Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess rootkit? What do i do?


  • Please log in to reply
18 replies to this topic

#1 Spookes

Spookes

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 23 September 2012 - 11:22 PM

I hear random audio ads while browsing (IE) also i get randomly redirected while browsing, I've ran Rkill a couple of times and im pretty sure its zeroaccess proplem is im pretty inexperienced at handling this sought of thing. So what do I have to do to deal with this?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:25 PM

Posted 23 September 2012 - 11:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 September 2012 - 08:29 AM

14:26:35.0734 2108 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:26:35.0827 2108 ============================================================
14:26:35.0827 2108 Current date / time: 2012/09/24 14:26:35.0827
14:26:35.0827 2108 SystemInfo:
14:26:35.0827 2108
14:26:35.0827 2108 OS Version: 6.1.7601 ServicePack: 1.0
14:26:35.0827 2108 Product type: Workstation
14:26:35.0827 2108 ComputerName: MICHAEL-PC
14:26:35.0827 2108 UserName: Michael
14:26:35.0827 2108 Windows directory: C:\Windows
14:26:35.0827 2108 System windows directory: C:\Windows
14:26:35.0827 2108 Running under WOW64
14:26:35.0827 2108 Processor architecture: Intel x64
14:26:35.0827 2108 Number of processors: 4
14:26:35.0827 2108 Page size: 0x1000
14:26:35.0827 2108 Boot type: Normal boot
14:26:35.0827 2108 ============================================================
14:26:37.0340 2108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:26:37.0340 2108 ============================================================
14:26:37.0340 2108 \Device\Harddisk0\DR0:
14:26:37.0340 2108 MBR partitions:
14:26:37.0340 2108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:26:37.0340 2108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
14:26:37.0340 2108 ============================================================
14:26:37.0418 2108 C: <-> \Device\Harddisk0\DR0\Partition2
14:26:37.0418 2108 ============================================================
14:26:37.0418 2108 Initialize success
14:26:37.0418 2108 ============================================================
14:27:01.0817 4572 ============================================================
14:27:01.0817 4572 Scan started
14:27:01.0817 4572 Mode: Manual; TDLFS;
14:27:01.0817 4572 ============================================================
14:27:02.0987 4572 ================ Scan system memory ========================
14:27:02.0987 4572 System memory - ok
14:27:02.0987 4572 ================ Scan services =============================
14:27:03.0143 4572 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:27:03.0143 4572 1394ohci - ok
14:27:03.0174 4572 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:27:03.0174 4572 ACPI - ok
14:27:03.0190 4572 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:27:03.0190 4572 AcpiPmi - ok
14:27:03.0283 4572 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:27:03.0283 4572 AdobeARMservice - ok
14:27:03.0392 4572 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:27:03.0392 4572 AdobeFlashPlayerUpdateSvc - ok
14:27:03.0424 4572 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:27:03.0439 4572 adp94xx - ok
14:27:03.0455 4572 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:27:03.0455 4572 adpahci - ok
14:27:03.0486 4572 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:27:03.0486 4572 adpu320 - ok
14:27:03.0517 4572 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:27:03.0517 4572 AeLookupSvc - ok
14:27:03.0564 4572 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:27:03.0580 4572 AFD - ok
14:27:03.0595 4572 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:27:03.0595 4572 agp440 - ok
14:27:03.0767 4572 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
14:27:03.0767 4572 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
14:27:03.0767 4572 Akamai ( HiddenFile.Multi.Generic ) - warning
14:27:03.0767 4572 Akamai - detected HiddenFile.Multi.Generic (1)
14:27:03.0782 4572 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:27:03.0782 4572 ALG - ok
14:27:03.0798 4572 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:27:03.0798 4572 aliide - ok
14:27:03.0860 4572 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:27:03.0860 4572 AMD External Events Utility - ok
14:27:03.0938 4572 AMD FUEL Service - ok
14:27:03.0954 4572 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:27:03.0954 4572 amdide - ok
14:27:03.0970 4572 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
14:27:03.0970 4572 amdiox64 - ok
14:27:03.0985 4572 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:27:03.0985 4572 AmdK8 - ok
14:27:04.0204 4572 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:27:04.0313 4572 amdkmdag - ok
14:27:04.0328 4572 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:27:04.0328 4572 amdkmdap - ok
14:27:04.0344 4572 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:27:04.0344 4572 AmdPPM - ok
14:27:04.0391 4572 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:27:04.0391 4572 amdsata - ok
14:27:04.0406 4572 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:27:04.0422 4572 amdsbs - ok
14:27:04.0438 4572 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:27:04.0438 4572 amdxata - ok
14:27:04.0484 4572 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:27:04.0500 4572 AODDriver4.1 - ok
14:27:04.0516 4572 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:27:04.0516 4572 AppID - ok
14:27:04.0531 4572 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:27:04.0531 4572 AppIDSvc - ok
14:27:04.0562 4572 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:27:04.0578 4572 Appinfo - ok
14:27:04.0625 4572 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:27:04.0640 4572 Apple Mobile Device - ok
14:27:04.0656 4572 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:27:04.0656 4572 arc - ok
14:27:04.0672 4572 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:27:04.0687 4572 arcsas - ok
14:27:04.0703 4572 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:27:04.0703 4572 AsyncMac - ok
14:27:04.0718 4572 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:27:04.0718 4572 atapi - ok
14:27:04.0781 4572 [ C24A645AEDBDF5FA0A23F7581C6F9C63 ] athur C:\Windows\system32\DRIVERS\athurx.sys
14:27:04.0812 4572 athur - ok
14:27:04.0859 4572 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:27:04.0859 4572 AtiHDAudioService - ok
14:27:04.0906 4572 [ 64F07381335E37C142F6D176705FFCA6 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
14:27:04.0906 4572 atksgt - ok
14:27:04.0937 4572 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:27:04.0952 4572 AudioEndpointBuilder - ok
14:27:04.0968 4572 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:27:04.0968 4572 AudioSrv - ok
14:27:04.0984 4572 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:27:04.0999 4572 AxInstSV - ok
14:27:05.0015 4572 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:27:05.0015 4572 b06bdrv - ok
14:27:05.0046 4572 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:27:05.0046 4572 b57nd60a - ok
14:27:05.0077 4572 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:27:05.0077 4572 BDESVC - ok
14:27:05.0077 4572 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:27:05.0077 4572 Beep - ok
14:27:05.0093 4572 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:27:05.0093 4572 blbdrive - ok
14:27:05.0124 4572 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:27:05.0124 4572 Bonjour Service - ok
14:27:05.0171 4572 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:27:05.0171 4572 bowser - ok
14:27:05.0171 4572 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:27:05.0171 4572 BrFiltLo - ok
14:27:05.0186 4572 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:27:05.0186 4572 BrFiltUp - ok
14:27:05.0202 4572 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
14:27:05.0202 4572 Browser - ok
14:27:05.0218 4572 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:27:05.0218 4572 Brserid - ok
14:27:05.0233 4572 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:27:05.0233 4572 BrSerWdm - ok
14:27:05.0233 4572 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:27:05.0233 4572 BrUsbMdm - ok
14:27:05.0233 4572 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:27:05.0233 4572 BrUsbSer - ok
14:27:05.0233 4572 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:27:05.0233 4572 BTHMODEM - ok
14:27:05.0264 4572 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:27:05.0264 4572 bthserv - ok
14:27:05.0264 4572 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:27:05.0264 4572 cdfs - ok
14:27:05.0280 4572 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:27:05.0280 4572 cdrom - ok
14:27:05.0311 4572 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:27:05.0311 4572 CertPropSvc - ok
14:27:05.0311 4572 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:27:05.0311 4572 circlass - ok
14:27:05.0327 4572 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:27:05.0342 4572 CLFS - ok
