Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got the ransomware FBI Pop Ups


  • Please log in to reply
28 replies to this topic

#1 Jiggity

Jiggity

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 19 September 2012 - 09:25 PM

I received this pop up and I get certain error messages when starting my computer now, any help here is greatly appreciated!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 19 September 2012 - 09:25 PM

Can you boot into safemode with networking?

#3 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 20 September 2012 - 07:47 PM

Yes, I can do that.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 20 September 2012 - 08:01 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 21 September 2012 - 09:47 AM

Here's the TDSS results:

10:43:44.0831 4620 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:43:45.0112 4620 ============================================================
10:43:45.0112 4620 Current date / time: 2012/09/21 10:43:45.0112
10:43:45.0112 4620 SystemInfo:
10:43:45.0112 4620
10:43:45.0128 4620 OS Version: 6.1.7601 ServicePack: 1.0
10:43:45.0128 4620 Product type: Workstation
10:43:45.0128 4620 ComputerName: JACK-PC
10:43:45.0128 4620 UserName: Jack
10:43:45.0128 4620 Windows directory: C:\Windows
10:43:45.0128 4620 System windows directory: C:\Windows
10:43:45.0128 4620 Running under WOW64
10:43:45.0128 4620 Processor architecture: Intel x64
10:43:45.0128 4620 Number of processors: 2
10:43:45.0128 4620 Page size: 0x1000
10:43:45.0128 4620 Boot type: Normal boot
10:43:45.0128 4620 ============================================================
10:43:46.0126 4620 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:43:46.0126 4620 ============================================================
10:43:46.0126 4620 \Device\Harddisk0\DR0:
10:43:46.0126 4620 MBR partitions:
10:43:46.0126 4620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
10:43:46.0126 4620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0
10:43:46.0126 4620 ============================================================
10:43:46.0220 4620 C: <-> \Device\Harddisk0\DR0\Partition2
10:43:46.0220 4620 ============================================================
10:43:46.0220 4620 Initialize success
10:43:46.0220 4620 ============================================================
10:44:22.0942 4276 ============================================================
10:44:22.0942 4276 Scan started
10:44:22.0942 4276 Mode: Manual; TDLFS;
10:44:22.0942 4276 ============================================================
10:44:23.0161 4276 ================ Scan system memory ========================
10:44:23.0161 4276 System memory - ok
10:44:23.0161 4276 ================ Scan services =============================
10:44:23.0270 4276 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:44:23.0270 4276 1394ohci - ok
10:44:23.0317 4276 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:44:23.0317 4276 ACPI - ok
10:44:23.0348 4276 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:44:23.0348 4276 AcpiPmi - ok
10:44:23.0379 4276 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:44:23.0395 4276 adp94xx - ok
10:44:23.0426 4276 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:44:23.0426 4276 adpahci - ok
10:44:23.0441 4276 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:44:23.0441 4276 adpu320 - ok
10:44:23.0473 4276 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:44:23.0473 4276 AeLookupSvc - ok
10:44:23.0504 4276 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:44:23.0519 4276 AFD - ok
10:44:23.0535 4276 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:44:23.0535 4276 agp440 - ok
10:44:23.0691 4276 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
10:44:23.0691 4276 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
10:44:23.0691 4276 Akamai ( HiddenFile.Multi.Generic ) - warning
10:44:23.0691 4276 Akamai - detected HiddenFile.Multi.Generic (1)
10:44:23.0722 4276 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:44:23.0722 4276 ALG - ok
10:44:23.0753 4276 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:44:23.0753 4276 aliide - ok
10:44:23.0769 4276 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:44:23.0769 4276 amdide - ok
10:44:23.0800 4276 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:44:23.0800 4276 AmdK8 - ok
10:44:23.0816 4276 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:44:23.0816 4276 AmdPPM - ok
10:44:23.0863 4276 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:44:23.0863 4276 amdsata - ok
10:44:23.0878 4276 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:44:23.0894 4276 amdsbs - ok
10:44:23.0909 4276 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:44:23.0909 4276 amdxata - ok
10:44:23.0941 4276 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:44:23.0941 4276 AppID - ok
10:44:23.0956 4276 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:44:23.0956 4276 AppIDSvc - ok
10:44:23.0972 4276 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:44:23.0972 4276 Appinfo - ok
10:44:24.0034 4276 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:44:24.0034 4276 Apple Mobile Device - ok
10:44:24.0065 4276 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:44:24.0065 4276 arc - ok
10:44:24.0081 4276 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:44:24.0081 4276 arcsas - ok
10:44:24.0097 4276 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:44:24.0097 4276 AsyncMac - ok
10:44:24.0112 4276 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:44:24.0128 4276 atapi - ok
10:44:24.0159 4276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:44:24.0175 4276 AudioEndpointBuilder - ok
10:44:24.0190 4276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:44:24.0190 4276 AudioSrv - ok
10:44:24.0221 4276 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:44:24.0221 4276 AxInstSV - ok
10:44:24.0253 4276 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:44:24.0268 4276 b06bdrv - ok
10:44:24.0299 4276 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:44:24.0299 4276 b57nd60a - ok
10:44:24.0346 4276 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:44:24.0346 4276 BDESVC - ok
10:44:24.0346 4276 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:44:24.0346 4276 Beep - ok
10:44:24.0393 4276 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:44:24.0409 4276 BFE - ok
10:44:24.0471 4276 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:44:24.0487 4276 BITS - ok
10:44:24.0502 4276 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:44:24.0502 4276 blbdrive - ok
10:44:24.0565 4276 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:44:24.0580 4276 Bonjour Service - ok
10:44:24.0611 4276 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:44:24.0611 4276 bowser - ok
10:44:24.0627 4276 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:44:24.0627 4276 BrFiltLo - ok
10:44:24.0643 4276 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:44:24.0643 4276 BrFiltUp - ok
10:44:24.0689 4276 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:44:24.0689 4276 BridgeMP - ok
10:44:24.0721 4276 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:44:24.0721 4276 Browser - ok
10:44:24.0736 4276 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:44:24.0736 4276 Brserid - ok
10:44:24.0752 4276 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:44:24.0752 4276 BrSerWdm - ok
10:44:24.0767 4276 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:44:24.0767 4276 BrUsbMdm - ok
10:44:24.0783 4276 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:44:24.0783 4276 BrUsbSer - ok
10:44:24.0799 4276 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:44:24.0799 4276 BTHMODEM - ok
10:44:24.0830 4276 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:44:24.0830 4276 bthserv - ok
10:44:24.0861 4276 catchme - ok
10:44:24.0892 4276 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:44:24.0892 4276 cdfs - ok
10:44:24.0923 4276 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:44:24.0923 4276 cdrom - ok
10:44:24.0955 4276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:44:24.0955 4276 CertPropSvc - ok
10:44:24.0970 4276 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:44:24.0970 4276 circlass - ok
10:44:25.0001 4276 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:44:25.0001 4276 CLFS - ok
10:44:25.0048 4276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:44:25.0048 4276 clr_optimization_v2.0.50727_32 - ok
10:44:25.0095 4276 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:44:25.0095 4276 clr_optimization_v2.0.50727_64 - ok
10:44:25.0157 4276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:44:25.0157 4276 clr_optimization_v4.0.30319_32 - ok
10:44:25.0173 4276 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:44:25.0173 4276 clr_optimization_v4.0.30319_64 - ok
10:44:25.0204 4276 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:44:25.0204 4276 CmBatt - ok
10:44:25.0235 4276 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:44:25.0235 4276 cmdide - ok
