok
11:48:49.0488 4924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:48:49.0488 4924 drmkaud - ok
11:48:49.0551 4924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:48:49.0582 4924 DXGKrnl - ok
11:48:49.0598 4924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:48:49.0598 4924 EapHost - ok
11:48:49.0800 4924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:48:49.0863 4924 ebdrv - ok
11:48:49.0894 4924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:48:49.0894 4924 EFS - ok
11:48:49.0956 4924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:48:49.0956 4924 ehRecvr - ok
11:48:50.0003 4924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:48:50.0003 4924 ehSched - ok
11:48:50.0066 4924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:48:50.0081 4924 elxstor - ok
11:48:50.0081 4924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:48:50.0112 4924 ErrDev - ok
11:48:50.0159 4924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:48:50.0159 4924 EventSystem - ok
11:48:50.0190 4924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:48:50.0206 4924 exfat - ok
11:48:50.0237 4924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:48:50.0253 4924 fastfat - ok
11:48:50.0300 4924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:48:50.0300 4924 Fax - ok
11:48:50.0315 4924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:48:50.0315 4924 fdc - ok
11:48:50.0331 4924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:48:50.0346 4924 fdPHost - ok
11:48:50.0346 4924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:48:50.0362 4924 FDResPub - ok
11:48:50.0409 4924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:48:50.0409 4924 FileInfo - ok
11:48:50.0424 4924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:48:50.0424 4924 Filetrace - ok
11:48:50.0440 4924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:48:50.0440 4924 flpydisk - ok
11:48:50.0487 4924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:48:50.0487 4924 FltMgr - ok
11:48:50.0565 4924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:48:50.0580 4924 FontCache - ok
11:48:50.0690 4924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:50.0690 4924 FontCache3.0.0.0 - ok
11:48:50.0705 4924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:48:50.0721 4924 FsDepends - ok
11:48:50.0736 4924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:48:50.0736 4924 Fs_Rec - ok
11:48:50.0752 4924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:48:50.0752 4924 fvevol - ok
11:48:50.0799 4924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:48:50.0799 4924 gagp30kx - ok
11:48:50.0846 4924 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:48:50.0846 4924 GamesAppService - ok
11:48:50.0892 4924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:48:50.0924 4924 gpsvc - ok
11:48:51.0048 4924 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:48:51.0048 4924 gupdate - ok
11:48:51.0142 4924 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:48:51.0142 4924 gupdatem - ok
11:48:51.0282 4924 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:48:51.0282 4924 gusvc - ok
11:48:51.0298 4924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:48:51.0314 4924 hcw85cir - ok
11:48:51.0345 4924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:48:51.0360 4924 HdAudAddService - ok
11:48:51.0407 4924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:48:51.0407 4924 HDAudBus - ok
11:48:51.0438 4924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:48:51.0485 4924 HidBatt - ok
11:48:51.0501 4924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:48:51.0516 4924 HidBth - ok
11:48:51.0532 4924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:48:51.0548 4924 HidIr - ok
11:48:51.0563 4924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:48:51.0579 4924 hidserv - ok
11:48:51.0610 4924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:48:51.0610 4924 HidUsb - ok
11:48:51.0626 4924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:48:51.0641 4924 hkmsvc - ok
11:48:51.0657 4924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:48:51.0657 4924 HomeGroupListener - ok
11:48:51.0688 4924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:48:51.0688 4924 HomeGroupProvider - ok
11:48:51.0782 4924 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:48:51.0782 4924 HP Support Assistant Service - ok
11:48:51.0906 4924 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
11:48:51.0922 4924 HPAuto - ok
11:48:51.0969 4924 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:48:51.0969 4924 HPClientSvc - ok
11:48:52.0016 4924 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:48:52.0016 4924 HPDrvMntSvc.exe - ok
11:48:52.0078 4924 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:48:52.0078 4924 hpqwmiex - ok
11:48:52.0094 4924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:48:52.0109 4924 HpSAMD - ok
11:48:52.0172 4924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:48:52.0203 4924 HTTP - ok
11:48:52.0203 4924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:48:52.0203 4924 hwpolicy - ok
11:48:52.0250 4924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:48:52.0265 4924 i8042prt - ok
11:48:52.0296 4924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:48:52.0312 4924 iaStorV - ok
11:48:52.0406 4924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:48:52.0406 4924 idsvc - ok
11:48:52.0655 4924 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:48:52.0733 4924 igfx - ok
11:48:52.0764 4924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:48:52.0764 4924 iirsp - ok
11:48:52.0842 4924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:48:52.0874 4924 IKEEXT - ok
11:48:52.0998 4924 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:48:53.0030 4924 IntcAzAudAddService - ok
11:48:53.0061 4924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:48:53.0061 4924 intelide - ok
11:48:53.0108 4924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:48:53.0123 4924 intelppm - ok
11:48:53.0154 4924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:48:53.0170 4924 IPBusEnum - ok
11:48:53.0217 4924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:48:53.0217 4924 IpFilterDriver - ok
