Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer will only start in safe mode after running Malware Bytes


  • Please log in to reply
11 replies to this topic

#1 qw3rty3

qw3rty3

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 September 2012 - 01:48 PM

Its a windows 7 laptop, it was full of viruses, the internet was almost unusable, but otherwise worked. I ran MBAM, it found a ton of stuff, said it had to restart. The computer seemed to lock up. I turned it off then back on.

It just goes to a black screen with a white cursor. I can move the mouse around but thats it. ctrl alt delete doesnt do anything. Safe mode still works. I booted into recovery tried startup repair, it said it couldnt fix it.

Any ideas? It seems like it should be fixable since safe mode still works. I really don't want to reinstall windows.

Edited by Budapest, 16 September 2012 - 02:46 PM.
Moved from Win7 ~Budapest


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 16 September 2012 - 01:56 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 qw3rty3

qw3rty3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 September 2012 - 04:15 PM

TDSS:
14:07:32.0646 0944 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:07:33.0473 0944 ============================================================
14:07:33.0473 0944 Current date / time: 2012/09/16 14:07:33.0473
14:07:33.0473 0944 SystemInfo:
14:07:33.0473 0944
14:07:33.0473 0944 OS Version: 6.1.7600 ServicePack: 0.0
14:07:33.0473 0944 Product type: Workstation
14:07:33.0473 0944 ComputerName: RYAN-PC
14:07:33.0473 0944 UserName: ryan
14:07:33.0473 0944 Windows directory: C:\Windows
14:07:33.0473 0944 System windows directory: C:\Windows
14:07:33.0473 0944 Running under WOW64
14:07:33.0473 0944 Processor architecture: Intel x64
14:07:33.0473 0944 Number of processors: 2
14:07:33.0473 0944 Page size: 0x1000
14:07:33.0473 0944 Boot type: Safe boot with network
14:07:33.0473 0944 ============================================================
14:07:34.0128 0944 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:07:34.0128 0944 ============================================================
14:07:34.0128 0944 \Device\Harddisk0\DR0:
14:07:34.0128 0944 MBR partitions:
14:07:34.0128 0944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
14:07:34.0128 0944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
14:07:34.0128 0944 ============================================================
14:07:34.0160 0944 C: <-> \Device\Harddisk0\DR0\Partition2
14:07:34.0160 0944 ============================================================
14:07:34.0160 0944 Initialize success
14:07:34.0160 0944 ============================================================
14:08:20.0772 1436 ============================================================
14:08:20.0772 1436 Scan started
14:08:20.0772 1436 Mode: Manual; TDLFS;
14:08:20.0772 1436 ============================================================
14:08:20.0882 1436 ================ Scan system memory ========================
14:08:20.0882 1436 System memory - ok
14:08:20.0882 1436 ================ Scan services =============================
14:08:21.0038 1436 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:08:21.0038 1436 1394ohci - ok
14:08:21.0069 1436 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
14:08:21.0069 1436 ACPI - ok
14:08:21.0100 1436 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:08:21.0100 1436 AcpiPmi - ok
14:08:21.0209 1436 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:08:21.0225 1436 AdobeFlashPlayerUpdateSvc - ok
14:08:21.0272 1436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:08:21.0272 1436 adp94xx - ok
14:08:21.0318 1436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:08:21.0334 1436 adpahci - ok
14:08:21.0365 1436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:08:21.0365 1436 adpu320 - ok
14:08:21.0396 1436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:08:21.0412 1436 AeLookupSvc - ok
14:08:21.0584 1436 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
14:08:21.0584 1436 AFD - ok
14:08:21.0615 1436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:08:21.0615 1436 agp440 - ok
14:08:21.0646 1436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:08:21.0646 1436 ALG - ok
14:08:21.0693 1436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:08:21.0693 1436 aliide - ok
14:08:21.0693 1436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:08:21.0708 1436 amdide - ok
14:08:21.0724 1436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:08:21.0724 1436 AmdK8 - ok
14:08:21.0755 1436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:08:21.0755 1436 AmdPPM - ok
14:08:21.0802 1436 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:08:21.0802 1436 amdsata - ok
14:08:21.0833 1436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:08:21.0833 1436 amdsbs - ok
14:08:21.0896 1436 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:08:21.0896 1436 amdxata - ok
14:08:21.0927 1436 [ 363571BC0C79E394E69300D1F2E3DDAE ] androidusb C:\Windows\system32\Drivers\androidusb.sys
14:08:21.0927 1436 androidusb - ok
14:08:21.0989 1436 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
14:08:21.0989 1436 AppID - ok
14:08:22.0005 1436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:08:22.0005 1436 AppIDSvc - ok
14:08:22.0020 1436 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
14:08:22.0036 1436 Appinfo - ok
14:08:22.0145 1436 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:08:22.0145 1436 Apple Mobile Device - ok
14:08:22.0176 1436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:08:22.0176 1436 arc - ok
14:08:22.0192 1436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:08:22.0192 1436 arcsas - ok
14:08:22.0254 1436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:08:22.0254 1436 AsyncMac - ok
14:08:22.0286 1436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
14:08:22.0286 1436 atapi - ok
14:08:22.0379 1436 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:08:22.0395 1436 athr - ok
14:08:22.0457 1436 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:08:22.0473 1436 AudioEndpointBuilder - ok
14:08:22.0488 1436 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:08:22.0488 1436 AudioSrv - ok
14:08:22.0785 1436 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
14:08:22.0925 1436 AVGIDSAgent - ok
14:08:22.0972 1436 [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:08:22.0972 1436 AVGIDSDriver - ok
14:08:23.0003 1436 [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:08:23.0003 1436 AVGIDSEH - ok
14:08:23.0019 1436 [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:08:23.0019 1436 AVGIDSFilter - ok
14:08:23.0081 1436 [ FF7383388A7D2283DAE5831ABC2B0720 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
14:08:23.0081 1436 Avgldx64 - ok
14:08:23.0128 1436 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
14:08:23.0128 1436 Avgmfx64 - ok
14:08:23.0159 1436 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
14:08:23.0159 1436 Avgrkx64 - ok
14:08:23.0222 1436 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
14:08:23.0237 1436 Avgtdia - ok
14:08:23.0284 1436 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
14:08:23.0284 1436 avgtp - ok
14:08:23.0315 1436 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
14:08:23.0315 1436 avgwd - ok
14:08:23.0378 1436 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:08:23.0378 1436 AxInstSV - ok
14:08:23.0440 1436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:08:23.0456 1436 b06bdrv - ok
14:08:23.0518 1436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:08:23.0518 1436 b57nd60a - ok
14:08:23.0580 1436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:08:23.0580 1436 BDESVC - ok
14:08:23.0596 1436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:08:23.0596 1436 Beep - ok
14:08:23.0658 1436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:08:23.0658 1436 blbdrive - ok
14:08:23.0783 1436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:08:23.0783 1436 Bonjour Service - ok
14:08:23.0830 1436 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:08:23.0830 1436 bowser - ok
14:08:23.0846 1436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:08:23.0861 1436 BrFiltLo - ok
14:08:23.0877 1436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:08:23.0877 1436 BrFiltUp - ok
14:08:23.0955 1436 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
14:08:23.0955 1436 Browser - ok
14:08:23.0986 1436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:08:23.0986 1436 Brserid - ok
14:08:24.0017 1436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:08:24.0017 1436 BrSerWdm - ok
14:08:24.0048 1436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:08:24.0048 1436 BrUsbMdm - ok
14:08:24.0064 1436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:08:24.0064 1436 BrUsbSer - ok
14:08:24.0095 1436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:08:24.0095 1436 BTHMODEM - ok
14:08:24.0111 1436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:08:24.0111 1436 bthserv - ok
14:08:24.0142 1436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:08:24.0142 1436 cdfs - ok
14:08:24.0142 1436 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:08:24.0158 1436 cdrom - ok
14:08:24.0189 1436 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
14:08:24.0189 1436 CertPropSvc - ok
14:08:24.0220 1436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:08:24.0220 1436 circlass - ok
14:08:24.0251 1436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:08:24.0251 1436 CLFS - ok
14:08:24.0329 1436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:08:24.0345 1436 clr_optimization_v2.0.50727_32 - ok
14:08:24.0392 1436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:08:24.0392 1436 clr_optimization_v2.0.50727_64 - ok
14:08:24.0470 1436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:08:24.0485 1436 clr_optimization_v4.0.30319_32 - ok
14:08:24.0563 1436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:08:24.0563 1436 clr_optimization_v4.0.30319_64 - ok
14:08:24.0626 1436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:08:24.0626 1436 CmBatt - ok
14:08:24.0641 1436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:08:24.0641 1436 cmdide - ok
14:08:24.0688 1436 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
14:08:24.0688 1436 CNG - ok
14:08:24.0750 1436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:08:24.0750 1436 Compbatt - ok
14:08:24.0766 1436 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:08:24.0766 1436 CompositeBus - ok
14:08:24.0766 1436 COMSysApp - ok
14:08:24.0782 1436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:08:24.0797 1436 crcdisk - ok
14:08:24.0844 1436 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:08:24.0844 1436 CryptSvc - ok
14:08:24.0922 1436 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:08:25.0047 1436 DcomLaunch - ok
14:08:25.0078 1436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:08:25.0078 1436 defragsvc - ok
14:08:25.0125 1436 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:08:25.0125 1436 DfsC - ok
14:08:25.0172 1436 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
14:08:25.0172 1436 Dhcp - ok
14:08:25.0203 1436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:08:25.0203 1436 discache - ok
14:08:25.0265 1436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:08:25.0265 1436 Disk - ok
14:08:25.0312 1436 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:08:25.0312 1436 Dnscache - ok
14:08:25.0328 1436 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
14:08:25.0328 1436 dot3svc - ok
14:08:25.0343 1436 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
14:08:25.0359 1436 DPS - ok
14:08:25.0406 1436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:08:25.0421 1436 drmkaud - ok
14:08:25.0515 1436 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:08:25.0530 1436 DsiWMIService - ok
14:08:25.0577 1436 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:08:25.0593 1436 DXGKrnl - ok
14:08:25.0640 1436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:08:25.0655 1436 EapHost - ok
14:08:25.0764 1436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:08:25.0842 1436 ebdrv - ok
14:08:25.0874 1436 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
14:08:25.0874 1436 EFS - ok
14:08:25.0952 1436 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:08:25.0952 1436 ehRecvr - ok
14:08:26.0030 1436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:08:26.0030 1436 ehSched - ok
14:08:26.0061 1436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:08:26.0061 1436 elxstor - ok
14:08:26.0186 1436 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
14:08:26.0201 1436 ePowerSvc - ok
14:08:26.0264 1436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:08:26.0264 1436 ErrDev - ok
14:08:26.0326 1436 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
14:08:26.0326 1436 ETD - ok
14:08:26.0373 1436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:08:26.0373 1436 EventSystem - ok
14:08:26.0435 1436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:08:26.0435 1436 exfat - ok
14:08:26.0451 1436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:08:26.0451 1436 fastfat - ok
14:08:26.0513 1436 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
14:08:26.0529 1436 Fax - ok
14:08:26.0544 1436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:08:26.0544 1436 fdc - ok
14:08:26.0591 1436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:08:26.0591 1436 fdPHost - ok
14:08:26.0607 1436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:08:26.0607 1436 FDResPub - ok
14:08:26.0654 1436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:08:26.0654 1436 FileInfo - ok
14:08:26.0654 1436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:08:26.0654 1436 Filetrace - ok
14:08:26.0669 1436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:08:26.0669 1436 flpydisk - ok
14:08:26.0685 1436 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:08:26.0700 1436 FltMgr - ok
14:08:26.0778 1436 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
14:08:26.0794 1436 FontCache - ok
14:08:26.0825 1436 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:08:26.0841 1436 FontCache3.0.0.0 - ok
14:08:26.0872 1436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:08:26.0872 1436 FsDepends - ok
14:08:26.0903 1436 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:08:26.0903 1436 Fs_Rec - ok
14:08:26.0934 1436 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:08:26.0934 1436 fvevol - ok
14:08:26.0966 1436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:08:26.0966 1436 gagp30kx - ok
14:08:26.0981 1436 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:08:26.0981 1436 GEARAspiWDM - ok
14:08:27.0012 1436 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
14:08:27.0028 1436 gpsvc - ok
14:08:27.0075 1436 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
14:08:27.0075 1436 GREGService - ok
14:08:27.0153 1436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:27.0153 1436 gupdate - ok
14:08:27.0215 1436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:27.0215 1436 gupdatem - ok
14:08:27.0262 1436 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:08:27.0262 1436 gusvc - ok
14:08:27.0278 1436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:08:27.0278 1436 hcw85cir - ok
14:08:27.0324 1436 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:08:27.0324 1436 HdAudAddService - ok
14:08:27.0356 1436 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:08:27.0356 1436 HDAudBus - ok
14:08:27.0402 1436 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:08:27.0402 1436 HECIx64 - ok