10:44:25.0267 4276 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:44:25.0267 4276 CNG - ok
10:44:25.0313 4276 [ CB0E01A5A433B5BCC6F760E01CA9CD8B ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:44:25.0329 4276 CnxtHdAudService - ok
10:44:25.0345 4276 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:44:25.0345 4276 Compbatt - ok
10:44:25.0376 4276 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:44:25.0376 4276 CompositeBus - ok
10:44:25.0391 4276 COMSysApp - ok
10:44:25.0407 4276 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:44:25.0407 4276 crcdisk - ok
10:44:25.0438 4276 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:44:25.0438 4276 CryptSvc - ok
10:44:25.0469 4276 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:44:25.0485 4276 CtClsFlt - ok
10:44:25.0516 4276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:44:25.0516 4276 DcomLaunch - ok
10:44:25.0547 4276 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:44:25.0547 4276 defragsvc - ok
10:44:25.0579 4276 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:44:25.0579 4276 DfsC - ok
10:44:25.0610 4276 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:44:25.0625 4276 Dhcp - ok
10:44:25.0625 4276 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:44:25.0625 4276 discache - ok
10:44:25.0641 4276 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:44:25.0657 4276 Disk - ok
10:44:25.0672 4276 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:44:25.0672 4276 Dnscache - ok
10:44:25.0719 4276 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
10:44:25.0719 4276 DockLoginService - ok
10:44:25.0750 4276 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:44:25.0750 4276 dot3svc - ok
10:44:25.0781 4276 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:44:25.0781 4276 DPS - ok
10:44:25.0813 4276 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:44:25.0813 4276 drmkaud - ok
10:44:25.0859 4276 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:44:25.0875 4276 DXGKrnl - ok
10:44:25.0891 4276 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:44:25.0891 4276 EapHost - ok
10:44:25.0953 4276 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:44:26.0000 4276 ebdrv - ok
10:44:26.0031 4276 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:44:26.0031 4276 EFS - ok
10:44:26.0062 4276 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:44:26.0078 4276 ehRecvr - ok
10:44:26.0109 4276 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:44:26.0109 4276 ehSched - ok
10:44:26.0140 4276 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:44:26.0140 4276 elxstor - ok
10:44:26.0171 4276 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:44:26.0171 4276 ErrDev - ok
10:44:26.0203 4276 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:44:26.0203 4276 EventSystem - ok
10:44:26.0218 4276 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:44:26.0218 4276 exfat - ok
10:44:26.0234 4276 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:44:26.0234 4276 fastfat - ok
10:44:26.0281 4276 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:44:26.0296 4276 Fax - ok
10:44:26.0312 4276 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:44:26.0312 4276 fdc - ok
10:44:26.0327 4276 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:44:26.0327 4276 fdPHost - ok
10:44:26.0343 4276 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:44:26.0343 4276 FDResPub - ok
10:44:26.0343 4276 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:44:26.0343 4276 FileInfo - ok
10:44:26.0359 4276 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:44:26.0359 4276 Filetrace - ok
10:44:26.0374 4276 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:44:26.0374 4276 flpydisk - ok
10:44:26.0405 4276 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:44:26.0405 4276 FltMgr - ok
10:44:26.0452 4276 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:44:26.0468 4276 FontCache - ok
10:44:26.0515 4276 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:44:26.0530 4276 FontCache3.0.0.0 - ok
10:44:26.0546 4276 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:44:26.0546 4276 FsDepends - ok
10:44:26.0561 4276 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:44:26.0561 4276 Fs_Rec - ok
10:44:26.0593 4276 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:44:26.0593 4276 fvevol - ok
10:44:26.0608 4276 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:44:26.0608 4276 gagp30kx - ok
10:44:26.0671 4276 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:44:26.0671 4276 GEARAspiWDM - ok
10:44:26.0717 4276 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
10:44:26.0717 4276 GoToAssist - ok
10:44:26.0795 4276 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:44:26.0827 4276 gpsvc - ok
10:44:26.0951 4276 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:44:26.0951 4276 gupdate - ok
10:44:26.0967 4276 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:44:26.0967 4276 gupdatem - ok
10:44:27.0029 4276 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:44:27.0029 4276 gusvc - ok
10:44:27.0045 4276 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:44:27.0045 4276 hcw85cir - ok
10:44:27.0076 4276 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:44:27.0076 4276 HDAudBus - ok
10:44:27.0107 4276 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:44:27.0107 4276 HidBatt - ok
10:44:27.0123 4276 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:44:27.0123 4276 HidBth - ok
10:44:27.0139 4276 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:44:27.0139 4276 HidIr - ok
10:44:27.0170 4276 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:44:27.0170 4276 hidserv - ok
10:44:27.0201 4276 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:44:27.0201 4276 HidUsb - ok
10:44:27.0232 4276 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:44:27.0232 4276 hkmsvc - ok
10:44:27.0263 4276 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:44:27.0263 4276 HomeGroupListener - ok
10:44:27.0295 4276 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:44:27.0295 4276 HomeGroupProvider - ok
10:44:27.0310 4276 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:44:27.0310 4276 HpSAMD - ok
10:44:27.0357 4276 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:44:27.0373 4276 HTTP - ok
10:44:27.0404 4276 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:44:27.0404 4276 hwpolicy - ok
10:44:27.0435 4276 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:44:27.0435 4276 i8042prt - ok
10:44:27.0466 4276 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:44:27.0466 4276 iaStorV - ok
10:44:27.0497 4276 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:44:27.0529 4276 idsvc - ok
10:44:27.0685 4276 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:44:27.0841 4276 igfx - ok
10:44:27.0872 4276 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:44:27.0872 4276 iirsp - ok
10:44:27.0903 4276 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:44:27.0919 4276 IKEEXT - ok
10:44:27.0950 4276 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:44:27.0950 4276 intelide - ok
10:44:27.0965 4276 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:44:27.0965 4276 intelppm - ok
10:44:27.0997 4276 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:44:27.0997 4276 IPBusEnum - ok
10:44:28.0043 4276 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:44:28.0043 4276 IpFilterDriver - ok
10:44:28.0090 4276 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:44:28.0106 4276 iphlpsvc - ok
10:44:28.0106 4276 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:44:28.0121 4276 IPMIDRV - ok
10:44:28.0121 4276 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:44:28.0121 4276 IPNAT - ok
10:44:28.0199 4276 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:44:28.0199 4276 iPod Service - ok
10:44:28.0215 4276 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:44:28.0215 4276 IRENUM - ok
10:44:28.0277 4276 is3srv - ok
10:44:28.0309 4276 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:44:28.0309 4276 isapnp - ok
10:44:28.0324 4276 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:44:28.0324 4276 iScsiPrt - ok
10:44:28.0340 4276 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:44:28.0340 4276 kbdclass - ok
10:44:28.0371 4276 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:44:28.0371 4276 kbdhid - ok
10:44:28.0387 4276 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:44:28.0387 4276 KeyIso - ok
10:44:28.0418 4276 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:44:28.0418 4276 KSecDD - ok
10:44:28.0465 4276 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:44:28.0465 4276 KSecPkg - ok
10:44:28.0465 4276 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:44:28.0465 4276 ksthunk - ok
10:44:28.0511 4276 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:44:28.0511 4276 KtmRm - ok
10:44:28.0543 4276 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:44:28.0543 4276 LanmanServer - ok