11:48:53.0264 4924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:48:53.0264 4924 IPMIDRV - ok
11:48:53.0310 4924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:48:53.0310 4924 IPNAT - ok
11:48:53.0326 4924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:48:53.0326 4924 IRENUM - ok
11:48:53.0342 4924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:48:53.0357 4924 isapnp - ok
11:48:53.0388 4924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:48:53.0388 4924 iScsiPrt - ok
11:48:53.0404 4924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:48:53.0404 4924 kbdclass - ok
11:48:53.0435 4924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:48:53.0435 4924 kbdhid - ok
11:48:53.0451 4924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:48:53.0451 4924 KeyIso - ok
11:48:53.0482 4924 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:48:53.0482 4924 KSecDD - ok
11:48:53.0513 4924 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:48:53.0513 4924 KSecPkg - ok
11:48:53.0544 4924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:48:53.0544 4924 ksthunk - ok
11:48:53.0576 4924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:48:53.0591 4924 KtmRm - ok
11:48:53.0622 4924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:48:53.0638 4924 LanmanServer - ok
11:48:53.0654 4924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:48:53.0669 4924 LanmanWorkstation - ok
11:48:53.0700 4924 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:48:53.0700 4924 LightScribeService - ok
11:48:53.0763 4924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:48:53.0763 4924 lltdio - ok
11:48:53.0794 4924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:48:53.0810 4924 lltdsvc - ok
11:48:53.0810 4924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:48:53.0825 4924 lmhosts - ok
11:48:53.0856 4924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:48:53.0856 4924 LSI_FC - ok
11:48:53.0872 4924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:48:53.0872 4924 LSI_SAS - ok
11:48:53.0888 4924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:48:53.0888 4924 LSI_SAS2 - ok
11:48:53.0919 4924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:48:53.0919 4924 LSI_SCSI - ok
11:48:53.0966 4924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:48:53.0981 4924 luafv - ok
11:48:54.0012 4924 lxcg_device - ok
11:48:54.0075 4924 [ 2D07BB9D32085BA7FFC4E05C6D6249BD ] lxeeCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe
11:48:54.0075 4924 lxeeCATSCustConnectService - ok
11:48:54.0075 4924 lxee_device - ok
11:48:54.0106 4924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:48:54.0122 4924 Mcx2Svc - ok
11:48:54.0137 4924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:48:54.0137 4924 megasas - ok
11:48:54.0153 4924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:48:54.0168 4924 MegaSR - ok
11:48:54.0168 4924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:48:54.0168 4924 MMCSS - ok
11:48:54.0184 4924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:48:54.0200 4924 Modem - ok
11:48:54.0231 4924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:48:54.0231 4924 monitor - ok
11:48:54.0278 4924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:48:54.0278 4924 mouclass - ok
11:48:54.0324 4924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:48:54.0340 4924 mouhid - ok
11:48:54.0340 4924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:48:54.0356 4924 mountmgr - ok
11:48:54.0402 4924 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:48:54.0418 4924 MozillaMaintenance - ok
11:48:54.0449 4924 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:48:54.0449 4924 MpFilter - ok
11:48:54.0465 4924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:48:54.0465 4924 mpio - ok
11:48:54.0480 4924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:48:54.0496 4924 mpsdrv - ok
11:48:54.0574 4924 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:48:54.0605 4924 MpsSvc - ok
11:48:54.0636 4924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:48:54.0636 4924 MRxDAV - ok
11:48:54.0683 4924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:48:54.0683 4924 mrxsmb - ok
11:48:54.0699 4924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:48:54.0699 4924 mrxsmb10 - ok
11:48:54.0714 4924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:48:54.0730 4924 mrxsmb20 - ok
11:48:54.0746 4924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:48:54.0746 4924 msahci - ok
11:48:54.0777 4924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:48:54.0777 4924 msdsm - ok
11:48:54.0824 4924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:48:54.0839 4924 MSDTC - ok
11:48:54.0870 4924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:48:54.0870 4924 Msfs - ok
11:48:54.0886 4924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:48:54.0886 4924 mshidkmdf - ok
11:48:54.0917 4924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:48:54.0917 4924 msisadrv - ok
11:48:54.0964 4924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:48:54.0964 4924 MSiSCSI - ok
11:48:54.0980 4924 msiserver - ok
11:48:55.0011 4924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:48:55.0011 4924 MSKSSRV - ok
11:48:55.0104 4924 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:48:55.0104 4924 MsMpSvc - ok
11:48:55.0120 4924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:48:55.0136 4924 MSPCLOCK - ok
11:48:55.0151 4924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:48:55.0167 4924 MSPQM - ok
11:48:55.0198 4924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:48:55.0198 4924 MsRPC - ok
11:48:55.0214 4924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:48:55.0214 4924 mssmbios - ok
11:48:55.0229 4924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:48:55.0229 4924 MSTEE - ok
11:48:55.0260 4924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:48:55.0260 4924 MTConfig - ok
11:48:55.0276 4924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:48:55.0292 4924 Mup - ok
11:48:55.0307 4924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:48:55.0323 4924 napagent - ok