14:08:27.0418 1436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:08:27.0418 1436 HidBatt - ok
14:08:27.0434 1436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:08:27.0434 1436 HidBth - ok
14:08:27.0465 1436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:08:27.0465 1436 HidIr - ok
14:08:27.0480 1436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:08:27.0480 1436 hidserv - ok
14:08:27.0512 1436 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:08:27.0512 1436 HidUsb - ok
14:08:27.0558 1436 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:08:27.0558 1436 hkmsvc - ok
14:08:27.0574 1436 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:08:27.0574 1436 HomeGroupListener - ok
14:08:27.0605 1436 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:08:27.0605 1436 HomeGroupProvider - ok
14:08:27.0621 1436 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:08:27.0621 1436 HpSAMD - ok
14:08:27.0652 1436 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:08:27.0668 1436 HTTP - ok
14:08:27.0714 1436 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:08:27.0714 1436 hwpolicy - ok
14:08:27.0730 1436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:08:27.0730 1436 i8042prt - ok
14:08:27.0792 1436 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:08:27.0792 1436 iaStor - ok
14:08:27.0839 1436 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:08:27.0839 1436 IAStorDataMgrSvc - ok
14:08:27.0870 1436 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:08:27.0870 1436 iaStorV - ok
14:08:27.0933 1436 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:08:27.0948 1436 idsvc - ok
14:08:28.0136 1436 [ B744E1375CD1DB3EB7B89781B8C93D9F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:08:28.0307 1436 igfx - ok
14:08:28.0338 1436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:08:28.0354 1436 iirsp - ok
14:08:28.0401 1436 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
14:08:28.0401 1436 IKEEXT - ok
14:08:28.0448 1436 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
14:08:28.0448 1436 Impcd - ok
14:08:28.0510 1436 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:08:28.0572 1436 IntcAzAudAddService - ok
14:08:28.0619 1436 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:08:28.0619 1436 IntcDAud - ok
14:08:28.0650 1436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:08:28.0650 1436 intelide - ok
14:08:28.0682 1436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:08:28.0682 1436 intelppm - ok
14:08:28.0682 1436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:08:28.0682 1436 IPBusEnum - ok
14:08:28.0697 1436 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:08:28.0697 1436 IpFilterDriver - ok
14:08:28.0728 1436 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:08:28.0728 1436 IPMIDRV - ok
14:08:28.0744 1436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:08:28.0744 1436 IPNAT - ok
14:08:28.0791 1436 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:08:28.0806 1436 iPod Service - ok
14:08:28.0838 1436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:08:28.0838 1436 IRENUM - ok
14:08:28.0869 1436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:08:28.0884 1436 isapnp - ok
14:08:28.0900 1436 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:08:28.0900 1436 iScsiPrt - ok
14:08:28.0931 1436 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
14:08:28.0947 1436 k57nd60a - ok
14:08:28.0978 1436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:08:28.0978 1436 kbdclass - ok
14:08:28.0994 1436 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:08:28.0994 1436 kbdhid - ok
14:08:29.0025 1436 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
14:08:29.0025 1436 KeyIso - ok
14:08:29.0056 1436 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:08:29.0056 1436 KSecDD - ok
14:08:29.0072 1436 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:08:29.0072 1436 KSecPkg - ok
14:08:29.0103 1436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:08:29.0103 1436 ksthunk - ok
14:08:29.0134 1436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:08:29.0134 1436 KtmRm - ok
14:08:29.0196 1436 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:08:29.0196 1436 LanmanServer - ok
14:08:29.0228 1436 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:08:29.0228 1436 LanmanWorkstation - ok
14:08:29.0274 1436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:08:29.0274 1436 lltdio - ok
14:08:29.0306 1436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:08:29.0306 1436 lltdsvc - ok
14:08:29.0337 1436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:08:29.0337 1436 lmhosts - ok
14:08:29.0430 1436 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
14:08:29.0430 1436 LMIGuardianSvc - ok
14:08:29.0477 1436 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
14:08:29.0477 1436 LMIInfo - ok
14:08:29.0508 1436 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
14:08:29.0508 1436 LMIMaint - ok
14:08:29.0571 1436 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
14:08:29.0571 1436 lmimirr - ok
14:08:29.0586 1436 LMIRfsClientNP - ok
14:08:29.0618 1436 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
14:08:29.0618 1436 LMIRfsDriver - ok
14:08:29.0680 1436 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:08:29.0696 1436 LMS - ok
14:08:29.0742 1436 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
14:08:29.0742 1436 LogMeIn - ok
14:08:29.0805 1436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:08:29.0805 1436 LSI_FC - ok
14:08:29.0836 1436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:08:29.0836 1436 LSI_SAS - ok
14:08:29.0852 1436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:08:29.0867 1436 LSI_SAS2 - ok
14:08:29.0914 1436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:08:29.0930 1436 LSI_SCSI - ok
14:08:29.0945 1436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:08:29.0945 1436 luafv - ok
14:08:30.0039 1436 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
14:08:30.0039 1436 McComponentHostService - ok
14:08:30.0070 1436 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:08:30.0070 1436 Mcx2Svc - ok
14:08:30.0101 1436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:08:30.0101 1436 megasas - ok
14:08:30.0132 1436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:08:30.0132 1436 MegaSR - ok
14:08:30.0164 1436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:08:30.0164 1436 MMCSS - ok
14:08:30.0195 1436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:08:30.0195 1436 Modem - ok
14:08:30.0226 1436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:08:30.0226 1436 monitor - ok
14:08:30.0273 1436 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
14:08:30.0288 1436 motandroidusb - ok
14:08:30.0320 1436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:08:30.0320 1436 mouclass - ok
14:08:30.0351 1436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:08:30.0366 1436 mouhid - ok
14:08:30.0382 1436 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:08:30.0382 1436 mountmgr - ok
14:08:30.0398 1436 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:08:30.0398 1436 mpio - ok
14:08:30.0429 1436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:08:30.0429 1436 mpsdrv - ok
14:08:30.0444 1436 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:08:30.0444 1436 MRxDAV - ok
14:08:30.0507 1436 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:08:30.0507 1436 mrxsmb - ok
14:08:30.0538 1436 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:08:30.0554 1436 mrxsmb10 - ok
14:08:30.0554 1436 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:08:30.0569 1436 mrxsmb20 - ok
14:08:30.0585 1436 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:08:30.0585 1436 msahci - ok
14:08:30.0632 1436 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:08:30.0632 1436 msdsm - ok
14:08:30.0663 1436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:08:30.0663 1436 MSDTC - ok
14:08:30.0678 1436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:08:30.0678 1436 Msfs - ok
14:08:30.0710 1436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:08:30.0710 1436 mshidkmdf - ok
14:08:30.0756 1436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:08:30.0756 1436 msisadrv - ok
14:08:30.0788 1436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:08:30.0788 1436 MSiSCSI - ok
14:08:30.0803 1436 msiserver - ok
14:08:30.0834 1436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:08:30.0834 1436 MSKSSRV - ok
14:08:30.0866 1436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:08:30.0866 1436 MSPCLOCK - ok
14:08:30.0881 1436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:08:30.0881 1436 MSPQM - ok
14:08:30.0912 1436 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:08:30.0912 1436 MsRPC - ok
14:08:30.0928 1436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:08:30.0928 1436 mssmbios - ok
14:08:30.0944 1436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:08:30.0944 1436 MSTEE - ok
14:08:30.0990 1436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:08:30.0990 1436 MTConfig - ok
14:08:31.0006 1436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:08:31.0006 1436 Mup - ok
14:08:31.0053 1436 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
14:08:31.0053 1436 napagent - ok
14:08:31.0100 1436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:08:31.0115 1436 NativeWifiP - ok
14:08:31.0162 1436 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:08:31.0178 1436 NDIS - ok
14:08:31.0193 1436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:08:31.0193 1436 NdisCap - ok
14:08:31.0209 1436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:08:31.0209 1436 NdisTapi - ok
14:08:31.0224 1436 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:08:31.0224 1436 Ndisuio - ok
14:08:31.0240 1436 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:08:31.0240 1436 NdisWan - ok
14:08:31.0256 1436 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:08:31.0256 1436 NDProxy - ok
14:08:31.0334 1436 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:08:31.0365 1436 Nero BackItUp Scheduler 4.0 - ok
14:08:31.0380 1436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:08:31.0380 1436 NetBIOS - ok
14:08:31.0396 1436 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:08:31.0412 1436 NetBT - ok
14:08:31.0427 1436 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
14:08:31.0427 1436 Netlogon - ok
14:08:31.0474 1436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:08:31.0490 1436 Netman - ok
14:08:31.0536 1436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:08:31.0552 1436 netprofm - ok
14:08:31.0568 1436 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:08:31.0568 1436 NetTcpPortSharing - ok
14:08:31.0614 1436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:08:31.0614 1436 nfrd960 - ok
14:08:31.0630 1436 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:08:31.0646 1436 NlaSvc - ok
14:08:31.0661 1436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:08:31.0661 1436 Npfs - ok
14:08:31.0677 1436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:08:31.0677 1436 nsi - ok
14:08:31.0692 1436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:08:31.0692 1436 nsiproxy - ok
14:08:31.0770 1436 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:08:31.0802 1436 Ntfs - ok
14:08:31.0864 1436 [ 6FD534EDE2905D3C3257CFDD881F9705 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
14:08:31.0864 1436 NTI IScheduleSvc - ok
14:08:31.0895 1436 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
14:08:31.0895 1436 NTIDrvr - ok
14:08:31.0911 1436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:08:31.0911 1436 Null - ok
14:08:31.0942 1436 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:08:31.0942 1436 nvraid - ok
14:08:31.0989 1436 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:08:31.0989 1436 nvstor - ok
14:08:32.0004 1436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:08:32.0004 1436 nv_agp - ok
14:08:32.0067 1436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:08:32.0067 1436 ohci1394 - ok
14:08:32.0098 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:08:32.0098 1436 p2pimsvc - ok
14:08:32.0145 1436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:08:32.0145 1436 p2psvc - ok
14:08:32.0176 1436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:08:32.0176 1436 Parport - ok
14:08:32.0223 1436 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:08:32.0223 1436 partmgr - ok
14:08:32.0238 1436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:08:32.0238 1436 PcaSvc - ok
14:08:32.0270 1436 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
14:08:32.0270 1436 pci - ok
14:08:32.0301 1436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:08:32.0301 1436 pciide - ok
14:08:32.0316 1436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:08:32.0332 1436 pcmcia - ok
14:08:32.0348 1436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:08:32.0348 1436 pcw - ok
14:08:32.0379 1436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:08:32.0379 1436 PEAUTH - ok
14:08:32.0472 1436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:08:32.0488 1436 PerfHost - ok
14:08:32.0535 1436 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
14:08:32.0566 1436 pla - ok
14:08:32.0628 1436 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:08:32.0628 1436 PlugPlay - ok
14:08:32.0644 1436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:08:32.0644 1436 PNRPAutoReg - ok
14:08:32.0660 1436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:08:32.0660 1436 PNRPsvc - ok
14:08:32.0706 1436 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:08:32.0722 1436 PolicyAgent - ok
14:08:32.0753 1436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:08:32.0753 1436 Power - ok
14:08:32.0769 1436 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:08:32.0784 1436 PptpMiniport - ok
14:08:32.0800 1436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:08:32.0800 1436 Processor - ok
14:08:32.0862 1436 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
14:08:32.0862 1436 ProfSvc - ok
14:08:32.0878 1436 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:08:32.0878 1436 ProtectedStorage - ok
14:08:32.0909 1436 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:08:32.0909 1436 Psched - ok
14:08:32.0956 1436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:08:32.0987 1436 ql2300 - ok
14:08:33.0018 1436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:08:33.0018 1436 ql40xx - ok
14:08:33.0065 1436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:08:33.0081 1436 QWAVE - ok
14:08:33.0096 1436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:08:33.0096 1436 QWAVEdrv - ok
14:08:33.0143 1436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:08:33.0143 1436 RasAcd - ok
14:08:33.0174 1436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:08:33.0174 1436 RasAgileVpn - ok
14:08:33.0190 1436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:08:33.0190 1436 RasAuto - ok
14:08:33.0221 1436 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:08:33.0221 1436 Rasl2tp - ok
14:08:33.0237 1436 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
14:08:33.0252 1436 RasMan - ok
14:08:33.0268 1436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:08:33.0268 1436 RasPppoe - ok
14:08:33.0284 1436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:08:33.0284 1436 RasSstp - ok
14:08:33.0299 1436 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:08:33.0299 1436 rdbss - ok
14:08:33.0330 1436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:08:33.0330 1436 rdpbus - ok
