Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win7 virus


  • This topic is locked This topic is locked
27 replies to this topic

#1 aquaviva

aquaviva

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 26 September 2012 - 07:19 AM

So i have been all over the net to find a solution, and found many.. But i am not sure i have my doors complete lock..

I know my windows firewall is missing and my windows security center service cant be turn on (both are missing from the service logs) :-(

so i have run malwarebytes + some other programs to clean out my computer and the the last one i tried was Rkill. Its says this

ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* MpsSvc [Missing ImagePath]
* SharedAccess [Missing ImagePath]

should i be worried here ???!!!

BC AdBot (Login to Remove)

 


#2 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 26 September 2012 - 11:06 AM

Got it down to this... And i am running out if things to do

Rkill 2.4.3 by Lawrence Abrams (Grinler)
Bleeping Computer - Computer Help and Discussion
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program

Program started at: 09/26/2012 06:02:33 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]

Checking Windows Service Integrity:

* BITS [Missing Service]
* iphlpsvc [Missing Service]
* WinDefend [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/26/2012 06:02:37 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 26 September 2012 - 05:52 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 27 September 2012 - 04:18 AM

Thx Gringo :inlove:

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2013
JavaFX 2.1.1
Java™ 6 Update 22
Java 7 Update 7
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows Firewall Control wfcs.exe
Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Edited by aquaviva, 27 September 2012 - 04:33 AM.