14:27:05.0389 4572 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:27:05.0405 4572 clr_optimization_v2.0.50727_32 - ok
14:27:05.0452 4572 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:27:05.0452 4572 clr_optimization_v2.0.50727_64 - ok
14:27:05.0514 4572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:27:05.0530 4572 clr_optimization_v4.0.30319_32 - ok
14:27:05.0561 4572 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:27:05.0561 4572 clr_optimization_v4.0.30319_64 - ok
14:27:05.0561 4572 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:27:05.0561 4572 CmBatt - ok
14:27:05.0576 4572 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:27:05.0576 4572 cmdide - ok
14:27:05.0608 4572 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:27:05.0623 4572 CNG - ok
14:27:05.0639 4572 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:27:05.0639 4572 Compbatt - ok
14:27:05.0654 4572 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:27:05.0654 4572 CompositeBus - ok
14:27:05.0670 4572 COMSysApp - ok
14:27:05.0686 4572 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:27:05.0686 4572 crcdisk - ok
14:27:05.0701 4572 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:27:05.0717 4572 CryptSvc - ok
14:27:05.0857 4572 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
14:27:05.0857 4572 DAUpdaterSvc - ok
14:27:05.0904 4572 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:27:05.0904 4572 DcomLaunch - ok
14:27:05.0935 4572 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:27:05.0935 4572 defragsvc - ok
14:27:05.0935 4572 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:27:05.0951 4572 DfsC - ok
14:27:05.0966 4572 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:27:05.0966 4572 Dhcp - ok
14:27:05.0982 4572 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:27:05.0982 4572 discache - ok
14:27:05.0998 4572 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:27:05.0998 4572 Disk - ok
14:27:06.0044 4572 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:27:06.0044 4572 Dnscache - ok
14:27:06.0076 4572 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:27:06.0076 4572 dot3svc - ok
14:27:06.0091 4572 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:27:06.0091 4572 DPS - ok
14:27:06.0138 4572 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:27:06.0138 4572 drmkaud - ok
14:27:06.0200 4572 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:27:06.0200 4572 dtsoftbus01 - ok
14:27:06.0216 4572 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:27:06.0216 4572 DXGKrnl - ok
14:27:06.0232 4572 EagleX64 - ok
14:27:06.0263 4572 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:27:06.0278 4572 EapHost - ok
14:27:06.0341 4572 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:27:06.0372 4572 ebdrv - ok
14:27:06.0388 4572 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:27:06.0388 4572 EFS - ok
14:27:06.0434 4572 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:27:06.0450 4572 ehRecvr - ok
14:27:06.0466 4572 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:27:06.0466 4572 ehSched - ok
14:27:06.0497 4572 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:27:06.0497 4572 elxstor - ok
14:27:06.0512 4572 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:27:06.0512 4572 ErrDev - ok
14:27:06.0544 4572 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:27:06.0544 4572 EventSystem - ok
14:27:06.0544 4572 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:27:06.0559 4572 exfat - ok
14:27:06.0559 4572 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:27:06.0559 4572 fastfat - ok
14:27:06.0590 4572 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:27:06.0606 4572 Fax - ok
14:27:06.0606 4572 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:27:06.0606 4572 fdc - ok
14:27:06.0622 4572 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:27:06.0622 4572 fdPHost - ok
14:27:06.0622 4572 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:27:06.0622 4572 FDResPub - ok
14:27:06.0637 4572 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:27:06.0637 4572 FileInfo - ok
14:27:06.0637 4572 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:27:06.0637 4572 Filetrace - ok
14:27:06.0653 4572 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:27:06.0653 4572 flpydisk - ok
14:27:06.0668 4572 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:27:06.0668 4572 FltMgr - ok
14:27:06.0684 4572 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:27:06.0700 4572 FontCache - ok
14:27:06.0746 4572 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:27:06.0746 4572 FontCache3.0.0.0 - ok
14:27:06.0762 4572 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:27:06.0762 4572 FsDepends - ok
14:27:06.0809 4572 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:27:06.0809 4572 fssfltr - ok
14:27:06.0918 4572 [ 4E2E6FEDFE4A3445DBD0C623A242362D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:27:06.0949 4572 fsssvc - ok
14:27:06.0965 4572 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:27:06.0965 4572 Fs_Rec - ok
14:27:06.0980 4572 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:27:06.0980 4572 fvevol - ok
14:27:07.0012 4572 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:27:07.0012 4572 gagp30kx - ok
14:27:07.0074 4572 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:27:07.0074 4572 GEARAspiWDM - ok
14:27:07.0105 4572 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:27:07.0105 4572 gpsvc - ok
14:27:07.0199 4572 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:07.0199 4572 gupdate - ok
14:27:07.0214 4572 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:27:07.0214 4572 gupdatem - ok
14:27:07.0246 4572 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:27:07.0261 4572 gusvc - ok
14:27:07.0292 4572 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:27:07.0292 4572 hcw85cir - ok
14:27:07.0324 4572 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:27:07.0339 4572 HdAudAddService - ok
14:27:07.0355 4572 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:27:07.0355 4572 HDAudBus - ok
14:27:07.0370 4572 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:27:07.0370 4572 HidBatt - ok
14:27:07.0386 4572 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:27:07.0386 4572 HidBth - ok
14:27:07.0402 4572 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:27:07.0402 4572 HidIr - ok
14:27:07.0417 4572 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:27:07.0417 4572 hidserv - ok
14:27:07.0433 4572 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:27:07.0433 4572 HidUsb - ok
14:27:07.0526 4572 [ 8D1F00F4254C3EF428B715484940427C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
14:27:07.0526 4572 HiPatchService - ok
14:27:07.0542 4572 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:27:07.0558 4572 hkmsvc - ok
14:27:07.0573 4572 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:27:07.0573 4572 HomeGroupListener - ok
14:27:07.0604 4572 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:27:07.0620 4572 HomeGroupProvider - ok
14:27:07.0636 4572 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:27:07.0636 4572 HpSAMD - ok
14:27:07.0667 4572 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:27:07.0682 4572 HTTP - ok
14:27:07.0698 4572 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:27:07.0698 4572 hwpolicy - ok
14:27:07.0714 4572 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:27:07.0729 4572 i8042prt - ok
14:27:07.0776 4572 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:27:07.0792 4572 iaStorV - ok
14:27:07.0838 4572 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:27:07.0854 4572 idsvc - ok
14:27:07.0854 4572 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:27:07.0854 4572 iirsp - ok
14:27:07.0901 4572 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:27:07.0901 4572 IKEEXT - ok
14:27:07.0916 4572 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:27:07.0916 4572 intelide - ok
14:27:07.0932 4572 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:27:07.0932 4572 intelppm - ok
14:27:07.0948 4572 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:27:07.0948 4572 IPBusEnum - ok
14:27:07.0963 4572 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:27:07.0963 4572 IpFilterDriver - ok
14:27:07.0979 4572 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:27:07.0979 4572 IPMIDRV - ok
14:27:07.0994 4572 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:27:07.0994 4572 IPNAT - ok
14:27:08.0041 4572 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:27:08.0041 4572 iPod Service - ok
14:27:08.0057 4572 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:27:08.0057 4572 IRENUM - ok
14:27:08.0072 4572 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:27:08.0072 4572 isapnp - ok
14:27:08.0119 4572 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:27:08.0135 4572 iScsiPrt - ok
14:27:08.0213 4572 [ 81534359F525F7C02B2B56B2653BD779 ] jswpsapi C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe
14:27:08.0228 4572 jswpsapi - ok