14:08:33.0346 1436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:08:33.0346 1436 RDPCDD - ok
14:08:33.0377 1436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:08:33.0377 1436 RDPENCDD - ok
14:08:33.0424 1436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:08:33.0424 1436 RDPREFMP - ok
14:08:33.0455 1436 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:08:33.0455 1436 RDPWD - ok
14:08:33.0486 1436 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:08:33.0486 1436 rdyboost - ok
14:08:33.0533 1436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:08:33.0533 1436 RemoteAccess - ok
14:08:33.0580 1436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:08:33.0580 1436 RemoteRegistry - ok
14:08:33.0580 1436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:08:33.0596 1436 RpcEptMapper - ok
14:08:33.0627 1436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:08:33.0627 1436 RpcLocator - ok
14:08:33.0658 1436 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
14:08:33.0658 1436 RpcSs - ok
14:08:33.0705 1436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:08:33.0705 1436 rspndr - ok
14:08:33.0720 1436 [ 44ED82612403021E36998E1ECB1198F1 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:08:33.0720 1436 RSUSBSTOR - ok
14:08:33.0736 1436 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
14:08:33.0752 1436 SamSs - ok
14:08:33.0783 1436 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:08:33.0783 1436 sbp2port - ok
14:08:33.0798 1436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:08:33.0814 1436 SCardSvr - ok
14:08:33.0830 1436 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:08:33.0830 1436 scfilter - ok
14:08:33.0892 1436 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
14:08:33.0908 1436 Schedule - ok
14:08:33.0939 1436 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:08:33.0939 1436 SCPolicySvc - ok
14:08:33.0986 1436 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:08:33.0986 1436 SDRSVC - ok
14:08:34.0017 1436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:08:34.0017 1436 secdrv - ok
14:08:34.0064 1436 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
14:08:34.0064 1436 seclogon - ok
14:08:34.0095 1436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:08:34.0110 1436 SENS - ok
14:08:34.0126 1436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:08:34.0126 1436 SensrSvc - ok
14:08:34.0157 1436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:08:34.0157 1436 Serenum - ok
14:08:34.0188 1436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:08:34.0188 1436 Serial - ok
14:08:34.0220 1436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:08:34.0220 1436 sermouse - ok
14:08:34.0235 1436 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
14:08:34.0235 1436 SessionEnv - ok
14:08:34.0266 1436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:08:34.0266 1436 sffdisk - ok
14:08:34.0282 1436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:08:34.0282 1436 sffp_mmc - ok
14:08:34.0282 1436 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:08:34.0282 1436 sffp_sd - ok
14:08:34.0298 1436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:08:34.0298 1436 sfloppy - ok
14:08:34.0329 1436 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:08:34.0329 1436 ShellHWDetection - ok
14:08:34.0344 1436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:08:34.0344 1436 SiSRaid2 - ok
14:08:34.0360 1436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:08:34.0376 1436 SiSRaid4 - ok
14:08:34.0391 1436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:08:34.0391 1436 Smb - ok
14:08:34.0422 1436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:08:34.0422 1436 SNMPTRAP - ok
14:08:34.0438 1436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:08:34.0438 1436 spldr - ok
14:08:34.0469 1436 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
14:08:34.0469 1436 Spooler - ok
14:08:34.0547 1436 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
14:08:34.0625 1436 sppsvc - ok
14:08:34.0641 1436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:08:34.0641 1436 sppuinotify - ok
14:08:34.0688 1436 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:08:34.0688 1436 srv - ok
14:08:34.0703 1436 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:08:34.0719 1436 srv2 - ok
14:08:34.0766 1436 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:08:34.0766 1436 srvnet - ok
14:08:34.0781 1436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:08:34.0781 1436 SSDPSRV - ok
14:08:34.0797 1436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:08:34.0797 1436 SstpSvc - ok
14:08:34.0828 1436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:08:34.0828 1436 stexstor - ok
14:08:34.0890 1436 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
14:08:34.0890 1436 stisvc - ok
14:08:34.0937 1436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:08:34.0937 1436 swenum - ok
14:08:34.0953 1436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:08:34.0968 1436 swprv - ok
14:08:35.0015 1436 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
14:08:35.0046 1436 SysMain - ok
14:08:35.0062 1436 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:08:35.0062 1436 TabletInputService - ok
14:08:35.0093 1436 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
14:08:35.0093 1436 TapiSrv - ok
14:08:35.0109 1436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:08:35.0124 1436 TBS - ok
14:08:35.0202 1436 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:08:35.0234 1436 Tcpip - ok
14:08:35.0265 1436 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:08:35.0265 1436 TCPIP6 - ok
14:08:35.0280 1436 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:08:35.0280 1436 tcpipreg - ok
14:08:35.0296 1436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:08:35.0312 1436 TDPIPE - ok
14:08:35.0343 1436 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:08:35.0343 1436 TDTCP - ok
14:08:35.0358 1436 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:08:35.0358 1436 tdx - ok
14:08:35.0374 1436 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:08:35.0374 1436 TermDD - ok
14:08:35.0405 1436 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
14:08:35.0405 1436 TermService - ok
14:08:35.0436 1436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:08:35.0452 1436 Themes - ok
14:08:35.0452 1436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:08:35.0452 1436 THREADORDER - ok
14:08:35.0468 1436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:08:35.0468 1436 TrkWks - ok
14:08:35.0514 1436 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:08:35.0530 1436 TrustedInstaller - ok
14:08:35.0561 1436 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:08:35.0561 1436 tssecsrv - ok
14:08:35.0592 1436 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:08:35.0592 1436 tunnel - ok
14:08:35.0639 1436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:08:35.0639 1436 uagp35 - ok
14:08:35.0655 1436 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:08:35.0655 1436 UBHelper - ok
14:08:35.0686 1436 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:08:35.0686 1436 udfs - ok
14:08:35.0702 1436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:08:35.0702 1436 UI0Detect - ok
14:08:35.0733 1436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:08:35.0733 1436 uliagpkx - ok
14:08:35.0748 1436 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:08:35.0748 1436 umbus - ok
14:08:35.0795 1436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:08:35.0795 1436 UmPass - ok
14:08:35.0920 1436 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:08:35.0967 1436 UNS - ok
14:08:36.0029 1436 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
14:08:36.0029 1436 Updater Service - ok
14:08:36.0060 1436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:08:36.0060 1436 upnphost - ok
14:08:36.0107 1436 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:08:36.0107 1436 USBAAPL64 - ok
14:08:36.0170 1436 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:08:36.0170 1436 usbaudio - ok
14:08:36.0216 1436 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:08:36.0216 1436 usbccgp - ok
14:08:36.0263 1436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:08:36.0263 1436 usbcir - ok
14:08:36.0279 1436 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:08:36.0279 1436 usbehci - ok
14:08:36.0294 1436 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:08:36.0294 1436 usbhub - ok
14:08:36.0341 1436 [ C415FB682EB86E1DF3B2BC4AF3686284 ] USBIODS64 C:\Windows\system32\Drivers\USBIODS64.sys
14:08:36.0341 1436 USBIODS64 - ok
14:08:36.0372 1436 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:08:36.0372 1436 usbohci - ok
14:08:36.0388 1436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:08:36.0388 1436 usbprint - ok
14:08:36.0419 1436 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:08:36.0419 1436 USBSTOR - ok
14:08:36.0435 1436 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:08:36.0435 1436 usbuhci - ok
14:08:36.0482 1436 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:08:36.0482 1436 usbvideo - ok
14:08:36.0497 1436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:08:36.0497 1436 UxSms - ok
14:08:36.0513 1436 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
14:08:36.0528 1436 VaultSvc - ok
14:08:36.0544 1436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:08:36.0544 1436 vdrvroot - ok
14:08:36.0560 1436 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
14:08:36.0575 1436 vds - ok
14:08:36.0606 1436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:08:36.0606 1436 vga - ok
14:08:36.0622 1436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:08:36.0622 1436 VgaSave - ok
14:08:36.0653 1436 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:08:36.0653 1436 vhdmp - ok
14:08:36.0684 1436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:08:36.0684 1436 viaide - ok
14:08:36.0700 1436 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:08:36.0716 1436 volmgr - ok
14:08:36.0731 1436 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:08:36.0731 1436 volmgrx - ok
14:08:36.0762 1436 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
14:08:36.0778 1436 volsnap - ok
14:08:36.0794 1436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:08:36.0794 1436 vsmraid - ok
14:08:36.0840 1436 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
14:08:36.0872 1436 VSS - ok
14:08:36.0996 1436 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
14:08:37.0012 1436 vToolbarUpdater12.2.6 - ok
14:08:37.0028 1436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:08:37.0028 1436 vwifibus - ok
14:08:37.0043 1436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:08:37.0043 1436 vwififlt - ok
14:08:37.0059 1436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:08:37.0059 1436 W32Time - ok
14:08:37.0106 1436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:08:37.0106 1436 WacomPen - ok
14:08:37.0137 1436 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:08:37.0137 1436 WANARP - ok
14:08:37.0152 1436 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:08:37.0152 1436 Wanarpv6 - ok
14:08:37.0199 1436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:08:37.0230 1436 WatAdminSvc - ok
14:08:37.0293 1436 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
14:08:37.0324 1436 wbengine - ok
14:08:37.0340 1436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:08:37.0340 1436 WbioSrvc - ok
14:08:37.0386 1436 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:08:37.0386 1436 wcncsvc - ok
14:08:37.0418 1436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:08:37.0418 1436 WcsPlugInService - ok
14:08:37.0433 1436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:08:37.0433 1436 Wd - ok
14:08:37.0480 1436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:08:37.0480 1436 Wdf01000 - ok
14:08:37.0496 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:08:37.0496 1436 WdiServiceHost - ok
14:08:37.0496 1436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:08:37.0496 1436 WdiSystemHost - ok
14:08:37.0542 1436 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
14:08:37.0542 1436 WebClient - ok
14:08:37.0558 1436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:08:37.0558 1436 Wecsvc - ok
14:08:37.0589 1436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:08:37.0589 1436 wercplsupport - ok
14:08:37.0605 1436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:08:37.0605 1436 WerSvc - ok
14:08:37.0636 1436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:08:37.0636 1436 WfpLwf - ok
14:08:37.0652 1436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:08:37.0652 1436 WIMMount - ok
14:08:37.0652 1436 WinHttpAutoProxySvc - ok
14:08:37.0714 1436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:08:37.0714 1436 Winmgmt - ok
14:08:37.0792 1436 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
14:08:37.0839 1436 WinRM - ok
14:08:37.0886 1436 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:08:37.0886 1436 WinUsb - ok
14:08:37.0917 1436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:08:37.0932 1436 Wlansvc - ok
14:08:38.0042 1436 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:08:38.0088 1436 wlidsvc - ok
14:08:38.0104 1436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:08:38.0104 1436 WmiAcpi - ok
14:08:38.0135 1436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:08:38.0135 1436 wmiApSrv - ok
14:08:38.0166 1436 WMPNetworkSvc - ok
14:08:38.0182 1436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:08:38.0182 1436 WPCSvc - ok
14:08:38.0213 1436 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:08:38.0213 1436 WPDBusEnum - ok
14:08:38.0229 1436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:08:38.0244 1436 ws2ifsl - ok
14:08:38.0244 1436 WSearch - ok
14:08:38.0260 1436 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:08:38.0260 1436 WudfPf - ok
14:08:38.0291 1436 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:08:38.0291 1436 WUDFRd - ok
14:08:38.0307 1436 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:08:38.0307 1436 wudfsvc - ok
14:08:38.0338 1436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:08:38.0338 1436 WwanSvc - ok
14:08:38.0369 1436 ================ Scan global ===============================
14:08:38.0385 1436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:08:38.0432 1436 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
14:08:38.0447 1436 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
14:08:38.0478 1436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:08:38.0494 1436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:08:38.0510 1436 [Global] - ok
14:08:38.0510 1436 ================ Scan MBR ==================================
14:08:38.0525 1436 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:08:39.0087 1436 \Device\Harddisk0\DR0 - ok
14:08:39.0087 1436 ================ Scan VBR ==================================
14:08:39.0087 1436 [ 0CA925DE411155B5F97B51C2C46D94D0 ] \Device\Harddisk0\DR0\Partition1
14:08:39.0087 1436 \Device\Harddisk0\DR0\Partition1 - ok
14:08:39.0118 1436 [ 07E144EE27B0F33CAB7E4BDEB13EE670 ] \Device\Harddisk0\DR0\Partition2
14:08:39.0118 1436 \Device\Harddisk0\DR0\Partition2 - ok
14:08:39.0118 1436 ============================================================
14:08:39.0118 1436 Scan finished
14:08:39.0118 1436 ============================================================
14:08:39.0134 1668 Detected object count: 0
14:08:39.0134 1668 Actual detected object count: 0
14:10:03.0015 1852 Deinitialize success

aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 14:15:17
-----------------------------
14:15:17.402 OS Version: Windows x64 6.1.7600
14:15:17.402 Number of processors: 2 586 0x2505
14:15:17.402 ComputerName: RYAN-PC UserName: ryan
14:15:18.822 Initialize success
14:28:54.797 AVAST engine defs: 12091400
14:29:06.669 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:29:06.669 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:29:06.684 Disk 0 MBR read successfully
14:29:06.684 Disk 0 MBR scan
14:29:06.700 Disk 0 Windows 7 default MBR code
14:29:06.731 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
14:29:06.762 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
14:29:06.762 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
14:29:06.809 Disk 0 scanning C:\Windows\system32\drivers
14:29:15.639 Service scanning
14:29:34.374 Modules scanning
14:29:34.374 Disk 0 trace - called modules:
14:29:34.405 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:29:34.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800458e2f0]
14:29:34.437 3 CLASSPNP.SYS[fffff88001b1943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004427050]
14:29:35.341 AVAST engine scan C:\Windows
14:29:38.149 AVAST engine scan C:\Windows\system32
14:31:04.995 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:31:06.898 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:32:01.108 AVAST engine scan C:\Windows\system32\drivers
14:32:12.137 AVAST engine scan C:\Users\ryan
14:42:19.540 AVAST engine scan C:\ProgramData
14:45:07.818 Scan finished successfully
14:49:40.724 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
14:49:40.724 The log file has been saved successfully to "C:\aswMBR.txt"