#5 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 27 September 2012 - 04:23 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by aquaviva at 11:21:43 on 2012-09-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1033.18.16336.13377 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Program Files\Windows Firewall Control\wfcs.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\StikyNot.exe
C:\Users\aquaviva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\aquaviva\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nmd.msn.com
uDefault_Page_URL = hxxp://nmd.msn.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - AVG Do Not Track
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - Yontoo
TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Facebook Update] "C:\Users\aquaviva\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Spotify] "C:\Users\aquaviva\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\aquaviva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\aquaviva\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{509B7049-1CCA-4A5C-A710-83B37635F9F7} : DhcpNameServer = 62.44.166.197 62.44.166.69
TCP: Interfaces\{E6C6CF7A-6E04-4640-BD8C-85ADA0B85937} : DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - AVG Do Not Track
BHO-X64: AVG Do Not Track - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Yontoo
BHO-X64: Yontoo Layers - No File
TB-X64: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aquaviva\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\aquaviva\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\aquaviva\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\aquaviva\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 6b765e46-d955-43d2-b164-9b501040e4ca
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\system32\drivers\iaStorA.sys --> C:\Windows\system32\drivers\iaStorA.sys [?]
R0 iaStorF;iaStorF;C:\Windows\system32\drivers\iaStorF.sys --> C:\Windows\system32\drivers\iaStorF.sys [?]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\drivers\iusb3hcs.sys --> C:\Windows\system32\drivers\iusb3hcs.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\drivers\mvs91xx.sys --> C:\Windows\system32\drivers\mvs91xx.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-11 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-9-19 2365792]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-9-2 927840]
R2 wfcs;Windows Firewall Control Service;C:\Program Files\Windows Firewall Control\wfcs.exe [2012-9-26 143512]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-18 11880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Tjeneste (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-14 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-14 250288]
S3 dc21x4vm;dc21x4vm;C:\Windows\system32\DRIVERS\dc21x4vm.sys --> C:\Windows\system32\DRIVERS\dc21x4vm.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Tjeneste (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-14 116648]
S3 iusb3hub;Intel® USB 3.0 hub driver;C:\Windows\system32\drivers\iusb3hub.sys --> C:\Windows\system32\drivers\iusb3hub.sys [?]
S3 iusb3xhc;Intel® USB 3.0 udvidet værtscontroller driver;C:\Windows\system32\drivers\iusb3xhc.sys --> C:\Windows\system32\drivers\iusb3xhc.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-11 114144]
S3 mv91cons;mv91cons;C:\Windows\system32\drivers\mv91cons.sys --> C:\Windows\system32\drivers\mv91cons.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\system32\drivers\ViaHub3.sys --> C:\Windows\system32\drivers\ViaHub3.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\system32\drivers\xhcdrv.sys --> C:\Windows\system32\drivers\xhcdrv.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-27 09:14:30 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69DF09DE-C9A5-45A8-B9B1-9C26E2E93FD3}\offreg.dll
2012-09-27 00:12:08 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-09-26 19:03:27 -------- d-----w- C:\Users\aquaviva\AppData\Local\Avg2013
2012-09-26 17:54:16 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3ED3DD5-E74F-48AD-A1EF-0930FA048DDB}\gapaengine.dll
2012-09-26 17:54:09 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69DF09DE-C9A5-45A8-B9B1-9C26E2E93FD3}\mpengine.dll
2012-09-26 17:53:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-26 17:53:23 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-26 17:34:50 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\QuickScan
2012-09-26 17:29:23 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-09-26 17:29:23 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-09-26 17:05:18 -------- d-----w- C:\Users\aquaviva\AppData\Local\VS Revo Group
2012-09-26 17:05:16 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-09-26 17:05:15 -------- d-----w- C:\Program Files\VS Revo Group
2012-09-26 15:46:06 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-09-26 13:43:09 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-26 13:32:46 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-09-26 13:09:55 -------- d-----w- C:\MGADiagToolOutput
2012-09-26 11:40:05 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-09-26 11:40:04 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-09-26 11:40:04 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-09-26 11:35:30 -------- d-----w- C:\Users\aquaviva\AppData\Local\BiniSoft.org
2012-09-26 11:35:29 -------- d-----w- C:\Program Files\Windows Firewall Control
2012-09-26 11:35:13 -------- d-----w- C:\ProgramData\Tarma Installer
2012-09-26 09:27:59 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\TuneUp Software
2012-09-26 09:27:58 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2013
2012-09-26 09:27:45 -------- d-----w- C:\ProgramData\TuneUp Software
2012-09-26 09:27:34 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-26 09:00:06 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\Malwarebytes
2012-09-26 09:00:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-26 09:00:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 09:00:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-26 08:43:18 -------- d-----w- C:\Windows\pss
2012-09-26 08:40:34 -------- d-----w- C:\Users\aquaviva\AppData\Local\ElevatedDiagnostics
2012-09-26 08:37:13 -------- d-----r- C:\Users\aquaviva\Dropbox
2012-09-26 08:35:47 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\Dropbox
2012-09-24 15:22:21 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\Mumble
2012-09-24 15:17:35 -------- d-----w- C:\Program Files (x86)\Mumble
2012-09-15 10:09:29 -------- d-----w- C:\temp
2012-09-07 08:03:37 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2012-09-05 07:56:18 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 05:46:03 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\AVG
2012-09-02 09:55:59 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\AVG2012
2012-09-02 09:55:52 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-09-02 09:55:44 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-09-02 09:55:38 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-02 09:54:54 -------- d-----w- C:\Program Files (x86)\AVG
2012-09-02 09:53:46 -------- d-----w- C:\ProgramData\Common Files
2012-09-02 09:29:23 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\xsecva
2012-08-31 06:50:01 9310152 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B027BF72-DDC1-4068-994A-63BF6A33E1F0}\mpengine.dll
2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 08:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-09-26 11:54:54 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-26 11:54:54 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-05 07:56:16 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-05 07:56:16 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-28 08:27:42 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-28 07:41:14 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 15:25:21 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-07-03 15:25:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-07-03 07:37:57 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 11:21:53,89 ===============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by aquaviva at 11:21:43 on 2012-09-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1033.18.16336.13377 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Program Files\Windows Firewall Control\wfcs.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\StikyNot.exe
C:\Users\aquaviva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\aquaviva\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nmd.msn.com
uDefault_Page_URL = hxxp://nmd.msn.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - AVG Do Not Track
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - Yontoo
TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Facebook Update] "C:\Users\aquaviva\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Spotify] "C:\Users\aquaviva\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\aquaviva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\aquaviva\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{509B7049-1CCA-4A5C-A710-83B37635F9F7} : DhcpNameServer = 62.44.166.197 62.44.166.69
TCP: Interfaces\{E6C6CF7A-6E04-4640-BD8C-85ADA0B85937} : DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - AVG Do Not Track
BHO-X64: AVG Do Not Track - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Yontoo
BHO-X64: Yontoo Layers - No File
TB-X64: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aquaviva\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\aquaviva\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\aquaviva\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\aquaviva\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 6b765e46-d955-43d2-b164-9b501040e4ca
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\system32\drivers\iaStorA.sys --> C:\Windows\system32\drivers\iaStorA.sys [?]
R0 iaStorF;iaStorF;C:\Windows\system32\drivers\iaStorF.sys --> C:\Windows\system32\drivers\iaStorF.sys [?]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\drivers\iusb3hcs.sys --> C:\Windows\system32\drivers\iusb3hcs.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\drivers\mvs91xx.sys --> C:\Windows\system32\drivers\mvs91xx.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-11 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-9-19 2365792]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-9-2 927840]