14:27:08.0260 4572 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
14:27:08.0260 4572 JSWPSLWF - ok
14:27:08.0260 4572 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:27:08.0260 4572 kbdclass - ok
14:27:08.0275 4572 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:27:08.0275 4572 kbdhid - ok
14:27:08.0291 4572 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:27:08.0291 4572 KeyIso - ok
14:27:08.0322 4572 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:27:08.0338 4572 KSecDD - ok
14:27:08.0369 4572 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:27:08.0384 4572 KSecPkg - ok
14:27:08.0400 4572 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:27:08.0400 4572 ksthunk - ok
14:27:08.0431 4572 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:27:08.0431 4572 KtmRm - ok
14:27:08.0462 4572 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:27:08.0462 4572 LanmanServer - ok
14:27:08.0494 4572 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:27:08.0509 4572 LanmanWorkstation - ok
14:27:08.0556 4572 [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
14:27:08.0572 4572 lirsgt - ok
14:27:08.0587 4572 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:27:08.0587 4572 lltdio - ok
14:27:08.0603 4572 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:27:08.0618 4572 lltdsvc - ok
14:27:08.0650 4572 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:27:08.0650 4572 lmhosts - ok
14:27:08.0681 4572 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:27:08.0681 4572 LSI_FC - ok
14:27:08.0696 4572 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:27:08.0696 4572 LSI_SAS - ok
14:27:08.0728 4572 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:27:08.0728 4572 LSI_SAS2 - ok
14:27:08.0743 4572 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:27:08.0743 4572 LSI_SCSI - ok
14:27:08.0759 4572 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:27:08.0774 4572 luafv - ok
14:27:08.0790 4572 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:27:08.0790 4572 MBAMProtector - ok
14:27:08.0884 4572 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:27:08.0884 4572 MBAMScheduler - ok
14:27:08.0946 4572 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:27:08.0962 4572 MBAMService - ok
14:27:08.0993 4572 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:27:09.0008 4572 Mcx2Svc - ok
14:27:09.0024 4572 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:27:09.0024 4572 megasas - ok
14:27:09.0040 4572 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:27:09.0055 4572 MegaSR - ok
14:27:09.0071 4572 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:27:09.0071 4572 MMCSS - ok
14:27:09.0086 4572 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:27:09.0086 4572 Modem - ok
14:27:09.0102 4572 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:27:09.0102 4572 monitor - ok
14:27:09.0149 4572 [ FC44AD48746FFA5FD640EF1260AB5EC2 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
14:27:09.0149 4572 MotioninJoyXFilter - ok
14:27:09.0180 4572 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:27:09.0180 4572 mouclass - ok
14:27:09.0180 4572 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:27:09.0180 4572 mouhid - ok
14:27:09.0196 4572 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:27:09.0196 4572 mountmgr - ok
14:27:09.0211 4572 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:27:09.0227 4572 mpio - ok
14:27:09.0242 4572 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:27:09.0242 4572 mpsdrv - ok
14:27:09.0258 4572 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:27:09.0258 4572 MRxDAV - ok
14:27:09.0305 4572 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:27:09.0305 4572 mrxsmb - ok
14:27:09.0320 4572 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:27:09.0320 4572 mrxsmb10 - ok
14:27:09.0320 4572 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:27:09.0320 4572 mrxsmb20 - ok
14:27:09.0336 4572 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:27:09.0336 4572 msahci - ok
14:27:09.0398 4572 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
14:27:09.0398 4572 MSCamSvc - ok
14:27:09.0430 4572 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:27:09.0430 4572 msdsm - ok
14:27:09.0445 4572 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:27:09.0445 4572 MSDTC - ok
14:27:09.0461 4572 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:27:09.0461 4572 Msfs - ok
14:27:09.0476 4572 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:27:09.0476 4572 mshidkmdf - ok
14:27:09.0476 4572 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:27:09.0476 4572 msisadrv - ok
14:27:09.0508 4572 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:27:09.0508 4572 MSiSCSI - ok
14:27:09.0508 4572 msiserver - ok
14:27:09.0539 4572 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:27:09.0539 4572 MSKSSRV - ok
14:27:09.0539 4572 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:27:09.0539 4572 MSPCLOCK - ok
14:27:09.0554 4572 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:27:09.0554 4572 MSPQM - ok
14:27:09.0570 4572 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:27:09.0570 4572 MsRPC - ok
14:27:09.0586 4572 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:27:09.0586 4572 mssmbios - ok
14:27:09.0601 4572 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:27:09.0601 4572 MSTEE - ok
14:27:09.0601 4572 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:27:09.0601 4572 MTConfig - ok
14:27:09.0617 4572 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:27:09.0617 4572 Mup - ok
14:27:09.0664 4572 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:27:09.0679 4572 napagent - ok
14:27:09.0710 4572 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:27:09.0710 4572 NativeWifiP - ok
14:27:09.0757 4572 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:27:09.0773 4572 NDIS - ok
14:27:09.0773 4572 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:27:09.0773 4572 NdisCap - ok
14:27:09.0804 4572 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:27:09.0804 4572 NdisTapi - ok
14:27:09.0820 4572 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:27:09.0820 4572 Ndisuio - ok
14:27:09.0835 4572 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:27:09.0835 4572 NdisWan - ok
14:27:09.0851 4572 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:27:09.0851 4572 NDProxy - ok
14:27:09.0866 4572 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:27:09.0866 4572 NetBIOS - ok
14:27:09.0882 4572 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:27:09.0882 4572 NetBT - ok
14:27:09.0898 4572 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:27:09.0898 4572 Netlogon - ok
14:27:09.0929 4572 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:27:09.0929 4572 Netman - ok
14:27:09.0960 4572 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:27:09.0960 4572 netprofm - ok
14:27:09.0976 4572 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:27:09.0976 4572 NetTcpPortSharing - ok
14:27:10.0007 4572 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:27:10.0007 4572 nfrd960 - ok
14:27:10.0022 4572 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:27:10.0038 4572 NlaSvc - ok
14:27:10.0054 4572 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:27:10.0054 4572 Npfs - ok
14:27:10.0054 4572 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:27:10.0054 4572 nsi - ok
14:27:10.0069 4572 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:27:10.0069 4572 nsiproxy - ok
14:27:10.0163 4572 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:27:10.0178 4572 Ntfs - ok
14:27:10.0210 4572 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:27:10.0210 4572 Null - ok
14:27:10.0241 4572 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:27:10.0241 4572 nvraid - ok
14:27:10.0288 4572 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:27:10.0288 4572 nvstor - ok
14:27:10.0319 4572 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:27:10.0319 4572 nv_agp - ok
14:27:10.0319 4572 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:27:10.0319 4572 ohci1394 - ok
14:27:10.0350 4572 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:27:10.0350 4572 p2pimsvc - ok
14:27:10.0366 4572 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:27:10.0366 4572 p2psvc - ok
14:27:10.0381 4572 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:27:10.0381 4572 Parport - ok
14:27:10.0428 4572 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:27:10.0444 4572 partmgr - ok
14:27:10.0459 4572 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:27:10.0475 4572 PcaSvc - ok
14:27:10.0490 4572 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:27:10.0490 4572 pci - ok
14:27:10.0506 4572 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:27:10.0506 4572 pciide - ok
14:27:10.0522 4572 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:27:10.0537 4572 pcmcia - ok
14:27:10.0553 4572 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:27:10.0553 4572 pcw - ok
14:27:10.0631 4572 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:27:10.0646 4572 PEAUTH - ok