10:44:28.0574 4276 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:44:28.0574 4276 LanmanWorkstation - ok
10:44:28.0589 4276 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:44:28.0589 4276 lltdio - ok
10:44:28.0621 4276 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:44:28.0621 4276 lltdsvc - ok
10:44:28.0636 4276 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:44:28.0636 4276 lmhosts - ok
10:44:28.0652 4276 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:44:28.0652 4276 LSI_FC - ok
10:44:28.0667 4276 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:44:28.0667 4276 LSI_SAS - ok
10:44:28.0683 4276 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:44:28.0683 4276 LSI_SAS2 - ok
10:44:28.0699 4276 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:44:28.0699 4276 LSI_SCSI - ok
10:44:28.0730 4276 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:44:28.0730 4276 luafv - ok
10:44:28.0761 4276 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:44:28.0761 4276 MBAMProtector - ok
10:44:28.0823 4276 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Malwarebytes' Anti-Malware\mbamservice.exe
10:44:28.0855 4276 MBAMService - ok
10:44:28.0855 4276 McShield - ok
10:44:28.0855 4276 McSysmon - ok
10:44:28.0886 4276 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:44:28.0886 4276 Mcx2Svc - ok
10:44:28.0901 4276 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:44:28.0901 4276 megasas - ok
10:44:28.0917 4276 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:44:28.0917 4276 MegaSR - ok
10:44:28.0948 4276 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:44:28.0948 4276 MMCSS - ok
10:44:28.0964 4276 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:44:28.0964 4276 Modem - ok
10:44:28.0979 4276 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:44:28.0979 4276 monitor - ok
10:44:28.0995 4276 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:44:28.0995 4276 mouclass - ok
10:44:29.0011 4276 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:44:29.0011 4276 mouhid - ok
10:44:29.0057 4276 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:44:29.0057 4276 mountmgr - ok
10:44:29.0089 4276 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:44:29.0089 4276 mpio - ok
10:44:29.0104 4276 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:44:29.0104 4276 mpsdrv - ok
10:44:29.0155 4276 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:44:29.0175 4276 MpsSvc - ok
10:44:29.0195 4276 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:44:29.0195 4276 MRxDAV - ok
10:44:29.0225 4276 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:44:29.0225 4276 mrxsmb - ok
10:44:29.0255 4276 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:44:29.0255 4276 mrxsmb10 - ok
10:44:29.0275 4276 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:44:29.0275 4276 mrxsmb20 - ok
10:44:29.0295 4276 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:44:29.0295 4276 msahci - ok
10:44:29.0325 4276 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:44:29.0325 4276 msdsm - ok
10:44:29.0345 4276 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:44:29.0345 4276 MSDTC - ok
10:44:29.0375 4276 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:44:29.0375 4276 Msfs - ok
10:44:29.0385 4276 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:44:29.0395 4276 mshidkmdf - ok
10:44:29.0405 4276 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:44:29.0405 4276 msisadrv - ok
10:44:29.0425 4276 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:44:29.0435 4276 MSiSCSI - ok
10:44:29.0435 4276 msiserver - ok
10:44:29.0465 4276 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:44:29.0475 4276 MSKSSRV - ok
10:44:29.0485 4276 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:44:29.0485 4276 MSPCLOCK - ok
10:44:29.0505 4276 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:44:29.0505 4276 MSPQM - ok
10:44:29.0535 4276 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:44:29.0535 4276 MsRPC - ok
10:44:29.0555 4276 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:44:29.0555 4276 mssmbios - ok
10:44:29.0565 4276 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:44:29.0575 4276 MSTEE - ok
10:44:29.0585 4276 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:44:29.0595 4276 MTConfig - ok
10:44:29.0605 4276 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:44:29.0605 4276 Mup - ok
10:44:29.0635 4276 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:44:29.0655 4276 napagent - ok
10:44:29.0685 4276 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:44:29.0685 4276 NativeWifiP - ok
10:44:29.0735 4276 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:44:29.0745 4276 NDIS - ok
10:44:29.0765 4276 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:44:29.0765 4276 NdisCap - ok
10:44:29.0785 4276 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:44:29.0785 4276 NdisTapi - ok
10:44:29.0805 4276 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:44:29.0805 4276 Ndisuio - ok
10:44:29.0845 4276 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:44:29.0845 4276 NdisWan - ok
10:44:29.0875 4276 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:44:29.0885 4276 NDProxy - ok
10:44:29.0895 4276 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:44:29.0895 4276 NetBIOS - ok
10:44:29.0925 4276 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:44:29.0925 4276 NetBT - ok
10:44:29.0935 4276 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:44:29.0935 4276 Netlogon - ok
10:44:29.0965 4276 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:44:29.0975 4276 Netman - ok
10:44:29.0985 4276 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:44:29.0995 4276 netprofm - ok
10:44:30.0025 4276 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:44:30.0025 4276 NetTcpPortSharing - ok
10:44:30.0045 4276 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:44:30.0045 4276 nfrd960 - ok
10:44:30.0075 4276 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:44:30.0075 4276 NlaSvc - ok
10:44:30.0085 4276 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:44:30.0085 4276 Npfs - ok
10:44:30.0095 4276 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:44:30.0095 4276 nsi - ok
10:44:30.0105 4276 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:44:30.0115 4276 nsiproxy - ok
10:44:30.0155 4276 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:44:30.0185 4276 Ntfs - ok
10:44:30.0195 4276 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:44:30.0195 4276 Null - ok
10:44:30.0225 4276 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:44:30.0235 4276 nvraid - ok
10:44:30.0255 4276 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:44:30.0255 4276 nvstor - ok
10:44:30.0285 4276 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:44:30.0295 4276 nv_agp - ok
10:44:30.0345 4276 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:44:30.0355 4276 odserv - ok
10:44:30.0385 4276 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:44:30.0385 4276 ohci1394 - ok
10:44:30.0425 4276 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:44:30.0425 4276 ose - ok
10:44:30.0445 4276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:44:30.0455 4276 p2pimsvc - ok
10:44:30.0465 4276 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:44:30.0475 4276 p2psvc - ok
10:44:30.0495 4276 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:44:30.0495 4276 Parport - ok
10:44:30.0525 4276 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:44:30.0525 4276 partmgr - ok
10:44:30.0535 4276 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:44:30.0535 4276 PcaSvc - ok
10:44:30.0565 4276 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:44:30.0575 4276 pci - ok
10:44:30.0585 4276 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:44:30.0585 4276 pciide - ok
10:44:30.0605 4276 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:44:30.0605 4276 pcmcia - ok
10:44:30.0645 4276 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
10:44:30.0645 4276 pcouffin - ok
10:44:30.0655 4276 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:44:30.0655 4276 pcw - ok
10:44:30.0675 4276 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:44:30.0695 4276 PEAUTH - ok
10:44:30.0715 4276 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:44:30.0715 4276 PerfHost - ok
10:44:30.0765 4276 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:44:30.0795 4276 pla - ok
10:44:30.0825 4276 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:44:30.0845 4276 PlugPlay - ok
10:44:30.0865 4276 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:44:30.0865 4276 PNRPAutoReg - ok
10:44:30.0895 4276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:44:30.0895 4276 PNRPsvc - ok
10:44:30.0915 4276 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:44:30.0925 4276 PolicyAgent - ok
10:44:30.0945 4276 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:44:30.0945 4276 Power - ok