R2 wfcs;Windows Firewall Control Service;C:\Program Files\Windows Firewall Control\wfcs.exe [2012-9-26 143512]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-18 11880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Tjeneste (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-14 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-14 250288]
S3 dc21x4vm;dc21x4vm;C:\Windows\system32\DRIVERS\dc21x4vm.sys --> C:\Windows\system32\DRIVERS\dc21x4vm.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Tjeneste (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-14 116648]
S3 iusb3hub;Intel® USB 3.0 hub driver;C:\Windows\system32\drivers\iusb3hub.sys --> C:\Windows\system32\drivers\iusb3hub.sys [?]
S3 iusb3xhc;Intel® USB 3.0 udvidet værtscontroller driver;C:\Windows\system32\drivers\iusb3xhc.sys --> C:\Windows\system32\drivers\iusb3xhc.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-11 114144]
S3 mv91cons;mv91cons;C:\Windows\system32\drivers\mv91cons.sys --> C:\Windows\system32\drivers\mv91cons.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\system32\drivers\ViaHub3.sys --> C:\Windows\system32\drivers\ViaHub3.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\system32\drivers\xhcdrv.sys --> C:\Windows\system32\drivers\xhcdrv.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-27 09:14:30 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69DF09DE-C9A5-45A8-B9B1-9C26E2E93FD3}\offreg.dll
2012-09-27 00:12:08 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-09-26 19:03:27 -------- d-----w- C:\Users\aquaviva\AppData\Local\Avg2013
2012-09-26 17:54:16 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C3ED3DD5-E74F-48AD-A1EF-0930FA048DDB}\gapaengine.dll
2012-09-26 17:54:09 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69DF09DE-C9A5-45A8-B9B1-9C26E2E93FD3}\mpengine.dll
2012-09-26 17:53:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-26 17:53:23 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-26 17:34:50 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\QuickScan
2012-09-26 17:29:23 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-09-26 17:29:23 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-09-26 17:05:18 -------- d-----w- C:\Users\aquaviva\AppData\Local\VS Revo Group
2012-09-26 17:05:16 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-09-26 17:05:15 -------- d-----w- C:\Program Files\VS Revo Group
2012-09-26 15:46:06 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-09-26 13:43:09 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-26 13:32:46 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-09-26 13:09:55 -------- d-----w- C:\MGADiagToolOutput
2012-09-26 11:40:05 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-09-26 11:40:04 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-09-26 11:40:04 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-09-26 11:35:30 -------- d-----w- C:\Users\aquaviva\AppData\Local\BiniSoft.org
2012-09-26 11:35:29 -------- d-----w- C:\Program Files\Windows Firewall Control
2012-09-26 11:35:13 -------- d-----w- C:\ProgramData\Tarma Installer
2012-09-26 09:27:59 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\TuneUp Software
2012-09-26 09:27:58 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2013
2012-09-26 09:27:45 -------- d-----w- C:\ProgramData\TuneUp Software
2012-09-26 09:27:34 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-26 09:00:06 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\Malwarebytes
2012-09-26 09:00:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-26 09:00:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 09:00:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-26 08:43:18 -------- d-----w- C:\Windows\pss
2012-09-26 08:40:34 -------- d-----w- C:\Users\aquaviva\AppData\Local\ElevatedDiagnostics
2012-09-26 08:37:13 -------- d-----r- C:\Users\aquaviva\Dropbox
2012-09-26 08:35:47 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\Dropbox
2012-09-24 15:22:21 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\Mumble
2012-09-24 15:17:35 -------- d-----w- C:\Program Files (x86)\Mumble
2012-09-15 10:09:29 -------- d-----w- C:\temp
2012-09-07 08:03:37 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2012-09-05 07:56:18 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 05:46:03 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\AVG
2012-09-02 09:55:59 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\AVG2012
2012-09-02 09:55:52 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-09-02 09:55:44 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-09-02 09:55:38 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-02 09:54:54 -------- d-----w- C:\Program Files (x86)\AVG
2012-09-02 09:53:46 -------- d-----w- C:\ProgramData\Common Files
2012-09-02 09:29:23 -------- d-----w- C:\Users\aquaviva\AppData\Roaming\xsecva
2012-08-31 06:50:01 9310152 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B027BF72-DDC1-4068-994A-63BF6A33E1F0}\mpengine.dll
2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 08:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-09-26 11:54:54 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-26 11:54:54 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-05 07:56:16 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-05 07:56:16 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-28 08:27:42 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-28 07:41:14 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 15:25:21 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-07-03 15:25:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-07-03 07:37:57 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 11:21:53,89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16-05-2012 10:33:17
System Uptime: 27-09-2012 10:38:31 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | X79-UD3
Processor: Intel® Core™ i7-3820 CPU @ 3.60GHz | SOCKET 0 | 3801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 213 GiB total, 68,174 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP81: 26-09-2012 10:11:00 - Removed AVG 2012
RP82: 26-09-2012 10:11:44 - Removed AVG 2012
RP83: 26-09-2012 11:27:50 - Installed TuneUp Utilities 2013
RP84: 26-09-2012 12:16:21 - Windows Live Essentials
RP85: 26-09-2012 12:16:30 - WLSetup
RP86: 26-09-2012 13:09:33 - Windows Update
RP87: 26-09-2012 13:14:36 - Windows Update
RP88: 26-09-2012 13:39:45 - Installed TuneUp Utilities 2013
RP89: 26-09-2012 14:25:49 - Removed Hi-Rez Studios Games
RP90: 26-09-2012 17:37:17 - Tweaking.com - Windows Repair
RP92: 26-09-2012 19:05:44 - Revo Uninstaller Pro's restore point - AVG 2012
RP94: 26-09-2012 19:09:09 - Revo Uninstaller Pro's restore point - AVG PC Tuneup
RP96: 26-09-2012 19:11:46 - Revo Uninstaller Pro's restore point - AVG 2012
RP98: 26-09-2012 19:28:34 - Revo Uninstaller Pro's restore point - AVG 2012
RP100: 26-09-2012 19:50:47 - Revo Uninstaller Pro's restore point - Tweaking.com - Windows Repair (All in One)
RP102: 26-09-2012 19:51:28 - Revo Uninstaller Pro's restore point - AVG 2012
RP104: 26-09-2012 21:11:16 - Revo Uninstaller Pro's restore point - AVG 2012
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Apple Application Support
Apple Software Update
µTorrent
Bandisoft MPEG-1 Decoder
D3DX10
Diablo III
DivX Web Player
Facebook Video Calling 1.2.0.159
GameStop App
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Guild Wars 2
Intel® Management Engine Components
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 22
JavaFX 2.1.1
Junk Mail filter update
Kaspersky Security Scan
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Neverwinter Nights 2
Neverwinter Nights 2: Mask of the Betrayer
Neverwinter Nights 2: Storm of Zehir
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
Pando Media Booster
Path of Exile
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Spotify
Steam
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.762
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
27-09-2012 10:38:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHA
27-09-2012 10:38:44, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
27-09-2012 10:38:44, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
27-09-2012 10:38:44, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
27-09-2012 10:15:51, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
27-09-2012 10:15:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27-09-2012 10:15:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27-09-2012 10:15:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27-09-2012 10:15:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27-09-2012 10:15:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHA discache MpFilter spldr Wanarpv6
27-09-2012 10:15:31, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
27-09-2012 10:14:27, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
26-09-2012 22:39:52, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
26-09-2012 19:53:52, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
26-09-2012 19:53:52, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
26-09-2012 17:49:39, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753637.
26-09-2012 17:49:38, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
26-09-2012 17:36:55, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
26-09-2012 17:36:55, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
26-09-2012 17:36:16, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
26-09-2012 13:23:12, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
26-09-2012 13:23:12, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
26-09-2012 13:23:12, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
26-09-2012 13:04:58, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
26-09-2012 13:03:05, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
26-09-2012 13:02:30, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
26-09-2012 09:49:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000247b0c5, 0xfffff8800c643770, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-15475-01.
26-09-2012 09:45:12, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff8800517ed48, 0xfffff8800517e5a0, 0xfffff8000247d0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-10888-01.
26-09-2012 09:45:11, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
26-09-2012 09:40:18, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000308d0c5, 0xfffff8800ff2ac40, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-13681-01.
.
==== End Of File ===========================