eset:
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BIGL6O9\iLividSetupV1[1].exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Users\ryan\AppData\Local\Temp\ICReinstall\cnet2_doubleTwistSetup_exe[1].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\ryan\AppData\Local\Temp\is1598539481\CouponCompanion_us.exe Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4PWDOZCC\743533[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4PWDOZCC\854098c0b41d[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4PWDOZCC\index[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4PWDOZCC\jessica-alba-nude-pictures-1[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4PWDOZCC\lc[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4PWDOZCC\sexy_brooke_burke_pictures_1[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4PWDOZCC\sexy_tara_reid_pictures_1[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9TIX0CZP\743489[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9TIX0CZP\854099c1b41f[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9TIX0CZP\false[1] HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9TIX0CZP\false[2] HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9TIX0CZP\sexy_tara_reid_7[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B20UBSWW\854098c0b418[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B20UBSWW\lc[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B20UBSWW\lc[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\B20UBSWW\sexy_jessica_alba_pictures_1[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\NT89KX8B\lc[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\ryan\Desktop\DooMLoRD_v4_ROOT-zergRush-busybox-su\files\zergRush Android/Exploit.Lotoor.AN trojan cleaned by deleting - quarantined
C:\Windows\Installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Windows\Installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 16 September 2012 - 04:21 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 qw3rty3