11:48:55.0338 4924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:48:55.0338 4924 NativeWifiP - ok
11:48:55.0401 4924 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:48:55.0432 4924 NDIS - ok
11:48:55.0463 4924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:48:55.0479 4924 NdisCap - ok
11:48:55.0494 4924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:48:55.0494 4924 NdisTapi - ok
11:48:55.0510 4924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:48:55.0510 4924 Ndisuio - ok
11:48:55.0541 4924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:48:55.0541 4924 NdisWan - ok
11:48:55.0541 4924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:48:55.0557 4924 NDProxy - ok
11:48:55.0557 4924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:48:55.0557 4924 NetBIOS - ok
11:48:55.0588 4924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:48:55.0604 4924 NetBT - ok
11:48:55.0604 4924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:48:55.0604 4924 Netlogon - ok
11:48:55.0635 4924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:48:55.0650 4924 Netman - ok
11:48:55.0697 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:55.0713 4924 NetMsmqActivator - ok
11:48:55.0713 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:55.0713 4924 NetPipeActivator - ok
11:48:55.0744 4924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:48:55.0760 4924 netprofm - ok
11:48:55.0760 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:55.0760 4924 NetTcpActivator - ok
11:48:55.0760 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:55.0775 4924 NetTcpPortSharing - ok
11:48:55.0806 4924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:48:55.0822 4924 nfrd960 - ok
11:48:55.0869 4924 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:48:55.0884 4924 NisDrv - ok
11:48:55.0931 4924 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:48:55.0931 4924 NisSrv - ok
11:48:55.0962 4924 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:48:55.0978 4924 NlaSvc - ok
11:48:55.0994 4924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:48:56.0009 4924 Npfs - ok
11:48:56.0025 4924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:48:56.0040 4924 nsi - ok
11:48:56.0040 4924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:48:56.0040 4924 nsiproxy - ok
11:48:56.0150 4924 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:48:56.0196 4924 Ntfs - ok
11:48:56.0212 4924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:48:56.0228 4924 Null - ok
11:48:56.0259 4924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:48:56.0259 4924 nvraid - ok
11:48:56.0274 4924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:48:56.0290 4924 nvstor - ok
11:48:56.0306 4924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:48:56.0321 4924 nv_agp - ok
11:48:56.0430 4924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:48:56.0430 4924 odserv - ok
11:48:56.0462 4924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:48:56.0477 4924 ohci1394 - ok
11:48:56.0493 4924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:56.0493 4924 ose - ok
11:48:56.0524 4924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:48:56.0540 4924 p2pimsvc - ok
11:48:56.0571 4924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:48:56.0586 4924 p2psvc - ok
11:48:56.0602 4924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:48:56.0618 4924 Parport - ok
11:48:56.0664 4924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:48:56.0664 4924 partmgr - ok
11:48:56.0680 4924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:48:56.0680 4924 PcaSvc - ok
11:48:56.0696 4924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:48:56.0711 4924 pci - ok
11:48:56.0727 4924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:48:56.0742 4924 pciide - ok
11:48:56.0774 4924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:48:56.0774 4924 pcmcia - ok
11:48:56.0789 4924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:48:56.0805 4924 pcw - ok
11:48:56.0852 4924 pdfcDispatcher - ok
11:48:56.0883 4924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:48:56.0898 4924 PEAUTH - ok
11:48:57.0054 4924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:48:57.0054 4924 PerfHost - ok
11:48:57.0101 4924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:48:57.0117 4924 pla - ok
11:48:57.0164 4924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:48:57.0179 4924 PlugPlay - ok
11:48:57.0195 4924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:48:57.0195 4924 PNRPAutoReg - ok
11:48:57.0226 4924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:48:57.0226 4924 PNRPsvc - ok
11:48:57.0273 4924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:48:57.0288 4924 PolicyAgent - ok
11:48:57.0320 4924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:48:57.0320 4924 Power - ok
11:48:57.0366 4924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:48:57.0366 4924 PptpMiniport - ok
11:48:57.0382 4924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:48:57.0398 4924 Processor - ok
11:48:57.0429 4924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:48:57.0429 4924 ProfSvc - ok
11:48:57.0444 4924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:48:57.0444 4924 ProtectedStorage - ok
11:48:57.0476 4924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:48:57.0476 4924 Psched - ok
11:48:57.0569 4924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:48:57.0616 4924 ql2300 - ok
11:48:57.0647 4924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:48:57.0647 4924 ql40xx - ok
11:48:57.0694 4924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:48:57.0710 4924 QWAVE - ok
11:48:57.0756 4924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:48:57.0756 4924 QWAVEdrv - ok
11:48:57.0772 4924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:48:57.0772 4924 RasAcd - ok
11:48:57.0819 4924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:48:57.0819 4924 RasAgileVpn - ok
11:48:57.0850 4924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:48:57.0866 4924 RasAuto - ok
11:48:57.0881 4924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:48:57.0881 4924 Rasl2tp - ok