#6 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 27 September 2012 - 04:27 AM

Had no problems running the files... Its like i have no problems at all with my cpu and i got some windows feat to work (i think) with fixit.. but there are problems that Rkill can spot and i cant fix.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 27 September 2012 - 07:25 AM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 September 2012 - 05:34 AM

# Running from : C:\Users\aquaviva\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\aquaviva\AppData\Local\Conduit
Folder Deleted : C:\Users\aquaviva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\aquaviva\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-2493685420-569961741-1936360722-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\prefs.js

C:\Users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v22.0.1229.79

File : C:\Users\aquaviva\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8143 octets] - [28/09/2012 12:31:22]

########## EOF - C:\AdwCleaner[S1].txt - [8203 octets] ##########

#9 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 September 2012 - 05:41 AM

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : aquaviva [Admin rights]
Mode : Remove -- Date : 09/28/2012 12:39:46

€€€ Bad processes : 0 €€€

€€€ Registry Entries : 4 €€€
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2493685420-569961741-1936360722-1001\$d0a7df77d0ee2f31907521e034e1a4e3\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

€€€ Particular Files / Folders: €€€

€€€ Driver : [NOT LOADED] €€€

€€€ Extern Hives: €€€

€€€ Infection : ZeroAccess €€€

€€€ HOSTS File: €€€
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


€€€ MBR Check: €€€

+++++ PhysicalDrive0: ATA OCZ-AGILITY3 SCSI Disk Device +++++
--- User ---
[MBR] e4c19e7ec4543c4d2a072b5f2dad6bd3
[BSP] 7ad17501645d88ea873eee4234a906fb : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1024 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2099200 | Size: 217670 Mo
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 447887360 | Size: 10240 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#10 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 September 2012 - 06:20 AM

I can update windows now :thumbsup: the zeroacces is gone i think

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 28 September 2012 - 12:14 PM

Hello aquaviva

It is to early to say it is gone so I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 28 September 2012 - 01:03 PM