qw3rty3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 September 2012 - 05:56 PM

Thanks. ESET seems to have fixed the main problem.

MBAM:
Found nothing

mini toolbox:
MiniToolBox by Farbar Version: 23-07-2012
Ran by ryan (administrator) on 16-09-2012 at 17:33:57
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ryan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
Physical Address. . . . . . . . . : 4C-0F-6E-10-E1-5A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::302f:3e2a:55ed:865e%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.43.87(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 16, 2012 5:10:42 PM
Lease Expires . . . . . . . . . . : Sunday, September 16, 2012 6:10:42 PM
Default Gateway . . . . . . . . . : 192.168.43.1
DHCP Server . . . . . . . . . . . : 192.168.43.1
DHCPv6 IAID . . . . . . . . . . . : 306974574
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-01-DF-5B-88-AE-1D-80-61-55
DNS Servers . . . . . . . . . . . : 192.168.43.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 01106.geek.local
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 88-AE-1D-80-61-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.windstream.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.43.1

Name: google.com
Addresses: 2001:4860:4002:800::1003
74.125.227.7
74.125.227.8
74.125.227.2
74.125.227.4
74.125.227.14
74.125.227.3
74.125.227.0
74.125.227.5
74.125.227.1
74.125.227.9
74.125.227.6


Pinging google.com [74.125.227.6] with 32 bytes of data:
Reply from 74.125.227.6: bytes=32 time=133ms TTL=52
Reply from 74.125.227.6: bytes=32 time=149ms TTL=52

Ping statistics for 74.125.227.6:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 133ms, Maximum = 149ms, Average = 141ms
Server: UnKnown
Address: 192.168.43.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=453ms TTL=50
Reply from 72.30.38.140: bytes=32 time=350ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 350ms, Maximum = 453ms, Average = 401ms
Server: UnKnown
Address: 192.168.43.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...4c 0f 6e 10 e1 5a ......Atheros AR5B97 Wireless Network Adapter
11...88 ae 1d 80 61 55 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.87 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.43.0 255.255.255.0 On-link 192.168.43.87 281
192.168.43.87 255.255.255.255 On-link 192.168.43.87 281
192.168.43.255 255.255.255.255 On-link 192.168.43.87 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.43.87 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.43.87 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::302f:3e2a:55ed:865e/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/16/2012 05:06:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc794
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000005
Fault offset: 0x000000000009c524
Faulting process id: 0x1c8
Faulting application start time: 0xwmiprvse.exe0
Faulting application path: wmiprvse.exe1
Faulting module path: wmiprvse.exe2
Report Id: wmiprvse.exe3

Error: (09/16/2012 04:58:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/16/2012 02:51:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/16/2012 02:07:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/15/2012 10:38:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: hkcmd.exe, version: 7.15.10.2125, time stamp: 0x4bdb0abd
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000005
Fault offset: 0x000000000009c524
Faulting process id: 0x3c0
Faulting application start time: 0xhkcmd.exe0
Faulting application path: hkcmd.exe1
Faulting module path: hkcmd.exe2
Report Id: hkcmd.exe3

Error: (09/15/2012 10:37:57 PM) (Source: LogMeIn Guardian) (User: NT AUTHORITY)NT AUTHORITY
Description: LogMeIn Guardian has detected a problem with the LogMeIn software installed on this machine. The problem is locally identified by the following reference ID: 'e77ec9dc6535de9d70198c21d7f123fb'.