11:48:57.0912 4924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:48:57.0928 4924 RasMan - ok
11:48:57.0944 4924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:48:57.0959 4924 RasPppoe - ok
11:48:57.0975 4924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:48:57.0975 4924 RasSstp - ok
11:48:58.0006 4924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:48:58.0006 4924 rdbss - ok
11:48:58.0022 4924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:48:58.0037 4924 rdpbus - ok
11:48:58.0053 4924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:48:58.0053 4924 RDPCDD - ok
11:48:58.0084 4924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:48:58.0084 4924 RDPENCDD - ok
11:48:58.0084 4924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:48:58.0084 4924 RDPREFMP - ok
11:48:58.0115 4924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:48:58.0115 4924 RDPWD - ok
11:48:58.0162 4924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:48:58.0178 4924 rdyboost - ok
11:48:58.0224 4924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:48:58.0224 4924 RemoteAccess - ok
11:48:58.0240 4924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:48:58.0256 4924 RemoteRegistry - ok
11:48:58.0287 4924 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:48:58.0287 4924 RimUsb - ok
11:48:58.0318 4924 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:48:58.0318 4924 RoxioNow Service - ok
11:48:58.0349 4924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:48:58.0349 4924 RpcEptMapper - ok
11:48:58.0365 4924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:48:58.0365 4924 RpcLocator - ok
11:48:58.0365 4924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:48:58.0380 4924 RpcSs - ok
11:48:58.0396 4924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:48:58.0458 4924 rspndr - ok
11:48:58.0521 4924 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:48:58.0536 4924 RTL8167 - ok
11:48:58.0552 4924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:48:58.0552 4924 SamSs - ok
11:48:58.0568 4924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:48:58.0583 4924 sbp2port - ok
11:48:58.0614 4924 SBRE - ok
11:48:58.0739 4924 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:48:58.0739 4924 SBSDWSCService - ok
11:48:58.0755 4924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:48:58.0755 4924 SCardSvr - ok
11:48:58.0786 4924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:48:58.0786 4924 scfilter - ok
11:48:58.0880 4924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:48:58.0895 4924 Schedule - ok
11:48:58.0911 4924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:48:58.0911 4924 SCPolicySvc - ok
11:48:58.0926 4924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:48:58.0926 4924 SDRSVC - ok
11:48:58.0958 4924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:48:58.0958 4924 secdrv - ok
11:48:58.0973 4924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:48:58.0989 4924 seclogon - ok
11:48:59.0004 4924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:48:59.0020 4924 SENS - ok
11:48:59.0067 4924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:48:59.0067 4924 SensrSvc - ok
11:48:59.0160 4924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
11:48:59.0160 4924 Serenum - ok
11:48:59.0176 4924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
11:48:59.0192 4924 Serial - ok
11:48:59.0207 4924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:48:59.0223 4924 sermouse - ok
11:48:59.0238 4924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:48:59.0238 4924 SessionEnv - ok
11:48:59.0254 4924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:48:59.0270 4924 sffdisk - ok
11:48:59.0285 4924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:48:59.0301 4924 sffp_mmc - ok
11:48:59.0301 4924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:48:59.0316 4924 sffp_sd - ok
11:48:59.0316 4924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:48:59.0332 4924 sfloppy - ok
11:48:59.0363 4924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:48:59.0363 4924 ShellHWDetection - ok
11:48:59.0379 4924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:48:59.0379 4924 SiSRaid2 - ok
11:48:59.0394 4924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:48:59.0410 4924 SiSRaid4 - ok
11:48:59.0426 4924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:48:59.0426 4924 Smb - ok
11:48:59.0488 4924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:48:59.0488 4924 SNMPTRAP - ok
11:48:59.0488 4924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:48:59.0504 4924 spldr - ok
11:48:59.0519 4924 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
11:48:59.0535 4924 Spooler - ok
11:48:59.0613 4924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:48:59.0644 4924 sppsvc - ok
11:48:59.0660 4924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:48:59.0660 4924 sppuinotify - ok
11:48:59.0706 4924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:48:59.0706 4924 srv - ok
11:48:59.0722 4924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:48:59.0738 4924 srv2 - ok
11:48:59.0738 4924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:48:59.0753 4924 srvnet - ok
11:48:59.0784 4924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:48:59.0784 4924 SSDPSRV - ok
11:48:59.0800 4924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:48:59.0816 4924 SstpSvc - ok
11:48:59.0831 4924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:48:59.0831 4924 stexstor - ok
11:48:59.0878 4924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:48:59.0878 4924 stisvc - ok
11:48:59.0894 4924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:48:59.0909 4924 swenum - ok
11:48:59.0940 4924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:48:59.0956 4924 swprv - ok
11:49:00.0003 4924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:49:00.0034 4924 SysMain - ok
11:49:00.0065 4924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:49:00.0081 4924 TabletInputService - ok
11:49:00.0096 4924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:49:00.0096 4924 TapiSrv - ok
11:49:00.0112 4924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:49:00.0112 4924 TBS - ok