ComboFix 12-09-27.03 - aquaviva 28-09-2012 19:58:24.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1033.18.16336.14121 [GMT 2:00]
Kører fra: c:\users\aquaviva\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-08-28 til 2012-09-28 )))))))))))))))))))))))))))))))))))
.
.
2012-09-28 18:00 . 2012-09-28 18:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-28 18:00 . 2012-09-28 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 17:51 . 2012-09-28 17:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B650D46F-36F7-41A7-8635-589B0C16DB9C}\offreg.dll
2012-09-28 17:47 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B650D46F-36F7-41A7-8635-589B0C16DB9C}\mpengine.dll
2012-09-28 16:42 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7A18C5A-921D-454F-9AF1-BC174F9B223D}\mpengine.dll
2012-09-28 15:48 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-09-28 15:42 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-09-28 15:42 . 2012-09-28 15:42 -------- d-----w- C:\RegBackup
2012-09-28 14:53 . 2012-09-28 14:53 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-09-28 14:09 . 2012-09-28 14:09 -------- d-----w- C:\Intel
2012-09-28 13:42 . 2012-09-28 13:42 -------- d-----w- c:\program files (x86)\Realtek
2012-09-28 13:40 . 2012-09-28 13:47 -------- d-----w- c:\program files (x86)\Temp
2012-09-28 13:38 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\SlimCleaner
2012-09-28 13:37 . 2012-09-28 13:49 -------- d-----w- c:\users\aquaviva\AppData\Local\SlimWare Utilities Inc
2012-09-28 12:21 . 2012-09-28 12:21 -------- d-----w- c:\users\aquaviva\AppData\Local\Innovative Solutions
2012-09-28 12:21 . 2012-09-29 01:00 -------- d-----w- c:\program files (x86)\Innovative Solutions
2012-09-28 12:18 . 2012-09-29 01:07 -------- d-----w- c:\program files\Intel
2012-09-28 12:17 . 2012-07-25 15:54 538496 ----a-w- c:\windows\system32\PROUnstl.exe
2012-09-28 12:00 . 2012-09-28 15:23 -------- d-----w- c:\program files (x86)\Uniblue
2012-09-28 11:19 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-28 11:17 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-28 11:17 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-27 14:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-27 14:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-27 14:31 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-27 14:31 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-27 14:31 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-27 14:31 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-27 14:31 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-27 14:31 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-27 00:12 . 2012-09-29 01:07 -------- d-----w- c:\windows\Microsoft Antimalware
2012-09-26 19:03 . 2012-09-26 19:03 -------- d-----w- c:\users\aquaviva\AppData\Local\Avg2013
2012-09-26 17:54 . 2012-08-07 14:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3ED3DD5-E74F-48AD-A1EF-0930FA048DDB}\gapaengine.dll
2012-09-26 17:53 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-26 17:53 . 2012-09-29 01:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-26 17:34 . 2012-09-26 17:34 -------- d-----w- c:\users\aquaviva\AppData\Roaming\QuickScan
2012-09-26 17:29 . 2012-09-29 01:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-26 17:29 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-09-26 17:05 . 2012-09-26 17:05 -------- d-----w- c:\users\aquaviva\AppData\Local\VS Revo Group
2012-09-26 17:05 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-26 17:05 . 2012-09-29 01:01 -------- d-----w- c:\program files\VS Revo Group
2012-09-26 15:46 . 2012-09-28 15:49 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-09-26 15:24 . 2012-09-28 15:51 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-26 13:43 . 2012-09-28 15:51 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-26 13:32 . 2012-09-26 13:34 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-09-26 13:09 . 2012-09-26 13:09 -------- d-----w- C:\MGADiagToolOutput
2012-09-26 12:57 . 2012-09-26 12:57 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-09-26 11:40 . 2012-09-19 10:10 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-26 11:40 . 2012-09-19 10:10 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-26 11:40 . 2012-09-19 10:10 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-09-26 11:35 . 2012-09-26 11:35 -------- d-----w- c:\users\aquaviva\AppData\Local\BiniSoft.org
2012-09-26 11:35 . 2012-09-29 01:07 -------- d-----w- c:\program files\Windows Firewall Control
2012-09-26 09:27 . 2012-09-26 09:27 -------- d-----w- c:\users\aquaviva\AppData\Roaming\TuneUp Software
2012-09-26 09:27 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2013
2012-09-26 09:27 . 2012-09-29 01:01 -------- d-----w- c:\programdata\TuneUp Software
2012-09-26 09:27 . 2012-09-26 11:41 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-26 09:00 . 2012-09-26 09:00 -------- d-----w- c:\users\aquaviva\AppData\Roaming\Malwarebytes
2012-09-26 09:00 . 2012-09-29 01:01 -------- d-----w- c:\programdata\Malwarebytes
2012-09-26 09:00 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 09:00 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 08:40 . 2012-09-27 08:40 -------- d-----w- c:\users\aquaviva\AppData\Local\ElevatedDiagnostics
2012-09-26 08:37 . 2012-09-26 21:21 -------- d-----r- c:\users\aquaviva\Dropbox
2012-09-26 08:35 . 2012-09-26 10:07 -------- d-----w- c:\users\aquaviva\AppData\Roaming\Dropbox
2012-09-24 15:22 . 2012-09-24 15:28 -------- d-----w- c:\users\aquaviva\AppData\Roaming\Mumble
2012-09-24 15:17 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Mumble
2012-09-15 10:09 . 2012-09-15 10:09 -------- d-----w- C:\temp
2012-09-05 07:56 . 2012-09-29 01:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-05 07:56 . 2012-09-05 07:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 05:46 . 2012-09-04 05:46 -------- d-----w- c:\users\aquaviva\AppData\Roaming\AVG
2012-09-02 09:55 . 2012-09-02 09:55 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-02 09:55 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-02 09:54 . 2012-09-29 01:00 -------- d-----w- c:\program files (x86)\AVG
2012-09-02 09:53 . 2012-09-02 09:53 -------- d-----w- c:\programdata\Common Files
2012-09-02 09:29 . 2012-09-02 10:01 -------- d-----w- c:\users\aquaviva\AppData\Roaming\xsecva
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 11:54 . 2012-07-14 08:43 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-26 11:54 . 2012-07-14 08:43 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-05 07:56 . 2012-05-20 13:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-05 07:56 . 2012-05-20 13:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 22:43 . 2012-04-19 10:18 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 19:14 . 2012-08-26 16:10 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-30 19:14 . 2012-05-11 20:40 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-05-11 20:40 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-05-11 20:40 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2012-05-11 20:40 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2012-05-11 20:40 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-05-11 20:40 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 16:18 . 2012-05-11 20:41 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-05-11 20:41 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-05-11 20:41 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-05-11 20:41 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2012-05-11 20:41 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-05-11 20:41 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-18 01:48 . 2012-08-18 01:48 830976 ----a-w- c:\windows\system32\ncs2dmix.dll
2012-08-18 01:27 . 2012-08-18 01:27 788992 ----a-w- c:\windows\system32\accesor.dll
2012-08-18 01:15 . 2012-08-18 01:15 211968 ----a-w- c:\windows\system32\ncs2instutility.dll
2012-08-18 01:09 . 2012-08-18 01:09 3154432 ----a-w- c:\windows\system32\ncscolib.dll
2012-08-15 08:57 . 2012-08-15 08:57 33616 ----a-w- c:\windows\system32\drivers\iqvw64e.sys
2012-08-10 22:44 . 2012-08-23 22:49 482128 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-08-10 09:00 . 2012-08-10 09:00 316736 ----a-w- c:\windows\system32\PRONtObj.dll
2012-08-09 20:56 . 2012-08-23 22:49 101224 ----a-w- c:\windows\system32\NicInstC.dll
2012-08-09 16:54 . 2012-08-23 22:49 73032 ----a-w- c:\windows\system32\e1cmsg.dll
2012-08-09 05:42 . 2012-08-09 05:42 204288 ----a-w- c:\windows\system32\Ncs2Setp.dll