10:44:30.0975 4276 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:44:30.0975 4276 PptpMiniport - ok
10:44:30.0995 4276 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:44:30.0995 4276 Processor - ok
10:44:31.0025 4276 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:44:31.0025 4276 ProfSvc - ok
10:44:31.0025 4276 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:44:31.0035 4276 ProtectedStorage - ok
10:44:31.0075 4276 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:44:31.0075 4276 Psched - ok
10:44:31.0095 4276 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:44:31.0095 4276 PxHlpa64 - ok
10:44:31.0135 4276 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:44:31.0155 4276 ql2300 - ok
10:44:31.0175 4276 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:44:31.0175 4276 ql40xx - ok
10:44:31.0185 4276 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:44:31.0195 4276 QWAVE - ok
10:44:31.0205 4276 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:44:31.0205 4276 QWAVEdrv - ok
10:44:31.0215 4276 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:44:31.0215 4276 RasAcd - ok
10:44:31.0231 4276 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:44:31.0231 4276 RasAgileVpn - ok
10:44:31.0247 4276 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:44:31.0247 4276 RasAuto - ok
10:44:31.0278 4276 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:44:31.0278 4276 Rasl2tp - ok
10:44:31.0309 4276 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:44:31.0325 4276 RasMan - ok
10:44:31.0325 4276 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:44:31.0325 4276 RasPppoe - ok
10:44:31.0340 4276 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:44:31.0340 4276 RasSstp - ok
10:44:31.0371 4276 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:44:31.0371 4276 rdbss - ok
10:44:31.0387 4276 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:44:31.0387 4276 rdpbus - ok
10:44:31.0403 4276 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:44:31.0403 4276 RDPCDD - ok
10:44:31.0434 4276 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:44:31.0434 4276 RDPENCDD - ok
10:44:31.0449 4276 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:44:31.0449 4276 RDPREFMP - ok
10:44:31.0481 4276 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:44:31.0481 4276 RDPWD - ok
10:44:31.0512 4276 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:44:31.0512 4276 rdyboost - ok
10:44:31.0543 4276 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:44:31.0543 4276 RemoteAccess - ok
10:44:31.0543 4276 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:44:31.0559 4276 RemoteRegistry - ok
10:44:31.0574 4276 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:44:31.0574 4276 RpcEptMapper - ok
10:44:31.0590 4276 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:44:31.0590 4276 RpcLocator - ok
10:44:31.0637 4276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:44:31.0637 4276 RpcSs - ok
10:44:31.0637 4276 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:44:31.0637 4276 rspndr - ok
10:44:31.0668 4276 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:44:31.0668 4276 RTL8167 - ok
10:44:31.0683 4276 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:44:31.0683 4276 SamSs - ok
10:44:31.0715 4276 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:44:31.0715 4276 sbp2port - ok
10:44:31.0746 4276 [ 7E07D2A5B910C71D6474E9AA0EAA1825 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
10:44:31.0746 4276 SBRE - ok
10:44:31.0761 4276 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:44:31.0761 4276 SCardSvr - ok
10:44:31.0793 4276 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:44:31.0793 4276 scfilter - ok
10:44:31.0824 4276 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:44:31.0839 4276 Schedule - ok
10:44:31.0871 4276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:44:31.0871 4276 SCPolicySvc - ok
10:44:31.0902 4276 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:44:31.0902 4276 sdbus - ok
10:44:31.0933 4276 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:44:31.0964 4276 SDRSVC - ok
10:44:32.0011 4276 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:44:32.0011 4276 SeaPort - ok
10:44:32.0027 4276 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:44:32.0027 4276 secdrv - ok
10:44:32.0058 4276 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:44:32.0058 4276 seclogon - ok
10:44:32.0073 4276 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:44:32.0073 4276 SENS - ok
10:44:32.0089 4276 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:44:32.0089 4276 SensrSvc - ok
10:44:32.0120 4276 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:44:32.0120 4276 Serenum - ok
10:44:32.0136 4276 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:44:32.0136 4276 Serial - ok
10:44:32.0167 4276 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:44:32.0167 4276 sermouse - ok
10:44:32.0198 4276 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:44:32.0198 4276 SessionEnv - ok
10:44:32.0229 4276 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:44:32.0229 4276 sffdisk - ok
10:44:32.0229 4276 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:44:32.0245 4276 sffp_mmc - ok
10:44:32.0245 4276 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:44:32.0245 4276 sffp_sd - ok
10:44:32.0261 4276 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:44:32.0261 4276 sfloppy - ok
10:44:32.0307 4276 [ 7F475425582163602EF1589C0071E521 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:44:32.0323 4276 SftService - ok
10:44:32.0354 4276 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:44:32.0354 4276 SharedAccess - ok
10:44:32.0401 4276 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:44:32.0401 4276 ShellHWDetection - ok
10:44:32.0432 4276 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:44:32.0432 4276 SiSRaid2 - ok
10:44:32.0448 4276 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:44:32.0448 4276 SiSRaid4 - ok
10:44:32.0463 4276 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:44:32.0463 4276 Smb - ok
10:44:32.0495 4276 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:44:32.0495 4276 SNMPTRAP - ok
10:44:32.0510 4276 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:44:32.0510 4276 spldr - ok
10:44:32.0557 4276 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:44:32.0573 4276 Spooler - ok
10:44:32.0651 4276 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:44:32.0697 4276 sppsvc - ok
10:44:32.0713 4276 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:44:32.0713 4276 sppuinotify - ok
10:44:32.0744 4276 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:44:32.0760 4276 srv - ok
10:44:32.0775 4276 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:44:32.0775 4276 srv2 - ok
10:44:32.0791 4276 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:44:32.0791 4276 srvnet - ok
10:44:32.0807 4276 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:44:32.0807 4276 SSDPSRV - ok
10:44:32.0822 4276 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:44:32.0822 4276 SstpSvc - ok
10:44:32.0838 4276 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:44:32.0838 4276 stexstor - ok
10:44:32.0885 4276 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:44:32.0900 4276 stisvc - ok
10:44:32.0931 4276 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:44:32.0947 4276 swenum - ok
10:44:32.0963 4276 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:44:32.0978 4276 swprv - ok
10:44:33.0025 4276 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:44:33.0056 4276 SysMain - ok
10:44:33.0087 4276 szkg5 - ok
10:44:33.0103 4276 szserver - ok
10:44:33.0134 4276 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:44:33.0134 4276 TabletInputService - ok
10:44:33.0165 4276 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:44:33.0165 4276 TapiSrv - ok
10:44:33.0181 4276 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:44:33.0181 4276 TBS - ok
10:44:33.0228 4276 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:44:33.0259 4276 Tcpip - ok
10:44:33.0306 4276 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:44:33.0321 4276 TCPIP6 - ok
10:44:33.0337 4276 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:44:33.0337 4276 tcpipreg - ok
10:44:33.0368 4276 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:44:33.0368 4276 TDPIPE - ok
10:44:33.0399 4276 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:44:33.0399 4276 TDTCP - ok
10:44:33.0431 4276 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:44:33.0446 4276 tdx - ok
10:44:33.0462 4276 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:44:33.0462 4276 TermDD - ok
10:44:33.0509 4276 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:44:33.0524 4276 TermService - ok
10:44:33.0540 4276 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:44:33.0540 4276 Themes - ok
10:44:33.0555 4276 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:44:33.0555 4276 THREADORDER - ok