11:49:00.0190 4924 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:49:00.0221 4924 Tcpip - ok
11:49:00.0268 4924 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:49:00.0268 4924 TCPIP6 - ok
11:49:00.0315 4924 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:49:00.0315 4924 tcpipreg - ok
11:49:00.0346 4924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:49:00.0362 4924 TDPIPE - ok
11:49:00.0377 4924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:49:00.0377 4924 TDTCP - ok
11:49:00.0408 4924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:49:00.0408 4924 tdx - ok
11:49:00.0424 4924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:49:00.0440 4924 TermDD - ok
11:49:00.0471 4924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:49:00.0471 4924 TermService - ok
11:49:00.0486 4924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:49:00.0502 4924 Themes - ok
11:49:00.0518 4924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:49:00.0518 4924 THREADORDER - ok
11:49:00.0533 4924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:49:00.0533 4924 TrkWks - ok
11:49:00.0564 4924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:49:00.0564 4924 TrustedInstaller - ok
11:49:00.0596 4924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:49:00.0611 4924 tssecsrv - ok
11:49:00.0627 4924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:49:00.0627 4924 TsUsbFlt - ok
11:49:00.0642 4924 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:49:00.0642 4924 TsUsbGD - ok
11:49:00.0798 4924 [ FFB8503D2578C5B31960149FB77BBE32 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
11:49:00.0814 4924 TuneUp.Defrag - ok
11:49:00.0845 4924 [ 8A950D1BC325FDEEF77F6085EA04DFFC ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
11:49:00.0861 4924 TuneUp.UtilitiesSvc - ok
11:49:00.0892 4924 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
11:49:00.0892 4924 TuneUpUtilitiesDrv - ok
11:49:00.0939 4924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:49:00.0939 4924 tunnel - ok
11:49:00.0970 4924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:49:00.0986 4924 uagp35 - ok
11:49:01.0001 4924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:49:01.0001 4924 udfs - ok
11:49:01.0032 4924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:49:01.0032 4924 UI0Detect - ok
11:49:01.0048 4924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:49:01.0064 4924 uliagpkx - ok
11:49:01.0079 4924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:49:01.0079 4924 umbus - ok
11:49:01.0095 4924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:49:01.0095 4924 UmPass - ok
11:49:01.0110 4924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:49:01.0110 4924 upnphost - ok
11:49:01.0142 4924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:49:01.0142 4924 usbccgp - ok
11:49:01.0173 4924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:49:01.0188 4924 usbcir - ok
11:49:01.0204 4924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:49:01.0204 4924 usbehci - ok
11:49:01.0220 4924 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys
11:49:01.0235 4924 usbfilter - ok
11:49:01.0266 4924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:49:01.0266 4924 usbhub - ok
11:49:01.0282 4924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:49:01.0298 4924 usbohci - ok
11:49:01.0313 4924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:49:01.0329 4924 usbprint - ok
11:49:01.0344 4924 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:49:01.0344 4924 usbscan - ok
11:49:01.0360 4924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:49:01.0376 4924 USBSTOR - ok
11:49:01.0391 4924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:49:01.0391 4924 usbuhci - ok
11:49:01.0422 4924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:49:01.0422 4924 UxSms - ok
11:49:01.0469 4924 [ 48AEE1E4B0578AFED54C52F575206379 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
11:49:01.0469 4924 UxTuneUp - ok
11:49:01.0485 4924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:49:01.0485 4924 VaultSvc - ok
11:49:01.0516 4924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:49:01.0516 4924 vdrvroot - ok
11:49:01.0563 4924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:49:01.0578 4924 vds - ok
11:49:01.0610 4924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:49:01.0625 4924 vga - ok
11:49:01.0625 4924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:49:01.0641 4924 VgaSave - ok
11:49:01.0656 4924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:49:01.0656 4924 vhdmp - ok
11:49:01.0672 4924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:49:01.0688 4924 viaide - ok
11:49:01.0703 4924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:49:01.0719 4924 volmgr - ok
11:49:01.0719 4924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:49:01.0734 4924 volmgrx - ok
11:49:01.0734 4924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:49:01.0750 4924 volsnap - ok
11:49:01.0781 4924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:49:01.0797 4924 vsmraid - ok
11:49:01.0875 4924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:49:01.0906 4924 VSS - ok
11:49:01.0922 4924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:49:01.0953 4924 vwifibus - ok
11:49:01.0968 4924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:49:01.0968 4924 W32Time - ok
11:49:01.0984 4924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:49:02.0000 4924 WacomPen - ok
11:49:02.0046 4924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:49:02.0046 4924 WANARP - ok
11:49:02.0046 4924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:49:02.0046 4924 Wanarpv6 - ok
11:49:02.0140 4924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:49:02.0156 4924 WatAdminSvc - ok
11:49:02.0202 4924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:49:02.0234 4924 wbengine - ok
11:49:02.0249 4924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:49:02.0265 4924 WbioSrvc - ok
11:49:02.0280 4924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:49:02.0296 4924 wcncsvc - ok
11:49:02.0296 4924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:49:02.0312 4924 WcsPlugInService - ok