2012-08-01 10:02 . 2012-08-01 10:02 162960 ----a-w- c:\windows\system32\drivers\iANSW60e.sys
2012-07-28 08:27 . 2012-07-28 08:27 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-28 07:41 . 2012-07-28 07:41 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-27 00:30 . 2012-07-27 00:30 170824 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2012-07-18 18:15 . 2012-08-15 08:33 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 08:33 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:33 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:33 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:33 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 07:37 . 2012-05-11 20:40 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Facebook Update"="c:\users\aquaviva\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"Spotify"="c:\users\aquaviva\AppData\Roaming\Spotify\Spotify.exe" [2012-08-24 5576408]
"Spotify Web Helper"="c:\users\aquaviva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-24 1193176]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-09-03 11325376]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-09-03 11325376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
.
c:\users\aquaviva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe"
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Tjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 250288]
R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys [2009-06-10 57344]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R3 iusb3hub;Intel® USB 3.0 hub driver;c:\windows\system32\drivers\iusb3hub.sys [2012-01-27 356120]
R3 iusb3xhc;Intel® USB 3.0 udvidet værtscontroller driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-01-27 787736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys [2011-08-09 24880]
R3 ncvet.dll;ncvet.dll;c:\windows\Temp\ncvet.dll [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys [2012-01-20 205312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\drivers\xhcdrv.sys [2012-01-20 254464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2011-08-26 562456]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2011-08-26 23832]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-01-27 16152]
S0 mvs91xx;mvs91xx;c:\windows\system32\drivers\mvs91xx.sys [2011-08-09 315696]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-02 31080]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-07-27 170824]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-02 927840]
S2 wfcs;Windows Firewall Control Service;c:\program files\Windows Firewall Control\wfcs.exe [2012-09-26 143512]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-08-10 482128]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-07-06 191040]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-07-06 67136]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-09-22 56600]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-18 11880]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 11:54]
.
2012-09-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2493685420-569961741-1936360722-1001Core.job
- c:\users\aquaviva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-22 04:33]
.
2012-09-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2493685420-569961741-1936360722-1001UA.job
- c:\users\aquaviva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-22 04:33]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 08:12]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 08:12]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493685420-569961741-1936360722-1001Core.job
- c:\users\aquaviva\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 08:37]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493685420-569961741-1936360722-1001UA.job
- c:\users\aquaviva\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 08:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nmd.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Gennemført tid: 2012-09-28 20:01:37
ComboFix-quarantined-files.txt 2012-09-28 18:01
ComboFix2.txt 2012-09-28 17:43
.
Pre-Kørsel: 71.314.833.408 bytes free
Post-Kørsel: 71.011.364.864 bytes free
.
- - End Of File - - 5FC4CE0CB0F8239E5778D5B41E654C2B
ComboFix 12-09-27.03 - aquaviva 28-09-2012 19:58:24.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1033.18.16336.14121 [GMT 2:00]
Kører fra: c:\users\aquaviva\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-08-28 til 2012-09-28 )))))))))))))))))))))))))))))))))))
.
.
2012-09-28 18:00 . 2012-09-28 18:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-28 18:00 . 2012-09-28 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 17:51 . 2012-09-28 17:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B650D46F-36F7-41A7-8635-589B0C16DB9C}\offreg.dll
2012-09-28 17:47 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B650D46F-36F7-41A7-8635-589B0C16DB9C}\mpengine.dll
2012-09-28 16:42 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7A18C5A-921D-454F-9AF1-BC174F9B223D}\mpengine.dll
2012-09-28 15:48 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-09-28 15:42 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-09-28 15:42 . 2012-09-28 15:42 -------- d-----w- C:\RegBackup
2012-09-28 14:53 . 2012-09-28 14:53 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-09-28 14:09 . 2012-09-28 14:09 -------- d-----w- C:\Intel
2012-09-28 13:42 . 2012-09-28 13:42 -------- d-----w- c:\program files (x86)\Realtek
2012-09-28 13:40 . 2012-09-28 13:47 -------- d-----w- c:\program files (x86)\Temp
2012-09-28 13:38 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\SlimCleaner
2012-09-28 13:37 . 2012-09-28 13:49 -------- d-----w- c:\users\aquaviva\AppData\Local\SlimWare Utilities Inc
2012-09-28 12:21 . 2012-09-28 12:21 -------- d-----w- c:\users\aquaviva\AppData\Local\Innovative Solutions
2012-09-28 12:21 . 2012-09-29 01:00 -------- d-----w- c:\program files (x86)\Innovative Solutions
2012-09-28 12:18 . 2012-09-29 01:07 -------- d-----w- c:\program files\Intel
2012-09-28 12:17 . 2012-07-25 15:54 538496 ----a-w- c:\windows\system32\PROUnstl.exe
2012-09-28 12:00 . 2012-09-28 15:23 -------- d-----w- c:\program files (x86)\Uniblue
2012-09-28 11:19 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-28 11:17 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-28 11:17 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-27 14:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-27 14:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-27 14:31 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-27 14:31 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-27 14:31 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-27 14:31 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-27 14:31 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-27 14:31 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-27 00:12 . 2012-09-29 01:07 -------- d-----w- c:\windows\Microsoft Antimalware
2012-09-26 19:03 . 2012-09-26 19:03 -------- d-----w- c:\users\aquaviva\AppData\Local\Avg2013
2012-09-26 17:54 . 2012-08-07 14:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3ED3DD5-E74F-48AD-A1EF-0930FA048DDB}\gapaengine.dll
2012-09-26 17:53 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-26 17:53 . 2012-09-29 01:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-26 17:34 . 2012-09-26 17:34 -------- d-----w- c:\users\aquaviva\AppData\Roaming\QuickScan
2012-09-26 17:29 . 2012-09-29 01:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-26 17:29 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-09-26 17:05 . 2012-09-26 17:05 -------- d-----w- c:\users\aquaviva\AppData\Local\VS Revo Group
2012-09-26 17:05 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-09-26 17:05 . 2012-09-29 01:01 -------- d-----w- c:\program files\VS Revo Group
2012-09-26 15:46 . 2012-09-28 15:49 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-09-26 15:24 . 2012-09-28 15:51 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-26 13:43 . 2012-09-28 15:51 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-26 13:32 . 2012-09-26 13:34 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-09-26 13:09 . 2012-09-26 13:09 -------- d-----w- C:\MGADiagToolOutput
2012-09-26 12:57 . 2012-09-26 12:57 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-09-26 11:40 . 2012-09-19 10:10 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-26 11:40 . 2012-09-19 10:10 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-26 11:40 . 2012-09-19 10:10 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-09-26 11:35 . 2012-09-26 11:35 -------- d-----w- c:\users\aquaviva\AppData\Local\BiniSoft.org