14:27:10.0740 4572 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:27:10.0756 4572 PerfHost - ok
14:27:10.0802 4572 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:27:10.0818 4572 pla - ok
14:27:10.0880 4572 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:27:10.0880 4572 PlugPlay - ok
14:27:10.0912 4572 PnkBstrA - ok
14:27:10.0927 4572 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:27:10.0927 4572 PNRPAutoReg - ok
14:27:10.0943 4572 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:27:10.0958 4572 PNRPsvc - ok
14:27:10.0990 4572 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:27:11.0005 4572 PolicyAgent - ok
14:27:11.0021 4572 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:27:11.0021 4572 Power - ok
14:27:11.0068 4572 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:27:11.0068 4572 PptpMiniport - ok
14:27:11.0083 4572 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:27:11.0083 4572 Processor - ok
14:27:11.0146 4572 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:27:11.0146 4572 ProfSvc - ok
14:27:11.0161 4572 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:27:11.0177 4572 ProtectedStorage - ok
14:27:11.0208 4572 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:27:11.0208 4572 Psched - ok
14:27:11.0255 4572 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:27:11.0270 4572 ql2300 - ok
14:27:11.0286 4572 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:27:11.0302 4572 ql40xx - ok
14:27:11.0333 4572 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:27:11.0333 4572 QWAVE - ok
14:27:11.0348 4572 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:27:11.0348 4572 QWAVEdrv - ok
14:27:11.0364 4572 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:27:11.0364 4572 RasAcd - ok
14:27:11.0395 4572 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:27:11.0395 4572 RasAgileVpn - ok
14:27:11.0411 4572 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:27:11.0411 4572 RasAuto - ok
14:27:11.0426 4572 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:27:11.0426 4572 Rasl2tp - ok
14:27:11.0442 4572 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:27:11.0442 4572 RasMan - ok
14:27:11.0473 4572 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:27:11.0473 4572 RasPppoe - ok
14:27:11.0473 4572 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:27:11.0473 4572 RasSstp - ok
14:27:11.0489 4572 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:27:11.0504 4572 rdbss - ok
14:27:11.0504 4572 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:27:11.0504 4572 rdpbus - ok
14:27:11.0520 4572 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:27:11.0520 4572 RDPCDD - ok
14:27:11.0536 4572 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:27:11.0536 4572 RDPENCDD - ok
14:27:11.0551 4572 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:27:11.0551 4572 RDPREFMP - ok
14:27:11.0567 4572 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:27:11.0567 4572 RDPWD - ok
14:27:11.0582 4572 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:27:11.0582 4572 rdyboost - ok
14:27:11.0614 4572 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:27:11.0614 4572 RemoteAccess - ok
14:27:11.0645 4572 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:27:11.0645 4572 RemoteRegistry - ok
14:27:11.0660 4572 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:27:11.0676 4572 RpcEptMapper - ok
14:27:11.0676 4572 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:27:11.0676 4572 RpcLocator - ok
14:27:11.0707 4572 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:27:11.0707 4572 RpcSs - ok
14:27:11.0723 4572 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:27:11.0738 4572 rspndr - ok
14:27:11.0738 4572 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:27:11.0738 4572 SamSs - ok
14:27:11.0754 4572 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:27:11.0770 4572 sbp2port - ok
14:27:11.0785 4572 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:27:11.0785 4572 SCardSvr - ok
14:27:11.0785 4572 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:27:11.0801 4572 scfilter - ok
14:27:11.0816 4572 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:27:11.0832 4572 Schedule - ok
14:27:11.0848 4572 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:27:11.0848 4572 SCPolicySvc - ok
14:27:11.0879 4572 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:27:11.0879 4572 SDRSVC - ok
14:27:11.0879 4572 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:27:11.0879 4572 secdrv - ok
14:27:11.0879 4572 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:27:11.0894 4572 seclogon - ok
14:27:11.0910 4572 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:27:11.0910 4572 SENS - ok
14:27:11.0926 4572 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:27:11.0926 4572 SensrSvc - ok
14:27:11.0941 4572 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:27:11.0941 4572 Serenum - ok
14:27:11.0957 4572 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:27:11.0957 4572 Serial - ok
14:27:11.0972 4572 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:27:11.0972 4572 sermouse - ok
14:27:11.0988 4572 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:27:11.0988 4572 SessionEnv - ok
14:27:11.0988 4572 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:27:11.0988 4572 sffdisk - ok
14:27:12.0004 4572 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:27:12.0004 4572 sffp_mmc - ok
14:27:12.0004 4572 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:27:12.0004 4572 sffp_sd - ok
14:27:12.0004 4572 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:27:12.0004 4572 sfloppy - ok
14:27:12.0035 4572 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:27:12.0050 4572 ShellHWDetection - ok
14:27:12.0082 4572 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:27:12.0082 4572 SiSRaid2 - ok
14:27:12.0097 4572 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:27:12.0097 4572 SiSRaid4 - ok
14:27:12.0175 4572 sj - ok
14:27:12.0175 4572 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:27:12.0175 4572 Smb - ok
14:27:12.0191 4572 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:27:12.0206 4572 SNMPTRAP - ok
14:27:12.0238 4572 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:27:12.0238 4572 spldr - ok
14:27:12.0253 4572 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
14:27:12.0284 4572 Spooler - ok
14:27:12.0565 4572 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:27:12.0612 4572 sppsvc - ok
14:27:12.0612 4572 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:27:12.0628 4572 sppuinotify - ok
14:27:12.0643 4572 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:27:12.0643 4572 srv - ok
14:27:12.0659 4572 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:27:12.0674 4572 srv2 - ok
14:27:12.0674 4572 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:27:12.0690 4572 srvnet - ok
14:27:12.0706 4572 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:27:12.0706 4572 SSDPSRV - ok
14:27:12.0737 4572 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:27:12.0737 4572 SstpSvc - ok
14:27:12.0752 4572 Steam Client Service - ok
14:27:12.0768 4572 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:27:12.0768 4572 stexstor - ok
14:27:12.0815 4572 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:27:12.0815 4572 stisvc - ok
14:27:12.0846 4572 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:27:12.0846 4572 swenum - ok
14:27:12.0862 4572 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:27:12.0877 4572 swprv - ok
14:27:12.0924 4572 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:27:12.0940 4572 SysMain - ok
14:27:13.0018 4572 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:27:13.0018 4572 TabletInputService - ok
14:27:13.0049 4572 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:27:13.0064 4572 TapiSrv - ok
14:27:13.0080 4572 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:27:13.0080 4572 TBS - ok
14:27:13.0158 4572 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:27:13.0189 4572 Tcpip - ok
14:27:13.0220 4572 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:27:13.0236 4572 TCPIP6 - ok
14:27:13.0252 4572 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:27:13.0252 4572 tcpipreg - ok
14:27:13.0267 4572 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:27:13.0267 4572 TDPIPE - ok
14:27:13.0283 4572 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:27:13.0283 4572 TDTCP - ok
14:27:13.0298 4572 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:27:13.0298 4572 tdx - ok
14:27:13.0298 4572 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:27:13.0298 4572 TermDD - ok
14:27:13.0330 4572 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:27:13.0330 4572 TermService - ok
14:27:13.0345 4572 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:27:13.0345 4572 Themes - ok
14:27:13.0361 4572 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:27:13.0361 4572 THREADORDER - ok
14:27:13.0376 4572 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:27:13.0376 4572 TrkWks - ok