11:49:02.0343 4924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:49:02.0343 4924 Wd - ok
11:49:02.0390 4924 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:49:02.0405 4924 Wdf01000 - ok
11:49:02.0421 4924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:49:02.0421 4924 WdiServiceHost - ok
11:49:02.0421 4924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:49:02.0421 4924 WdiSystemHost - ok
11:49:02.0452 4924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:49:02.0452 4924 WebClient - ok
11:49:02.0468 4924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:49:02.0499 4924 Wecsvc - ok
11:49:02.0514 4924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:49:02.0514 4924 wercplsupport - ok
11:49:02.0546 4924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:49:02.0546 4924 WerSvc - ok
11:49:02.0608 4924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:49:02.0608 4924 WfpLwf - ok
11:49:02.0639 4924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:49:02.0655 4924 WIMMount - ok
11:49:02.0655 4924 WinHttpAutoProxySvc - ok
11:49:02.0717 4924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:49:02.0733 4924 Winmgmt - ok
11:49:02.0811 4924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:49:02.0842 4924 WinRM - ok
11:49:02.0920 4924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:49:02.0920 4924 WinUsb - ok
11:49:02.0982 4924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:49:03.0014 4924 Wlansvc - ok
11:49:03.0060 4924 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:49:03.0076 4924 wlcrasvc - ok
11:49:03.0170 4924 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:49:03.0185 4924 wlidsvc - ok
11:49:03.0201 4924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:49:03.0201 4924 WmiAcpi - ok
11:49:03.0232 4924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:49:03.0232 4924 wmiApSrv - ok
11:49:03.0263 4924 WMPNetworkSvc - ok
11:49:03.0279 4924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:49:03.0279 4924 WPCSvc - ok
11:49:03.0294 4924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:49:03.0310 4924 WPDBusEnum - ok
11:49:03.0326 4924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:49:03.0326 4924 ws2ifsl - ok
11:49:03.0357 4924 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
11:49:03.0357 4924 WSDPrintDevice - ok
11:49:03.0357 4924 WSearch - ok
11:49:03.0435 4924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:49:03.0450 4924 wuauserv - ok
11:49:03.0466 4924 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:49:03.0482 4924 WudfPf - ok
11:49:03.0497 4924 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:49:03.0513 4924 WUDFRd - ok
11:49:03.0544 4924 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:49:03.0544 4924 wudfsvc - ok
11:49:03.0575 4924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:49:03.0638 4924 WwanSvc - ok
11:49:03.0669 4924 ================ Scan global ===============================
11:49:03.0684 4924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:49:03.0731 4924 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:49:03.0747 4924 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:49:03.0762 4924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:49:03.0809 4924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:49:03.0809 4924 [Global] - ok
11:49:03.0809 4924 ================ Scan MBR ==================================
11:49:03.0825 4924 [ 98FCD121D17E9B4E92F21F168830BB27 ] \Device\Harddisk0\DR0
11:49:04.0230 4924 \Device\Harddisk0\DR0 - ok
11:49:04.0230 4924 ================ Scan VBR ==================================
11:49:04.0246 4924 [ 85BEA7DE66BB4AA94114E8518DA087FF ] \Device\Harddisk0\DR0\Partition1
11:49:04.0262 4924 \Device\Harddisk0\DR0\Partition1 - ok
11:49:04.0277 4924 [ 8A952AE19FF4BB22CA80893D213E8EAF ] \Device\Harddisk0\DR0\Partition2
11:49:04.0277 4924 \Device\Harddisk0\DR0\Partition2 - ok
11:49:04.0308 4924 [ 7EDFE259FA587B8EA6F2647550A6037D ] \Device\Harddisk0\DR0\Partition3
11:49:04.0340 4924 \Device\Harddisk0\DR0\Partition3 - ok
11:49:04.0340 4924 ============================================================
11:49:04.0340 4924 Scan finished
11:49:04.0340 4924 ============================================================
11:49:04.0355 3616 Detected object count: 1
11:49:04.0355 3616 Actual detected object count: 1
11:49:11.0063 3616 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:49:11.0063 3616 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:49:13.0637 4392 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 09:52:53
-----------------------------
09:52:53.899 OS Version: Windows x64 6.1.7601 Service Pack 1
09:52:53.899 Number of processors: 2 586 0x603
09:52:53.899 ComputerName: MARCOS-HP UserName: bombona
09:52:56.535 Initialize success
09:54:11.256 AVAST engine defs: 12090100
09:54:25.035 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
09:54:25.035 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
09:54:25.055 Disk 0 MBR read successfully
09:54:25.055 Disk 0 MBR scan
09:54:25.065 Disk 0 unknown MBR code
09:54:25.065 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:54:25.095 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942267 MB offset 206848
09:54:25.145 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11500 MB offset 1929969664
09:54:25.225 Disk 0 scanning C:\Windows\system32\drivers
09:54:36.175 Service scanning
09:55:06.236 Modules scanning
09:55:06.236 Disk 0 trace - called modules:
09:55:06.252 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:55:06.767 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f1790]
09:55:06.767 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800457f040]
09:55:06.767 5 amd_xata.sys[fffff880010eb8b4] -> nt!IofCallDriver -> \Device\00000050[0xfffffa800457a130]
09:55:09.310 AVAST engine scan C:\Windows
09:55:13.428 AVAST engine scan C:\Windows\system32
09:58:40.302 AVAST engine scan C:\Windows\system32\drivers
09:58:55.543 AVAST engine scan C:\Users\bombona
10:01:48.015 Disk 0 MBR has been saved successfully to "C:\Users\bombona\Desktop\MBR.dat"
10:01:48.077 The log file has been saved successfully to "C:\Users\bombona\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 PM