2012-09-26 11:35 . 2012-09-29 01:07 -------- d-----w- c:\program files\Windows Firewall Control
2012-09-26 09:27 . 2012-09-26 09:27 -------- d-----w- c:\users\aquaviva\AppData\Roaming\TuneUp Software
2012-09-26 09:27 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2013
2012-09-26 09:27 . 2012-09-29 01:01 -------- d-----w- c:\programdata\TuneUp Software
2012-09-26 09:27 . 2012-09-26 11:41 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-26 09:00 . 2012-09-26 09:00 -------- d-----w- c:\users\aquaviva\AppData\Roaming\Malwarebytes
2012-09-26 09:00 . 2012-09-29 01:01 -------- d-----w- c:\programdata\Malwarebytes
2012-09-26 09:00 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-26 09:00 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 08:40 . 2012-09-27 08:40 -------- d-----w- c:\users\aquaviva\AppData\Local\ElevatedDiagnostics
2012-09-26 08:37 . 2012-09-26 21:21 -------- d-----r- c:\users\aquaviva\Dropbox
2012-09-26 08:35 . 2012-09-26 10:07 -------- d-----w- c:\users\aquaviva\AppData\Roaming\Dropbox
2012-09-24 15:22 . 2012-09-24 15:28 -------- d-----w- c:\users\aquaviva\AppData\Roaming\Mumble
2012-09-24 15:17 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Mumble
2012-09-15 10:09 . 2012-09-15 10:09 -------- d-----w- C:\temp
2012-09-05 07:56 . 2012-09-29 01:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-05 07:56 . 2012-09-05 07:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 05:46 . 2012-09-04 05:46 -------- d-----w- c:\users\aquaviva\AppData\Roaming\AVG
2012-09-02 09:55 . 2012-09-02 09:55 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-02 09:55 . 2012-09-29 01:07 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-02 09:54 . 2012-09-29 01:00 -------- d-----w- c:\program files (x86)\AVG
2012-09-02 09:53 . 2012-09-02 09:53 -------- d-----w- c:\programdata\Common Files
2012-09-02 09:29 . 2012-09-02 10:01 -------- d-----w- c:\users\aquaviva\AppData\Roaming\xsecva
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 11:54 . 2012-07-14 08:43 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-26 11:54 . 2012-07-14 08:43 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-05 07:56 . 2012-05-20 13:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-05 07:56 . 2012-05-20 13:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 22:43 . 2012-04-19 10:18 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 19:14 . 2012-08-26 16:10 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-30 19:14 . 2012-05-11 20:40 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-05-11 20:40 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-05-11 20:40 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2012-05-11 20:40 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 19:14 . 2012-05-11 20:40 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-05-11 20:40 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 16:18 . 2012-05-11 20:41 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-05-11 20:41 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-05-11 20:41 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-05-11 20:41 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2012-05-11 20:41 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-05-11 20:41 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-18 01:48 . 2012-08-18 01:48 830976 ----a-w- c:\windows\system32\ncs2dmix.dll
2012-08-18 01:27 . 2012-08-18 01:27 788992 ----a-w- c:\windows\system32\accesor.dll
2012-08-18 01:15 . 2012-08-18 01:15 211968 ----a-w- c:\windows\system32\ncs2instutility.dll
2012-08-18 01:09 . 2012-08-18 01:09 3154432 ----a-w- c:\windows\system32\ncscolib.dll
2012-08-15 08:57 . 2012-08-15 08:57 33616 ----a-w- c:\windows\system32\drivers\iqvw64e.sys
2012-08-10 22:44 . 2012-08-23 22:49 482128 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-08-10 09:00 . 2012-08-10 09:00 316736 ----a-w- c:\windows\system32\PRONtObj.dll
2012-08-09 20:56 . 2012-08-23 22:49 101224 ----a-w- c:\windows\system32\NicInstC.dll
2012-08-09 16:54 . 2012-08-23 22:49 73032 ----a-w- c:\windows\system32\e1cmsg.dll
2012-08-09 05:42 . 2012-08-09 05:42 204288 ----a-w- c:\windows\system32\Ncs2Setp.dll
2012-08-01 10:02 . 2012-08-01 10:02 162960 ----a-w- c:\windows\system32\drivers\iANSW60e.sys
2012-07-28 08:27 . 2012-07-28 08:27 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-28 07:41 . 2012-07-28 07:41 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-27 00:30 . 2012-07-27 00:30 170824 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2012-07-18 18:15 . 2012-08-15 08:33 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 08:33 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:33 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:33 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:33 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 07:37 . 2012-05-11 20:40 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Facebook Update"="c:\users\aquaviva\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"Spotify"="c:\users\aquaviva\AppData\Roaming\Spotify\Spotify.exe" [2012-08-24 5576408]
"Spotify Web Helper"="c:\users\aquaviva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-24 1193176]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-09-03 11325376]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-09-03 11325376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
.
c:\users\aquaviva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe"
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Tjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 250288]
R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys [2009-06-10 57344]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
R3 iusb3hub;Intel® USB 3.0 hub driver;c:\windows\system32\drivers\iusb3hub.sys [2012-01-27 356120]
R3 iusb3xhc;Intel® USB 3.0 udvidet værtscontroller driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-01-27 787736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys [2011-08-09 24880]
R3 ncvet.dll;ncvet.dll;c:\windows\Temp\ncvet.dll [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\drivers\ViaHub3.sys [2012-01-20 205312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\drivers\xhcdrv.sys [2012-01-20 254464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2011-08-26 562456]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2011-08-26 23832]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-01-27 16152]
S0 mvs91xx;mvs91xx;c:\windows\system32\drivers\mvs91xx.sys [2011-08-09 315696]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-02 31080]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-07-27 170824]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-02 927840]
S2 wfcs;Windows Firewall Control Service;c:\program files\Windows Firewall Control\wfcs.exe [2012-09-26 143512]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-08-10 482128]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-07-06 191040]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-07-06 67136]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-09-22 56600]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-18 11880]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 11:54]
.
2012-09-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2493685420-569961741-1936360722-1001Core.job
- c:\users\aquaviva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-22 04:33]
.
2012-09-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2493685420-569961741-1936360722-1001UA.job
- c:\users\aquaviva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-22 04:33]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 08:12]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 08:12]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493685420-569961741-1936360722-1001Core.job
- c:\users\aquaviva\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 08:37]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493685420-569961741-1936360722-1001UA.job
- c:\users\aquaviva\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 08:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://nmd.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\aquaviva\AppData\Roaming\Mozilla\Firefox\Profiles\hm36ivmp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Gennemført tid: 2012-09-28 20:01:37
ComboFix-quarantined-files.txt 2012-09-28 18:01
ComboFix2.txt 2012-09-28 17:43
.
Pre-Kørsel: 71.314.833.408 bytes free
Post-Kørsel: 71.011.364.864 bytes free
.
- - End Of File - - 5FC4CE0CB0F8239E5778D5B41E654C2B