10:44:33.0587 4276 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:44:33.0587 4276 TrkWks - ok
10:44:33.0618 4276 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:44:33.0618 4276 TrustedInstaller - ok
10:44:33.0649 4276 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:44:33.0649 4276 tssecsrv - ok
10:44:33.0696 4276 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:44:33.0696 4276 TsUsbFlt - ok
10:44:33.0743 4276 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:44:33.0743 4276 tunnel - ok
10:44:33.0758 4276 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:44:33.0758 4276 uagp35 - ok
10:44:33.0789 4276 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:44:33.0805 4276 udfs - ok
10:44:33.0821 4276 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:44:33.0821 4276 UI0Detect - ok
10:44:33.0836 4276 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:44:33.0836 4276 uliagpkx - ok
10:44:33.0867 4276 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:44:33.0867 4276 umbus - ok
10:44:33.0899 4276 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:44:33.0899 4276 UmPass - ok
10:44:33.0914 4276 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:44:33.0914 4276 upnphost - ok
10:44:33.0945 4276 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:44:33.0945 4276 USBAAPL64 - ok
10:44:33.0961 4276 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:44:33.0961 4276 usbccgp - ok
10:44:33.0992 4276 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:44:34.0008 4276 usbcir - ok
10:44:34.0023 4276 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:44:34.0023 4276 usbehci - ok
10:44:34.0039 4276 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:44:34.0039 4276 usbhub - ok
10:44:34.0070 4276 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:44:34.0070 4276 usbohci - ok
10:44:34.0070 4276 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:44:34.0070 4276 usbprint - ok
10:44:34.0101 4276 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
10:44:34.0101 4276 USBSTOR - ok
10:44:34.0133 4276 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:44:34.0133 4276 usbuhci - ok
10:44:34.0148 4276 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:44:34.0148 4276 usbvideo - ok
10:44:34.0164 4276 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:44:34.0164 4276 UxSms - ok
10:44:34.0179 4276 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:44:34.0179 4276 VaultSvc - ok
10:44:34.0195 4276 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:44:34.0195 4276 vdrvroot - ok
10:44:34.0226 4276 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:44:34.0242 4276 vds - ok
10:44:34.0273 4276 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:44:34.0273 4276 vga - ok
10:44:34.0273 4276 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:44:34.0273 4276 VgaSave - ok
10:44:34.0304 4276 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:44:34.0304 4276 vhdmp - ok
10:44:34.0335 4276 [ ED1D7C584A983A17CC448A8F1419BE54 ] VIACRX64 C:\Windows\system32\DRIVERS\viacr64.sys
10:44:34.0335 4276 VIACRX64 - ok
10:44:34.0351 4276 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:44:34.0351 4276 viaide - ok
10:44:34.0382 4276 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:44:34.0382 4276 volmgr - ok
10:44:34.0429 4276 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:44:34.0429 4276 volmgrx - ok
10:44:34.0445 4276 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:44:34.0445 4276 volsnap - ok
10:44:34.0476 4276 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:44:34.0476 4276 vsmraid - ok
10:44:34.0523 4276 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:44:34.0554 4276 VSS - ok
10:44:34.0585 4276 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:44:34.0585 4276 vwifibus - ok
10:44:34.0616 4276 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:44:34.0616 4276 W32Time - ok
10:44:34.0632 4276 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:44:34.0632 4276 WacomPen - ok
10:44:34.0663 4276 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:44:34.0663 4276 WANARP - ok
10:44:34.0679 4276 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:44:34.0679 4276 Wanarpv6 - ok
10:44:34.0741 4276 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:44:34.0757 4276 WatAdminSvc - ok
10:44:34.0819 4276 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:44:34.0835 4276 wbengine - ok
10:44:34.0850 4276 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:44:34.0850 4276 WbioSrvc - ok
10:44:34.0897 4276 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:44:34.0897 4276 wcncsvc - ok
10:44:34.0913 4276 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:44:34.0913 4276 WcsPlugInService - ok
10:44:34.0928 4276 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:44:34.0928 4276 Wd - ok
10:44:34.0959 4276 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:44:34.0975 4276 Wdf01000 - ok
10:44:34.0991 4276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:44:34.0991 4276 WdiServiceHost - ok
10:44:34.0991 4276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:44:35.0006 4276 WdiSystemHost - ok
10:44:35.0037 4276 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:44:35.0037 4276 WebClient - ok
10:44:35.0053 4276 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:44:35.0053 4276 Wecsvc - ok
10:44:35.0069 4276 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:44:35.0069 4276 wercplsupport - ok
10:44:35.0084 4276 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:44:35.0084 4276 WerSvc - ok
10:44:35.0100 4276 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:44:35.0115 4276 WfpLwf - ok
10:44:35.0147 4276 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
10:44:35.0147 4276 WimFltr - ok
10:44:35.0162 4276 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:44:35.0162 4276 WIMMount - ok
10:44:35.0178 4276 WinDefend - ok
10:44:35.0193 4276 WinHttpAutoProxySvc - ok
10:44:35.0225 4276 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:44:35.0225 4276 Winmgmt - ok
10:44:35.0271 4276 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:44:35.0318 4276 WinRM - ok
10:44:35.0365 4276 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:44:35.0365 4276 WinUsb - ok
10:44:35.0396 4276 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:44:35.0412 4276 Wlansvc - ok
10:44:35.0427 4276 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:44:35.0427 4276 WmiAcpi - ok
10:44:35.0459 4276 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:44:35.0459 4276 wmiApSrv - ok
10:44:35.0474 4276 WMPNetworkSvc - ok
10:44:35.0505 4276 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:44:35.0521 4276 WPCSvc - ok
10:44:35.0537 4276 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:44:35.0552 4276 WPDBusEnum - ok
10:44:35.0568 4276 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:44:35.0568 4276 ws2ifsl - ok
10:44:35.0583 4276 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:44:35.0583 4276 wscsvc - ok
10:44:35.0599 4276 WSearch - ok
10:44:35.0661 4276 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:44:35.0693 4276 wuauserv - ok
10:44:35.0739 4276 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:44:35.0739 4276 WudfPf - ok
10:44:35.0755 4276 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:44:35.0755 4276 WUDFRd - ok
10:44:35.0786 4276 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:44:35.0786 4276 wudfsvc - ok
10:44:35.0802 4276 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:44:35.0802 4276 WwanSvc - ok
10:44:35.0880 4276 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:44:35.0895 4276 YahooAUService - ok
10:44:35.0895 4276 ================ Scan global ===============================
10:44:35.0911 4276 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:44:35.0942 4276 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:44:35.0958 4276 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:44:35.0973 4276 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:44:36.0005 4276 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:44:36.0020 4276 [Global] - ok
10:44:36.0020 4276 ================ Scan MBR ==================================
10:44:36.0020 4276 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:44:36.0207 4276 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:44:36.0207 4276 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:44:36.0207 4276 ================ Scan VBR ==================================
10:44:36.0223 4276 [ F233DA5874DF6BCFD16B8A3589365534 ] \Device\Harddisk0\DR0\Partition1
10:44:36.0223 4276 \Device\Harddisk0\DR0\Partition1 - ok
10:44:36.0239 4276 [ 39BB5C657009DBC9D62E63E9DE236A8D ] \Device\Harddisk0\DR0\Partition2
10:44:36.0239 4276 \Device\Harddisk0\DR0\Partition2 - ok
10:44:36.0239 4276 ============================================================
10:44:36.0239 4276 Scan finished
10:44:36.0239 4276 ============================================================
10:44:36.0254 4272 Detected object count: 2
10:44:36.0254 4272 Actual detected object count: 2