Posted 01 September 2012 - 10:15 AM

Hi, here are the logs for tdsskiller and aswMBR. I did not post the Eset, When I downloaded this and press start a windows pops up and says to click start to start scanning but under there it says remove found threats and it has a check mark on it, do I uncheck this? Under there it also says scan archives and that one is unchecked.


Checkmark and remove them

#5 jt02

jt02
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 September 2012 - 11:18 AM

Hi, the Eset took a while to scan. Here ar the results:


C:\Users\bombona\AppData\Local\Temp\fx-runtime.exe a variant of Win32/Kryptik.KGY trojan cleaned by deleting - quarantined
C:\Users\marcos\Documents\programas\windows.7.codec.pack.v2.3.0.setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 PM

Posted 01 September 2012 - 01:21 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 jt02

jt02
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 September 2012 - 05:10 PM

Hi. Ran Malwarebytes as instructed and no malicious items were detected on both scans.

Here is the mini tool box log, the FSS log.

MiniToolBox by Farbar Version: 23-07-2012
Ran by bombona (administrator) on 01-09-2012 at 16:58:21
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : marcos-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 2C-27-D7-3E-2F-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a5d6:a7b4:3e1c:20a2%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 01, 2012 4:11:29 PM
Lease Expires . . . . . . . . . . : Sunday, September 02, 2012 4:11:29 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 271329239
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-70-AF-76-2C-27-D7-3E-2F-6D
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.tx.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2001:4860:800a::64
74.125.139.102
74.125.139.101
74.125.139.100
74.125.139.138
74.125.139.139
74.125.139.113


Pinging google.com [74.125.45.100] with 32 bytes of data:
Reply from 74.125.45.100: bytes=32 time=31ms TTL=53
Reply from 74.125.45.100: bytes=32 time=32ms TTL=53

Ping statistics for 74.125.45.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=750ms TTL=51
Reply from 72.30.38.140: bytes=32 time=1061ms TTL=51

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 750ms, Maximum = 1061ms, Average = 905ms
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...2c 27 d7 3e 2f 6d ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 276 fe80::/64 On-link
13 276 fe80::a5d6:a7b4:3e1c:20a2/128
On-link
1 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/01/2012 04:11:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 11:49:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/01/2012 11:49:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2012 11:49:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/01/2012 10:06:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2012 10:05:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2012 10:04:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2012 10:04:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2012 08:34:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 07:18:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/01/2012 04:24:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.1.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/01/2012 04:24:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.1.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/01/2012 04:12:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/01/2012 04:11:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (09/01/2012 04:11:31 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (09/01/2012 00:17:44 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.1.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/01/2012 00:17:44 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.1.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/01/2012 00:10:48 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{40586ca1-87fc-11e0-bd18-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{93AA11EB-01BD-4A65-A635-3264E37E74DB}

Error: (09/01/2012 00:05:23 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{40586ca1-87fc-11e0-bd18-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EE4F5B8F-228F-4E71-A10A-F72D2F1025FC}