14:27:13.0423 4572 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:27:13.0439 4572 TrustedInstaller - ok
14:27:13.0454 4572 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:27:13.0454 4572 tssecsrv - ok
14:27:13.0486 4572 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:27:13.0486 4572 TsUsbFlt - ok
14:27:13.0501 4572 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:27:13.0501 4572 TsUsbGD - ok
14:27:13.0532 4572 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:27:13.0532 4572 tunnel - ok
14:27:13.0548 4572 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:27:13.0548 4572 uagp35 - ok
14:27:13.0579 4572 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:27:13.0579 4572 udfs - ok
14:27:13.0626 4572 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:27:13.0626 4572 UI0Detect - ok
14:27:13.0642 4572 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:27:13.0642 4572 uliagpkx - ok
14:27:13.0657 4572 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:27:13.0657 4572 umbus - ok
14:27:13.0657 4572 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:27:13.0657 4572 UmPass - ok
14:27:13.0688 4572 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:27:13.0688 4572 upnphost - ok
14:27:13.0735 4572 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:27:13.0735 4572 usbaudio - ok
14:27:13.0782 4572 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:27:13.0782 4572 usbccgp - ok
14:27:13.0798 4572 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:27:13.0798 4572 usbcir - ok
14:27:13.0813 4572 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:27:13.0813 4572 usbehci - ok
14:27:13.0829 4572 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:27:13.0844 4572 usbhub - ok
14:27:13.0860 4572 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:27:13.0860 4572 usbohci - ok
14:27:13.0876 4572 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:27:13.0876 4572 usbprint - ok
14:27:13.0922 4572 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:27:13.0922 4572 USBSTOR - ok
14:27:13.0938 4572 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:27:13.0938 4572 usbuhci - ok
14:27:13.0954 4572 usj - ok
14:27:13.0985 4572 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:27:13.0985 4572 UxSms - ok
14:27:14.0000 4572 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:27:14.0000 4572 VaultSvc - ok
14:27:14.0016 4572 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:27:14.0016 4572 vdrvroot - ok
14:27:14.0063 4572 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:27:14.0094 4572 vds - ok
14:27:14.0110 4572 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:27:14.0110 4572 vga - ok
14:27:14.0125 4572 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:27:14.0125 4572 VgaSave - ok
14:27:14.0141 4572 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:27:14.0141 4572 vhdmp - ok
14:27:14.0156 4572 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:27:14.0156 4572 viaide - ok
14:27:14.0172 4572 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:27:14.0172 4572 volmgr - ok
14:27:14.0203 4572 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:27:14.0203 4572 volmgrx - ok
14:27:14.0219 4572 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:27:14.0219 4572 volsnap - ok
14:27:14.0250 4572 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:27:14.0250 4572 vsmraid - ok
14:27:14.0281 4572 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:27:14.0297 4572 VSS - ok
14:27:14.0312 4572 vtany - ok
14:27:14.0328 4572 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:27:14.0328 4572 vwifibus - ok
14:27:14.0359 4572 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:27:14.0359 4572 vwififlt - ok
14:27:14.0437 4572 [ CE6C085771812D5EE863CC7EF93CAEF2 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
14:27:14.0453 4572 VX1000 - ok
14:27:14.0468 4572 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:27:14.0484 4572 W32Time - ok
14:27:14.0500 4572 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:27:14.0500 4572 WacomPen - ok
14:27:14.0515 4572 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:27:14.0515 4572 WANARP - ok
14:27:14.0515 4572 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:27:14.0515 4572 Wanarpv6 - ok
14:27:14.0718 4572 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:27:14.0749 4572 WatAdminSvc - ok
14:27:14.0780 4572 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:27:14.0796 4572 wbengine - ok
14:27:14.0812 4572 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:27:14.0827 4572 WbioSrvc - ok
14:27:14.0827 4572 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:27:14.0843 4572 wcncsvc - ok
14:27:14.0843 4572 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:27:14.0843 4572 WcsPlugInService - ok
14:27:14.0858 4572 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:27:14.0858 4572 Wd - ok
14:27:14.0921 4572 [ 49B50BE4C6E61DC378057A09130E0629 ] WDCS_WNDA3200 C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
14:27:14.0921 4572 WDCS_WNDA3200 - ok
14:27:14.0968 4572 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:27:14.0983 4572 Wdf01000 - ok
14:27:14.0999 4572 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:27:15.0014 4572 WdiServiceHost - ok
14:27:15.0014 4572 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:27:15.0014 4572 WdiSystemHost - ok
14:27:15.0046 4572 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:27:15.0046 4572 WebClient - ok
14:27:15.0077 4572 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:27:15.0077 4572 Wecsvc - ok
14:27:15.0092 4572 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:27:15.0092 4572 wercplsupport - ok
14:27:15.0108 4572 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:27:15.0108 4572 WerSvc - ok
14:27:15.0124 4572 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:27:15.0124 4572 WfpLwf - ok
14:27:15.0139 4572 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:27:15.0139 4572 WIMMount - ok
14:27:15.0139 4572 WinHttpAutoProxySvc - ok
14:27:15.0248 4572 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:27:15.0264 4572 Winmgmt - ok
14:27:15.0342 4572 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:27:15.0373 4572 WinRM - ok
14:27:15.0420 4572 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:27:15.0436 4572 Wlansvc - ok
14:27:15.0810 4572 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:27:15.0841 4572 wlidsvc - ok
14:27:15.0872 4572 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:27:15.0872 4572 WmiAcpi - ok
14:27:15.0919 4572 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:27:15.0919 4572 wmiApSrv - ok
14:27:15.0966 4572 WMPNetworkSvc - ok
14:27:15.0966 4572 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:27:15.0966 4572 WPCSvc - ok
14:27:15.0982 4572 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:27:15.0982 4572 WPDBusEnum - ok
14:27:15.0997 4572 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:27:15.0997 4572 ws2ifsl - ok
14:27:15.0997 4572 WSearch - ok
14:27:16.0028 4572 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:27:16.0028 4572 WudfPf - ok
14:27:16.0060 4572 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:27:16.0060 4572 WUDFRd - ok
14:27:16.0075 4572 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:27:16.0075 4572 wudfsvc - ok
14:27:16.0091 4572 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:27:16.0091 4572 WwanSvc - ok
14:27:16.0247 4572 X6va005 - ok
14:27:16.0356 4572 X6va008 - ok
14:27:16.0387 4572 X6va009 - ok
14:27:16.0387 4572 xsherlock - ok
14:27:16.0434 4572 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
14:27:16.0434 4572 xusb21 - ok
14:27:16.0434 4572 ================ Scan global ===============================
14:27:16.0450 4572 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:27:16.0481 4572 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:27:16.0496 4572 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:27:16.0528 4572 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:27:16.0559 4572 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:27:16.0559 4572 [Global] - ok
14:27:16.0559 4572 ================ Scan MBR ==================================
14:27:16.0574 4572 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:27:17.0604 4572 \Device\Harddisk0\DR0 - ok
14:27:17.0604 4572 ================ Scan VBR ==================================
14:27:17.0620 4572 [ F2B4F0096D470A96957DB670E7823D05 ] \Device\Harddisk0\DR0\Partition1
14:27:17.0635 4572 \Device\Harddisk0\DR0\Partition1 - ok
14:27:17.0651 4572 [ BCD88904925C8E5E544DC56647BF214B ] \Device\Harddisk0\DR0\Partition2
14:27:17.0651 4572 \Device\Harddisk0\DR0\Partition2 - ok
14:27:17.0651 4572 ============================================================
14:27:17.0651 4572 Scan finished
14:27:17.0651 4572 ============================================================
14:27:17.0666 4264 Detected object count: 1
14:27:17.0666 4264 Actual detected object count: 1
14:27:34.0624 4264 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
14:27:34.0624 4264 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