#6 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 21 September 2012 - 10:23 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-21 10:53:49
-----------------------------
10:53:49.778 OS Version: Windows x64 6.1.7601 Service Pack 1
10:53:49.793 Number of processors: 2 586 0x170A
10:53:49.793 ComputerName: JACK-PC UserName: Jack
10:53:51.119 Initialize success
11:01:18.220 AVAST engine defs: 12092100
11:07:00.826 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:07:00.828 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
11:07:00.844 Disk 0 MBR read successfully
11:07:00.846 Disk 0 MBR scan
11:07:00.849 Disk 0 Windows VISTA default MBR code
11:07:00.851 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:07:00.858 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:07:00.872 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595439 MB offset 30801920
11:07:00.891 Disk 0 scanning C:\Windows\system32\drivers
11:07:08.316 Service scanning
11:07:23.249 Modules scanning
11:07:23.255 Disk 0 trace - called modules:
11:07:23.267 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:07:23.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be6060]
11:07:23.276 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> [0xfffffa80045c6e40]
11:07:23.280 5 ACPI.sys[fffff88000f737a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004738060]
11:07:24.747 AVAST engine scan C:\Windows
11:07:27.247 AVAST engine scan C:\Windows\system32
11:09:43.493 File: C:\Windows\assembly\tmp\kwrd.dll **INFECTED** Win32:Malware-gen
11:09:44.322 AVAST engine scan C:\Windows\system32\drivers
11:09:56.780 AVAST engine scan C:\Users\Jack
11:13:47.225 AVAST engine scan C:\ProgramData
11:17:47.881 Scan finished successfully
11:18:43.309 Disk 0 MBR has been saved successfully to "C:\Users\Jack\Documents\MBR.dat"
11:18:43.325 The log file has been saved successfully to "C:\Users\Jack\Documents\aswMBR.txt"