Error: (09/15/2012 08:48:42 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.62.0.140 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1160

Start Time: 01cd93ad3a9fe0b8

Termination Time: 16

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 9e8624a0-ffa0-11e1-ba03-88ae1d806155

Error: (09/15/2012 08:37:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2293

Error: (09/15/2012 08:37:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2293

Error: (09/15/2012 08:37:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/16/2012 05:19:30 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/16/2012 05:19:30 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/16/2012 05:04:08 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/16/2012 05:04:08 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/16/2012 04:58:45 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/16/2012 04:58:45 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/16/2012 04:57:37 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (09/16/2012 04:57:31 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/16/2012 04:57:31 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/16/2012 04:57:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (09/16/2012 05:06:01 PM) (Source: Application Error)(User: )
Description: wmiprvse.exe6.1.7600.163854a5bc794ntdll.dll6.1.7600.169154ec4b137c0000005000000000009c5241c801cd945774fd307dC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\SYSTEM32\ntdll.dllb32a45ac-004a-11e2-9798-88ae1d806155

Error: (09/16/2012 04:58:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\ryan\Desktop\esetsmartinstaller_enu.exe

Error: (09/16/2012 02:51:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\ryan\Desktop\esetsmartinstaller_enu.exe

Error: (09/16/2012 02:07:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\ryan\Desktop\esetsmartinstaller_enu.exe

Error: (09/15/2012 10:38:14 PM) (Source: Application Error)(User: )
Description: hkcmd.exe7.15.10.21254bdb0abdntdll.dll6.1.7600.169154ec4b137c0000005000000000009c5243c001cd93bcb2fa9304C:\Windows\System32\hkcmd.exeC:\Windows\SYSTEM32\ntdll.dllf1c9d3e7-ffaf-11e1-aa5a-88ae1d806155

Error: (09/15/2012 10:37:57 PM) (Source: LogMeIn Guardian)(User: NT AUTHORITY)NT AUTHORITY
Description: e77ec9dc6535de9d70198c21d7f123fb

Error: (09/15/2012 08:48:42 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.140116001cd93ad3a9fe0b816C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe9e8624a0-ffa0-11e1-ba03-88ae1d806155

Error: (09/15/2012 08:37:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2293

Error: (09/15/2012 08:37:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2293

Error: (09/15/2012 08:37:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
Acrobat.com (Version: 1.6.65)
Adaptoid Driver 2.01
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Advertising Center (Version: 0.0.0.2)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2011 (Version: 10.0.1424)
AVG 2011 (Version: 10.0.2437)
AVG Security Toolbar (Version: 12.2.5.32)
Backup Manager Basic (Version: 2.0.0.63)
Beamz Studio (Version: 1.2.0.3)
Best Buy pc app (Version: 3.0.0.0)
Best Buy pc app (Version: 3.1.1.0)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
Conduit Engine (Version: )
CyberLink PowerDVD 9 (Version: 9.0.2829.50)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
ETDWare PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Gateway InfoCentre (Version: 3.02.3000)
Gateway MyBackup (Version: 2.0.0.63)
Gateway Power Management (Version: 5.00.3005)
Gateway Recovery Management (Version: 4.05.3013)
Gateway Registration (Version: 1.03.3003)
Gateway ScreenSaver (Version: 1.1.0121.2010)
Gateway Social Networks (Version: 1.0.1901)
Gateway Updater (Version: 1.02.3001)
Google Chrome (Version: 21.0.1180.89)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.123)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2125)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 33 (Version: 6.0.330)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 4.0.12)
LogMeIn (Version: 4.1.2450)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
McAfee Security Scan Plus (Version: 2.1.121.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.37.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.4.10.100)
NeroExpress (Version: 9.4.37.100)
neroxml (Version: 1.0.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30121)
Searchqu Toolbar (Version: 4.1.0.3188)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
uTorrentBar Toolbar (Version: 6.2.2.4)
Video Web Camera (Version: 1.7.137.706)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Welcome Center (Version: 1.02.3002)
Windows Driver Package - Beamz Interactive, Inc. (USBIODS64) USB (09/01/2009 5.0.1.0) (Version: 09/01/2009 5.0.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 2806.71 MB
Available physical RAM: 1497.48 MB
Total Pagefile: 5611.57 MB
Available Pagefile: 4134.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.3 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:159.47 GB) NTFS

========================= Users: ========================================

User accounts for \\RYAN-PC

Administrator Guest LogMeInRemoteUser
ryan


**** End of log ****

FSS:
Farbar Service Scanner Version: 06-08-2012
Ran by ryan (administrator) on 16-09-2012 at 17:37:51
Running from "C:\Users\ryan\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-18 23:03] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-13 15:36] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-15 21:45] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

adware:
# AdwCleaner v2.002 - Logfile created 09/16/2012 at 17:39:37
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : ryan - RYAN-PC
# Boot Mode : Normal
# Running from : C:\Users\ryan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\ryan\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\ryan\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\ryan\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\ryan\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\ryan\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\ryan\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\ryan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ryan\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\ryan\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\ryan\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\ryan\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\ryan\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B1682BAB-5B01-4DE5-A867-3373A6B4E282}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B1682BAB-5B01-4DE5-A867-3373A6B4E282}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10EF77E8-85D7-4E22-83E7-EEC240372E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20EDCEDB-FA27-4FCE-BD41-B6C7C761D39D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={526711EF-9E4A-4648-A2BE-746C7FB36155}&mid=5626b831968b47d1915759e75b6488a6-4940e4c1127e271cf0d374badbf78c7050d178b9&lang=en&ds=od011&pr=sa&d=2012-07-23 18:14:42&v=12.2.5.32&sap=nt --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxps://isearch.avg.com/?cid={526711EF-9E4A-4648-A2BE-746C7FB36155}&mid=5626b831968b47d1915759e75b6488a6-4940e4c1127e271cf0d374badbf78c7050d178b9&lang=en&ds=od011&pr=sa&d=2012-07-23 18:14:42&v=12.1.0.21&sap=hp" ]
Deleted [l.41] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=400&systemid=406&sr=0&q={searchTerms}"
Deleted [l.903] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.1180] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxps://isearch.avg.com/?cid={526711EF-9E4A-4648-A2BE-746C7FB36155}&mid=5626b831968b47d1915759e75b6488a6-4940e4c1127e271cf0d374badbf78c7050d178b9&lang=en&ds=od011&pr=sa&d=2012-07-23 18:14:42&v=12.1.0.21&sap=hp" ]

*************************

AdwCleaner[S1].txt - [14176 octets] - [16/09/2012 17:39:37]

########## EOF - C:\AdwCleaner[S1].txt - [14237 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 16 September 2012 - 06:08 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 qw3rty3

qw3rty3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 September 2012 - 08:00 PM

rkill has been running for over an hour. Its stuck on searching for missing digital signatures. Should I let it keep going?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 16 September 2012 - 08:47 PM

Run it in safemode with networking

#9 qw3rty3

qw3rty3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 September 2012 - 09:26 PM