#4 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 September 2012 - 08:44 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-24 14:30:24
-----------------------------
14:30:24.380 OS Version: Windows x64 6.1.7601 Service Pack 1
14:30:24.380 Number of processors: 4 586 0x102
14:30:24.380 ComputerName: MICHAEL-PC UserName: Michael
14:30:26.003 Initialize success
14:32:15.881 AVAST engine defs: 12092400
14:32:47.596 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:32:47.596 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
14:32:47.611 Disk 0 MBR read successfully
14:32:47.611 Disk 0 MBR scan
14:32:47.627 Disk 0 Windows 7 default MBR code
14:32:47.627 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:32:47.643 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:32:47.674 Disk 0 scanning C:\Windows\system32\drivers
14:32:53.961 Service scanning
14:33:08.048 Modules scanning
14:33:08.048 Disk 0 trace - called modules:
14:33:08.063
14:33:09.717 AVAST engine scan C:\Windows
14:33:12.837 AVAST engine scan C:\Windows\system32
14:35:00.947 AVAST engine scan C:\Windows\system32\drivers
14:35:09.310 AVAST engine scan C:\Users\Michael
14:40:09.925 File: C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\cb8161d-71e41fde **INFECTED** Win32:Reveton-ES [Trj]
14:41:59.624 File: C:\Users\Michael\AppData\Roaming\onfdh.dll **INFECTED** Win32:Medfos [Trj]
14:42:44.740 AVAST engine scan C:\ProgramData
14:43:18.436 Scan finished successfully
14:44:07.404 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
14:44:07.404 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