#7 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 21 September 2012 - 11:14 AM

This last one i had to close at 99% - had to leave for work and it was taking too long but here's the file, I can run it again later if necessary:

C:\Program Files (x86)\SearchCore for Browsers\del_IEBHO_48.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\SearchCore for Browsers\del_IEBHO_71.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\SearchCore for Browsers\del_IEBHO_79.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\SearchCore for Browsers\del_IEBHO_84.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Jack\AppData\Roaming\wsasiz.dll.vir a variant of Win32/Medfos.DE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.W trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000032.@.vir Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\SysWOW64\0.7902075776554158.exe.vir Win32/Spy.Zbot.ZR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.09.2012_10.43.45\tdlfs0000\tsk0003.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.09.2012_10.43.45\tdlfs0000\tsk0004.dta Win64/Olmarik.G trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.09.2012_10.43.45\tdlfs0000\tsk0005.dta Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.09.2012_10.43.45\tdlfs0000\tsk0006.dta Win64/Olmarik.A trojan cleaned by deleting - quarantined
C:\warcraft3\media.player.codec.pack.v4.1.9.setup.exe probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 21 September 2012 - 11:16 AM

Follow this guide here

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

After finishing the scan boot into normal mode and let me know if you still have pop up

#9 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 22 September 2012 - 07:25 PM

The only thing I get now when I start is a message stating 2 programs were not able to start (I don't remember which 2 off the top of my head), but otherwise everything seems better.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 22 September 2012 - 07:26 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#11 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 23 September 2012 - 11:45 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jack (administrator) on 24-09-2012 at 00:43:47
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jack-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-2D-19-B3-1A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d86:efee:be6f:b450%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, September 24, 2012 12:33:55 AM
Lease Expires . . . . . . . . . . : Tuesday, September 25, 2012 12:33:55 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234890797
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-C1-35-4D-00-26-2D-19-B3-1A
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:38c3:3545:9cfc:fb99(Preferred)
Link-local IPv6 Address . . . . . : fe80::38c3:3545:9cfc:fb99%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2607:f8b0:4009:801::1000
74.125.225.72
74.125.225.70
74.125.225.71
74.125.225.73
74.125.225.78
74.125.225.66
74.125.225.69
74.125.225.67
74.125.225.68
74.125.225.65
74.125.225.64


Pinging google.com [74.125.225.72] with 32 bytes of data:
Reply from 74.125.225.72: bytes=32 time=314ms TTL=52
Reply from 74.125.225.72: bytes=32 time=300ms TTL=52

Ping statistics for 74.125.225.72:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 300ms, Maximum = 314ms, Average = 307ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 8.8.8.8

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=558ms TTL=49
Reply from 72.30.38.140: bytes=32 time=481ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 481ms, Maximum = 558ms, Average = 519ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 26 2d 19 b3 1a ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.66 276
192.168.1.66 255.255.255.255 On-link 192.168.1.66 276
192.168.1.255 255.255.255.255 On-link 192.168.1.66 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.66 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.66 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:953c:38c3:3545:9cfc:fb99/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::38c3:3545:9cfc:fb99/128
On-link
10 276 fe80::8d86:efee:be6f:b450/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/23/2012 01:20:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/23/2012 01:20:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/23/2012 01:19:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/22/2012 07:59:28 PM) (Source: Application Hang) (User: )
Description: The program WoW-64.exe version 5.0.5.16057 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e4

Start Time: 01cd991e0c8d9130

Termination Time: 360

Application Path: C:\Program Files (x86)\World of Warcraft\WoW-64.exe

Report Id:

Error: (09/22/2012 07:10:37 PM) (Source: Application Hang) (User: )
Description: The program WoW-64.exe version 5.0.5.16057 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 428

Start Time: 01cd99161ace9d2a

Termination Time: 385

Application Path: C:\Program Files (x86)\World of Warcraft\WoW-64.exe

Report Id:

Error: (09/22/2012 06:50:39 PM) (Source: Application Hang) (User: )
Description: The program WoW-64.exe version 5.0.5.16057 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 120

Start Time: 01cd9913c8d7dda9

Termination Time: 372

Application Path: C:\Program Files (x86)\World of Warcraft\WoW-64.exe

Report Id:

Error: (09/22/2012 06:18:18 PM) (Source: Application Hang) (User: )
Description: The program WoW-64.exe version 5.0.5.16057 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1084

Start Time: 01cd990fe09631c1

Termination Time: 150

Application Path: C:\Program Files (x86)\World of Warcraft\WoW-64.exe

Report Id: 672cdfcc-0503-11e2-8612-00262d19b31a

Error: (09/22/2012 06:15:35 PM) (Source: Application Hang) (User: )
Description: The program WoW-64.exe version 5.0.5.16057 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 113c

Start Time: 01cd990f42be26e6

Termination Time: 199

Application Path: C:\Program Files (x86)\World of Warcraft\WoW-64.exe

Report Id:

Error: (09/22/2012 06:10:42 PM) (Source: Application Hang) (User: )
Description: The program WoW-64.exe version 5.0.5.16057 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dd0

Start Time: 01cd990ed251aaac

Termination Time: 85

Application Path: C:\Program Files (x86)\World of Warcraft\WoW-64.exe

Report Id: 560b45bb-0502-11e2-8612-00262d19b31a

Error: (09/22/2012 02:23:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (09/24/2012 00:38:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (09/24/2012 00:33:59 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
luafv
szkg5

Error: (09/24/2012 00:33:56 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%2

Error: (09/24/2012 00:33:53 AM) (Source: Service Control Manager) (User: )
Description: The STOPzilla Service service failed to start due to the following error:
%%2

Error: (09/23/2012 11:32:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
luafv
szkg5

Error: (09/23/2012 11:32:17 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%2

Error: (09/23/2012 11:32:14 PM) (Source: Service Control Manager) (User: )
Description: The STOPzilla Service service failed to start due to the following error:
%%2

Error: (09/23/2012 11:50:47 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv
luafv
szkg5

Error: (09/23/2012 11:50:45 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%2

Error: (09/23/2012 11:50:42 AM) (Source: Service Control Manager) (User: )
Description: The STOPzilla Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 9.1.2 (Version: 9.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Advanced Audio FX Engine (Version: 1.12.05)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ASB.TV (Version: 1.1)
Ask Toolbar (Version: 1.15.4.0)
Ask Toolbar Updater (Version: 1.2.2.23821)
Audacity 1.2.6
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Conexant HD Audio (Version: 4.98.70.0)
Dell DataSafe Local Backup - Support Software (Version: 2.31)
Dell DataSafe Local Backup (Version: 9.3.44)
Dell DataSafe Online (Version: 1.2.0009)
Dell Dock (Version: 2.0.0)
Dell Driver Download Manager - 1 (Version: 3.0.0.0)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.2.6032.55)
Dell Webcam Central (Version: 1.40.05)
DVDFab 7.0.8.2 (17/07/2010)
Emicsoft FLV Converter
ESET Online Scanner v3
FrostWire 4.21.3 (Version: 4.21.3.0)
FrostWire 5.3.9 (Version: 5.3.9.0)
GnuWin32: Wget-1.11.4-1 (Version: 1.11.4-1)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
iLivid (Version: 1.92.0.115854)
ImgBurn (Version: 2.5.1.0)
InstallIQ Updater (Version: 1.4.3.0)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 32 (Version: 6.0.320)
Junk Mail filter update (Version: 14.0.8089.726)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Media Player Codec Pack 4.1.9 (Version: 4.1.9)
Metacafe
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Suite Activation Assistant (Version: 1.2.1)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PowerDVD DX (Version: 8.3.5424)
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
SearchCore for Browsers (Version: 3.0.0.115554)
Simppull Toolbar (Remove Toolbar Only)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.5 (Version: 5.5.124)
STOPzilla (Version: 5.0.82.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Ventrilo Client (Version: 3.0.5)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 1.1.10 (Version: 1.1.10)
Warcraft III
Windows iLivid Toolbar (Version: 3.0.0.115554)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
World of Warcraft (Version: 5.0.5.16057)
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 4060.8 MB
Available physical RAM: 1559.34 MB
Total Pagefile: 8119.8 MB
Available Pagefile: 5619.48 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.47 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:406.39 GB) NTFS

========================= Users: ========================================

User accounts for \\JACK-PC

Administrator Guest Jack


**** End of log ****

#12 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 23 September 2012 - 11:46 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Jack (administrator) on 24-09-2012 at 00:46:22
Running from "C:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 23 September 2012 - 11:50 PM

# AdwCleaner v2.003 - Logfile created 09/24/2012 at 00:48:39
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jack - JACK-PC
# Boot Mode : Normal
# Running from : C:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\Users\Jack\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Jack\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jack\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Jack\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Jack\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Jack\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S2].txt - [6789 octets] - [24/09/2012 00:48:39]

########## EOF - C:\AdwCleaner[S2].txt - [6849 octets] ##########

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 23 September 2012 - 11:56 PM

Malwarebytes log?

Uninstall stop zilla and install microsoft security essentials

http://windows.microsoft.com/en-US/windows/products/security-essentials

Install it and run a quick scan

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

Edited by narenxp, 23 September 2012 - 11:56 PM.


#15 Jiggity

Jiggity
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 25 September 2012 - 12:39 AM

I couldn't find the exact Malware anti bites logs, but here were the last 2 (I ran them back to back):

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jack :: JACK-PC [administrator]

9/23/2012 11:37:10 PM
mbam-log-2012-09-23 (23-37-10).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376221
Time elapsed: 51 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\itsback\setpath.cfxxe (Spyware.Password) -> Quarantined and deleted successfully.
C:\itsback14936i\setpath.cfxxe (Spyware.Password) -> Quarantined and deleted successfully.
C:\moonandsun\setpath.cfxxe (Spyware.Password) -> Quarantined and deleted successfully.
C:\moonandsun29999m\setpath.cfxxe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Jack\AppData\Roaming\lmpcp.dll.vir (Trojan.Medhos) -> Quarantined and deleted successfully.
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Windows\System32\dsmux.exe (Spyware.Password) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jack :: JACK-PC [administrator]

9/24/2012 12:35:44 AM
mbam-log-2012-09-24 (00-35-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214055
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users