Error: (09/01/2012 00:05:08 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{40586ca1-87fc-11e0-bd18-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{99BEF74C-1860-43B7-91C7-2A0E8BED9C50}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.62)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
AI RoboForm 7-1-0 (All Users) (Version: 7-1-0)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.774.0)
Autodesk Design Review 2012 (Version: 12.0.0.98)
Autodesk Design Review Browser Add-on v1.2 (Version: 1.2.0)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Bing Bar (Version: 6.0.2282.0)
Bing Bar Platform (Version: 6.0.2282.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.2.7689)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Full Existing (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Full New (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Light (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0511.2153.37435)
Catalyst Control Center InstallProxy (Version: 2010.0511.2153.37435)
Catalyst Control Center Localization All (Version: 2010.0511.2153.37435)
ccc-core-static (Version: 2010.0511.2153.37435)
ccc-utility64 (Version: 2010.0511.2153.37435)
CCC Help Chinese Standard (Version: 2010.0511.2152.37435)
CCC Help Chinese Traditional (Version: 2010.0511.2152.37435)
CCC Help Czech (Version: 2010.0511.2152.37435)
CCC Help Danish (Version: 2010.0511.2152.37435)
CCC Help Dutch (Version: 2010.0511.2152.37435)
CCC Help English (Version: 2010.0511.2152.37435)
CCC Help Finnish (Version: 2010.0511.2152.37435)
CCC Help French (Version: 2010.0511.2152.37435)
CCC Help German (Version: 2010.0511.2152.37435)
CCC Help Greek (Version: 2010.0511.2152.37435)
CCC Help Hungarian (Version: 2010.0511.2152.37435)
CCC Help Italian (Version: 2010.0511.2152.37435)
CCC Help Japanese (Version: 2010.0511.2152.37435)
CCC Help Korean (Version: 2010.0511.2152.37435)
CCC Help Norwegian (Version: 2010.0511.2152.37435)
CCC Help Polish (Version: 2010.0511.2152.37435)
CCC Help Portuguese (Version: 2010.0511.2152.37435)
CCC Help Russian (Version: 2010.0511.2152.37435)
CCC Help Spanish (Version: 2010.0511.2152.37435)
CCC Help Swedish (Version: 2010.0511.2152.37435)
CCC Help Thai (Version: 2010.0511.2152.37435)
CCC Help Turkish (Version: 2010.0511.2152.37435)
Chuzzle Deluxe (Version: 2.2.0.95)
D3DX10 (Version: 15.4.2368.0902)
Decoder (Version: 1.00.0000)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
DWG TrueView 2012 (Version: 18.2.51.0)
Eco Tycoon Project Green (Version: 1.00.0000)
Farm Frenzy (Version: 2.2.0.95)
Fast Search (Version: 3.3.8)
FATE - The Traitor Soul (Version: 2.2.0.95)
File Type Assistant
Free File Viewer 2011
Google Chrome (Version: 21.0.1180.83)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.2.0.952 (Version: 5.2.0.952)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HitmanPro 3.6 (Version: 3.6.0.160)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Games (Version: 1.0.2.4)
HP LinkUp (Version: 2.01.028)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.6.0)
HP MovieStore (Version: 1.0.045)
HP MovieStore (Version: 2.0)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13253.3682)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 10.1.1000)
HP Update (Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.5.0.0)
Hulu Desktop (Version: 0.9.13)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 34 (Version: 6.0.340)
Junk Mail filter update (Version: 15.4.3502.0922)
Kobo (Version: 1.6)
Lexmark 2300 Series
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Pro700 Series
LightScribe System Software (Version: 1.18.20.1)
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mozilla Thunderbird (3.0.4) (Version: 3.0.4 (en-US))
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
PDF Complete Special Edition (Version: 4.0.35)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4817)
PressReader (Version: 5.10.1217.0)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.6251)
Recovery Manager (Version: 5.5.3621)
Remote Graphics Receiver (Version: 5.4.5)
RoxioNow Player (Version: 1.9.5.103)
Slingo Supreme (Version: 2.2.0.95)
Spybot - Search & Destroy (Version: 1.6.2)
TuneUp Utilities (Version: 9.0.2000.10)
TuneUp Utilities Language Pack (en-US) (Version: 9.0.2000.10)
Unity Web Player (Version: 2.6.1f3_31223)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.36)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Wireless-N Home Surveillance Camera (Version: 1.00.0004)
Yahoo! Toolbar
Zinio Reader 4 (Version: 4.0.3184)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3839.29 MB
Available physical RAM: 1939.55 MB
Total Pagefile: 7676.76 MB
Available Pagefile: 5456.04 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.38 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:920.18 GB) (Free:859.96 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.23 GB) (Free:1.37 GB) NTFS
3 Drive e: (Setup Device) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MARCOS-HP

Administrator bombona Guest
marcos


**** End of log ****



Farbar Service Scanner Version: 06-08-2012
Ran by bombona (administrator) on 01-09-2012 at 17:04:17
Running from "C:\Users\bombona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HFC110Y"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 jt02

jt02
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 September 2012 - 05:14 PM

I am a little confused on the adware cleaner download. I click on the like and then hit run, but then I get this message: adwcleaner.exe is not commonly downloaded and could harm computer and gives me these options: delete, actions and view downloads. What do I do here?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 PM

Posted 01 September 2012 - 05:32 PM

adwcleaner.exe is not commonly downloaded and could harm computer and gives me these options: delete, actions and view downloads. What do I do here?


Disable your antivirus and download

#10 jt02

jt02
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 September 2012 - 05:48 PM

Here is the adware cleaner log:


# AdwCleaner v2.000 - Logfile created 09/01/2012 at 17:41:15
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : bombona - MARCOS-HP
# Boot Mode : Normal
# Running from : C:\Users\bombona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDUTTWLS\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\Users\bombona\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\marcos\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\marcos\AppData\Roaming\Mozilla\Firefox\Profiles\a6b7aenz.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\bombona\AppData\Roaming\Mozilla\Firefox\Profiles\7m5v3tc1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\bombona\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3278 octets] - [01/09/2012 17:41:15]

########## EOF - C:\AdwCleaner[S1].txt - [3338 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 PM

Posted 01 September 2012 - 06:23 PM

DOwnload

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run it,restart the PC

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#12 jt02

jt02
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 September 2012 - 06:45 PM

Hi. Here is the FSS log and Rkill log:


Farbar Service Scanner Version: 06-08-2012
Ran by bombona (administrator) on 01-09-2012 at 18:42:22
Running from "C:\Users\bombona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDUTTWLS"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/01/2012 06:44:19 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\bombona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDUTTWLS\FSS.exe (PID: 4372) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/01/2012 06:44:29 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 PM

Posted 01 September 2012 - 06:55 PM

Press Windows+R key and type

notepad and click ok

Copy this script
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

Click on FILE-SAVE AS

Filename:fix.reg
Save as :All files

Launch the FIX.REG

Click YES when you receive a prompt


Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 jt02

jt02
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 01 September 2012 - 10:39 PM

Hi. I followed these last steps and everything is back to normal. Thank you so much for helping me get rid of this problem. I really appreciated your help. Thank you, again.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 PM

Posted 01 September 2012 - 10:39 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users