#5 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 September 2012 - 11:07 AM

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.09.2012_03.10.12\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\15.09.2012_03.45.59\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\24.09.2012_04.33.01\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B.Gen trojan deleted - quarantined
C:\Users\Michael\AppData\Local\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3411718d-6bb8a02b Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\cb8161d-71e41fde a variant of Win32/Kryptik.AMCC trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\3f7c08de-38f02617 Java/Exploit.CVE-2012-1723.BE trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\523ebdb1-397339d8 Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\877c433-39cbb349 Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\2e242d89-699f93d4 Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Roaming\onfdh.dll a variant of Win32/Medfos.BL trojan cleaned by deleting (after the next restart) - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:25 PM

Posted 24 September 2012 - 11:15 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#7 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 September 2012 - 01:26 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [administrator]

24/09/2012 18:36:06
mbam-log-2012-09-24 (18-36-06).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416117
Time elapsed: 47 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.196\deploy\Adobe AIR\Versions\1.0\Resources\Template.exe (Spyware.Password) -> Quarantined and deleted successfully.

(end)

#8 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 September 2012 - 01:31 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Michael (administrator) on 24-09-2012 at 19:29:43
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost








































































































































































































64.27.10.42 www.google-analytics.com.
64.27.10.42 ad-emea.doubleclick.net.
64.27.10.42 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WNDA3200 Wireless 11N Dual-band USB Adapter = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Michael-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WNDA3200 Wireless 11N Dual-band USB Adapter
Physical Address. . . . . . . . . : E0-46-9A-06-BB-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a4e8:95d8:a594:558d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 24 September 2012 19:27:36
Lease Expires . . . . . . . . . . : 24 September 2012 20:27:42
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 249579162
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-32-D3-C9-E0-46-9A-06-BB-C0
DNS Servers . . . . . . . . . . . : 194.168.4.100
194.168.8.100
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{9E6C9F89-FD39-4B47-B90D-0E4C7F2347DF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: google.com
Addresses: 2a00:1450:4009:800::100e
74.125.230.97
74.125.230.102
74.125.230.96
74.125.230.98
74.125.230.105
74.125.230.100
74.125.230.103
74.125.230.99
74.125.230.104
74.125.230.101
74.125.230.110


Pinging google.com [74.125.230.96] with 32 bytes of data:
Reply from 74.125.230.96: bytes=32 time=18ms TTL=56
Reply from 74.125.230.96: bytes=32 time=19ms TTL=54

Ping statistics for 74.125.230.96:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 19ms, Average = 18ms
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=790ms TTL=48
Reply from 98.139.183.24: bytes=32 time=795ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 790ms, Maximum = 795ms, Average = 792ms
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...e0 46 9a 06 bb c0 ......NETGEAR WNDA3200 Wireless 11N Dual-band USB Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 281
192.168.0.2 255.255.255.255 On-link 192.168.0.2 281
192.168.0.255 255.255.255.255 On-link 192.168.0.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::a4e8:95d8:a594:558d/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/24/2012 07:29:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 07:26:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x5f0
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (09/24/2012 06:31:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 06:29:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x618
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (09/24/2012 03:27:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/24/2012 03:25:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 03:25:05 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9e0

Start Time: 01cd9a6044f4e5ac

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 9cae8bcc-0653-11e2-b894-b5446000c03e

Error: (09/24/2012 02:45:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/24/2012 02:21:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 05:24:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x5d4
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3


System errors:
=============
Error: (09/24/2012 07:28:08 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/24/2012 07:28:08 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/24/2012 07:27:38 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (09/24/2012 07:27:36 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/24/2012 07:27:32 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/24/2012 07:26:49 PM) (Source: Service Control Manager) (User: )
Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/24/2012 06:30:29 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (09/24/2012 06:30:29 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (09/24/2012 06:30:16 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/24/2012 06:30:16 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (09/24/2012 07:29:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 07:26:49 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c15f001cd9a7a3453062cC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll672c66a2-0675-11e2-9172-dcc16f47d84a

Error: (09/24/2012 06:31:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 06:29:05 PM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c161801cd9a603f630d69C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll5652225c-066d-11e2-b894-b5446000c03e

Error: (09/24/2012 03:27:34 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CHMH3V4\esetsmartinstaller_enu.exe

Error: (09/24/2012 03:25:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 03:25:05 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175679e001cd9a6044f4e5ac0C:\Windows\Explorer.EXE9cae8bcc-0653-11e2-b894-b5446000c03e

Error: (09/24/2012 02:45:23 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16938RZD\esetsmartinstaller_enu.exe

Error: (09/24/2012 02:21:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2012 05:24:18 AM) (Source: Application Error)(User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c15d401cd9a058e10ce56C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllb49d3e39-05ff-11e2-a379-c9f4960b4c4e