FSS2:
Farbar Service Scanner Version: 06-08-2012
Ran by ryan (administrator) on 16-09-2012 at 18:28:06
Running from "C:\Users\ryan\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-18 23:03] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-13 15:36] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-15 21:45] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

rkill:
Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2012 09:17:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\ryan\AppData\Local\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\ [ZA Dir]
* C:\Users\ryan\AppData\Local\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\@ [ZA File]
* C:\Users\ryan\AppData\Local\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\L\ [ZA Dir]
* C:\Users\ryan\AppData\Local\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\U\ [ZA Dir]
* C:\Windows\installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\ [ZA Dir]
* C:\Windows\installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\@ [ZA File]
* C:\Windows\installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\L\ [ZA Dir]
* C:\Windows\installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\L\00000004.@ [ZA File]
* C:\Windows\installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\L\1afb2d56 [ZA File]
* C:\Windows\installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\L\201d3dde [ZA File]
* C:\Windows\installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\U\ [ZA Dir]
* C:\Windows\installer\{4080ac87-b8c6-dcf7-d963-4ec37e038192}\U\80000064.@ [ZA File]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/16/2012 09:17:19 PM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)

Autoruns:
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acer ePower Management" "ePowerTray" "Acer Incorporated" "c:\program files\gateway\gateway power management\epowertray.exe"
+ "ETDWare" "ETD Control Center" "ELAN Microelectronic Corp." "c:\program files\elantech\etdctrl.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "LogMeIn GUI" "LogMeIn Desktop Application" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\logmeinsystray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "PLFSetI" "DefaultSettingEXE MFC Application" "" "c:\windows\plfseti.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adaptoid Configurator" "Adaptoid NA1 Keyboard and Mouse Mapper" "Wish Technologies, Inc." "c:\program files (x86)\adaptoid\wishd201.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgtray.exe"
+ "BackupManagerTray" "Gateway MyBackup" "NewTech Infosystems, Inc." "c:\program files (x86)\newtech infosystems\gateway mybackup\backupmanagertray.exe"
+ "Camera Assistant Software" "traybar" "Chicony" "c:\program files (x86)\video web camera\traybar.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "LManager" "Launch Manager" "Dritek System Inc." "c:\program files (x86)\launch manager\lmanager.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "ROC_ROC_JULY_P1" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe"
+ "vProt" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\2.1.121\ssscheduler.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\users\ryan\appdata\local\facebook\update\facebookupdate.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgppa.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgsea.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgse.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgse.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgssiea.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg64.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.7.7725.1624\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\identity protection\agent\bin\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "DsiWMIService" "Dritek WMI Service" "Dritek System Inc." "c:\program files (x86)\launch manager\dsiwmis.exe"
+ "ePowerSvc" "Acer ePower Service" "Acer Incorporated" "c:\program files\gateway\gateway power management\epowersvc.exe"
+ "GREGService" "Global Registration Service" "Acer Incorporated" "c:\program files (x86)\gateway\registration\gregsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\lmiguardiansvc.exe"
+ "LMIMaint" "LogMeIn Maintenance Service" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\ramaint.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "LogMeIn" "LogMeIn" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\logmein.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\2.1.121\mcchsvc.exe"
+ "Nero BackItUp Scheduler 4.0" "Nero BackItUp Scheduler 4.0 is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP." "Nero AG" "c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe"
+ "NTI IScheduleSvc" "NTI IShadow Manage backup/Sync jobs and etc..." "NewTech Infosystems, Inc." "c:\program files (x86)\newtech infosystems\gateway mybackup\ischedulesvc.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "Updater Service" "Updater Service" "Acer Group" "c:\program files\gateway\gateway updater\updaterservice.exe"
+ "vToolbarUpdater12.2.6" "ToolbarU Application" "" "c:\program files (x86)\common files\avg secure search\vtoolbarupdater\12.2.6\toolbarupdater.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "androidusb" "ADB Interface" "Google Inc" "c:\windows\system32\drivers\androidusb.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriver.sys"
+ "AVGIDSEH" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidseh.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilter.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx64.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "ETD" "ETD Control Center" "ELAN Microelectronic Corp." "c:\windows\system32\drivers\etd.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "k57nd60a" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60a.sys"
+ "LMIInfo" "RemotelyAnywhere Kernel Information Provider" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\rainfo.sys"
+ "lmimirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "motandroidusb" "ADB Interface" "Motorola" "c:\windows\system32\drivers\motoandroid.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NewTech Infosystems, Inc." "c:\windows\system32\drivers\ntidrvr.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "UBHelper" "NTI CDROM Filter Driver" "NewTech Infosystems Corporation" "c:\windows\system32\drivers\ubhelper.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "USBIODS64" "" "HumanBeams, Inc." "c:\windows\system32\drivers\usbiods64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\racodec.ax"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files (x86)\logmein\x64\racodec.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Audio Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files (x86)\windows media components\encoder\wmprevu.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder (PDVD9)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD9)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD9)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter (PDVD9)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudiocd.ax"
+ "Cyberlink Demuxer 2.0" "CLDemuxer2" "Cyberlink" "c:\program files (x86)\cyberlink\powerdvd9\navfilter\cldemuxer2.ax"
+ "CyberLink Digest Filter (PDVD9)" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\cyberlink\powerdvd9\digestfilter.dll"
+ "CyberLink DVD Navigator (PDVD9)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clnavx.ax"
+ "CyberLink FLV Splitter (PDVD9)" "CyberLink FLV Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clflvsplitter.ax"
+ "CyberLink HD/BD Mixer (PDVD9)" "CLHBMixer" " " "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clhbmixer.ax"
+ "CyberLink Line21 Decoder (PDVD9)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clline21.ax"
+ "CyberLink Matroska Splitter (PDVD9)" "CyberLink Matroska Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clmkvsplter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD9)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clm4splt.ax"
+ "CyberLink RealAudio Decoder (PDVD9)" "CyberLink RealMedia Audio Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clrmaud.ax"
+ "CyberLink RealMedia Splitter (PDVD9)" "CyberLink RealMedia Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clrmsplitter.ax"
+ "CyberLink RealVideo Decoder (PDVD9)" "CyberLink RealMedia Video Decoder" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clrmvd.ax"
+ "Cyberlink SubTitle Importor (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD9)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clauts.ax"
+ "CyberLink Tzan Filter (PDVD9)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\cltzan.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clvsd.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files (x86)\logmein\x86\racodec.ax"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files (x86)\logmein\x86\racodec.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "WME Record Queue" "Microsoft Corporation" "c:\program files (x86)\windows media components\encoder\wmedque.dll"
+ "Video Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files (x86)\windows media components\encoder\wmprevu.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMEnc Screen Capture Filter" "WMESrcWp Module" "Microsoft Corporation" "c:\program files (x86)\windows media components\encoder\wmesrcwp.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync" "AVG Cache Server" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgchsva.exe"
+ "C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg10\avgrsa.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll " "" "" "File not found: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll "
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "LogMeInCredProv" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\Windows\System32\Gateway.scr" "Screen Saver" "" "c:\windows\system32\gateway.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 16 September 2012 - 09:30 PM

Run RKILL again and post the new log

Edited by narenxp, 16 September 2012 - 09:42 PM.


#11 qw3rty3

qw3rty3
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 September 2012 - 09:37 PM

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2012 09:36:59 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/16/2012 09:37:04 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:25 AM

Posted 16 September 2012 - 09:43 PM

Looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users