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Akamai NetSession Interface
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0806.1213.19931)
AMD Media Foundation Decoders (Version: 1.0.70727.2220)
AMD VISION Engine Control Center (Version: 2012.0806.1213.19931)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.10707)
Bandisoft MPEG-1 Decoder
Bonjour (Version: 3.0.0.10)
Brytenwalda version 1.39 (Version: 1.39)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (Version: 2012.0806.1213.19931)
ccc-utility64 (Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (Version: 2012.0806.1212.19931)
CCC Help Czech (Version: 2012.0806.1212.19931)
CCC Help Danish (Version: 2012.0806.1212.19931)
CCC Help Dutch (Version: 2012.0806.1212.19931)
CCC Help English (Version: 2012.0806.1212.19931)
CCC Help Finnish (Version: 2012.0806.1212.19931)
CCC Help French (Version: 2012.0806.1212.19931)
CCC Help German (Version: 2012.0806.1212.19931)
CCC Help Greek (Version: 2012.0806.1212.19931)
CCC Help Hungarian (Version: 2012.0806.1212.19931)
CCC Help Italian (Version: 2012.0806.1212.19931)
CCC Help Japanese (Version: 2012.0806.1212.19931)
CCC Help Korean (Version: 2012.0806.1212.19931)
CCC Help Norwegian (Version: 2012.0806.1212.19931)
CCC Help Polish (Version: 2012.0806.1212.19931)
CCC Help Portuguese (Version: 2012.0806.1212.19931)
CCC Help Russian (Version: 2012.0806.1212.19931)
CCC Help Spanish (Version: 2012.0806.1212.19931)
CCC Help Swedish (Version: 2012.0806.1212.19931)
CCC Help Thai (Version: 2012.0806.1212.19931)
CCC Help Turkish (Version: 2012.0806.1212.19931)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Darkspore
Deus Ex: Human Revolution - The Missing Link
Dragon Age: Origins - Ultimate Edition
Dungeon Defenders
DUNGEONS - Steam Special Edition
ESET Online Scanner v3
Fallout: New Vegas
Floris Mod Pack 2.54
FLV to AVI Converter
Free RAR Extract Frog (Version: 4.10)
Free YouTube to MP3 Converter version 3.11.30.903 (Version: 3.11.30.903)
GIMP 2.8.0 (Version: 2.8.0)
Global Agenda Live (Version: 1.5.1.5)
Gnomoria Demo version 0.8.12.1 (Version: 0.8.12.1)
Google Chrome (Version: 21.0.1180.89)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HydraVision (Version: 4.2.208.0)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 4 (64-bit) (Version: 7.0.40)
Junk Mail filter update (Version: 16.4.3503.0728)
Kalydo Player 4.07.02 (Version: 4.07.02)
League of Legends (Version: 1.3)
Magic Swf2Gif 1.35
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Games for Windows - LIVE (Version: 2.0.687.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.687.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft SkyDrive (Version: 16.4.6010.0727)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mount&Blade
Movie Maker (Version: 16.4.3503.0728)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
NC Launcher (GameForge)
NCsoft Launcher (Version: 1.5.19002)
NETGEAR WNDA3200 wireless adapter Setup (Version: 1.0.0.11)
Nexon Game Manager
NVIDIA PhysX (Version: 9.10.0129)
OGPlanet Game Launcher (Version: 1.0.0)
On the Rain-Slick Precipice of Darkness, Episode One
On the Rain-Slick Precipice of Darkness, Episode Two
Orcs Must Die!
Pando Media Booster (Version: 2.6.0.8)
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
PunkBuster Services (Version: 0.993)
Risen
Shoot Many Robots
Soul Captor (Version: 1.1.0.94941)
SoulCaptor (Version: 0.01.00.20)
Spore
Star Wars: Knights of the Old Republic
Steam (Version: 1.0.0.0)
Sumotori Dreams
Sword of Damocles: Warlords 3.92 (Version: 3.92)
System Requirements Lab CYRI (Version: 4.5.1.0)
TeamSpeak 3 Client (Version: 3.0.6)
Terraria
The Witcher: Enhanced Edition
Torchlight
Tribes Ascend (Version: 1.0.980.1)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Vampire: The Masquerade - Bloodlines
Vuze Remote Toolbar (Version: 6.8.9.0)
WEBZEN Browser Extension (Version: 1.01.020)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live Family Safety (Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Mail (Version: 16.4.3503.0728)
Windows Live Messenger (Version: 16.4.3503.0728)
Windows Live MIME IFilter (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
Windows Live Writer (Version: 16.4.3503.0728)
Windows Live Writer Resources (Version: 16.4.3503.0728)
Yontoo 1.10.02 (Version: 1.10.02)

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 8189.55 MB
Available physical RAM: 6638.66 MB
Total Pagefile: 16377.3 MB
Available Pagefile: 14569.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.37 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:707.72 GB) NTFS

========================= Users: ========================================

User accounts for \\MICHAEL-PC

Administrator Guest Michael

========================= Restore Points ==================================

08-09-2012 02:28:14 Removed Mumble 1.2.3
14-09-2012 20:23:06 Installed Microsoft XNA Framework Redistributable 4.0
14-09-2012 21:26:14 Installed DirectX
15-09-2012 02:28:26 Restore Operation
22-09-2012 20:43:41 Scheduled Checkpoint

**** End of log ****

#9 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 September 2012 - 01:32 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Michael (administrator) on 24-09-2012 at 19:31:54
Running from "C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0RP09B0"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 September 2012 - 01:36 PM

# AdwCleaner v2.003 - Logfile created 09/24/2012 at 19:33:30
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Michael - MICHAEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29SCM63P\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Michael\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Michael\AppData\Local\Conduit
Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Folder Deleted : C:\Users\Michael\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Michael\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Michael\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Michael\AppData\LocalLow\Vuze_Remote

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6762B104-515C-405B-A0E8-280BC7591C6C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF398D8F-A05D-4A83-ADDD-4F5B41E52D95}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7593 octets] - [24/09/2012 19:33:30]

########## EOF - C:\AdwCleaner[S1].txt - [7653 octets] ##########

#11 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 September 2012 - 01:47 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.0.6 (09.24.2012)
OS: Windows 7 Home Premium x64
Ran by Michael on 24/09/2012 at 19:42:52.76
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED] hkey_classes_root\wow6432node\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED] hkey_local_machine\software\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED] hkey_local_machine\software\classes\wow6432node\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED] hkey_local_machine\software\wow6432node\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files:

Failed to delete: [FILE-LOCKED!] C:\eula.1028.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1031.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1033.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1036.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1040.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1041.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1042.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1049.txt
Failed to delete: [FILE-LOCKED!] C:\eula.2052.txt
Failed to delete: [FILE-LOCKED!] C:\install.res.1028.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1031.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1033.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1036.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1040.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1041.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1042.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1049.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.2052.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.3082.dll



*** Folders: 0 Detections



*** Ask Toolbar: - Remnants removed







*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 24/09/2012 at 19:43:02.17
End of Report

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:25 PM

Posted 24 September 2012 - 08:28 PM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands

Download

Hosts fixit

Run it,restart the PC

Now launch mini toolbox and checkmark hosts contents alone and post the new log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Edited by narenxp, 24 September 2012 - 08:28 PM.


#13 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 25 September 2012 - 11:24 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Michael (administrator) on 25-09-2012 at 17:23:56
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****

#14 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 25 September 2012 - 11:31 AM

Farbar Service Scanner Version: 19-09-2012
Ran by Michael (administrator) on 25-09-2012 at 17:31:12
Running from "C:\Users\Michael\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#15 Spookes

Spookes
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 25 September 2012 - 11:34 AM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/25/2012 05:32:48 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/25/2012 05:33:14 PM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users