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:37 AM

Posted 28 September 2012 - 01:11 PM

Greetings aquaviva

These will help me check to see if anything deeper is on the computerI want you to run these next, also I would like to know how things are running.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 01 October 2012 - 02:18 AM

09:17:32.0812 4576 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:17:32.0953 4576 ============================================================
09:17:32.0953 4576 Current date / time: 2012/10/01 09:17:32.0953
09:17:32.0953 4576 SystemInfo:
09:17:32.0953 4576
09:17:32.0953 4576 OS Version: 6.1.7601 ServicePack: 1.0
09:17:32.0953 4576 Product type: Workstation
09:17:32.0953 4576 ComputerName: AQUAVIVA-PC
09:17:32.0953 4576 UserName: aquaviva
09:17:32.0953 4576 Windows directory: C:\Windows
09:17:32.0953 4576 System windows directory: C:\Windows
09:17:32.0953 4576 Running under WOW64
09:17:32.0953 4576 Processor architecture: Intel x64
09:17:32.0953 4576 Number of processors: 8
09:17:32.0953 4576 Page size: 0x1000
09:17:32.0953 4576 Boot type: Normal boot
09:17:32.0953 4576 ============================================================
09:17:33.0514 4576 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:33.0530 4576 ============================================================
09:17:33.0530 4576 \Device\Harddisk0\DR0:
09:17:33.0530 4576 MBR partitions:
09:17:33.0530 4576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x200000
09:17:33.0530 4576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x200800, BlocksNum 0x1A923000
09:17:33.0530 4576 ============================================================
09:17:33.0530 4576 C: <-> \Device\Harddisk0\DR0\Partition2
09:17:33.0530 4576 ============================================================
09:17:33.0530 4576 Initialize success
09:17:33.0530 4576 ============================================================
09:17:35.0012 1864 ============================================================
09:17:35.0012 1864 Scan started
09:17:35.0012 1864 Mode: Manual;
09:17:35.0012 1864 ============================================================
09:17:35.0807 1864 ================ Scan system memory ========================
09:17:35.0807 1864 System memory - ok
09:17:35.0807 1864 ================ Scan services =============================
09:17:35.0839 1864 1394hub - ok
09:17:35.0839 1864 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:17:35.0854 1864 1394ohci - ok
09:17:35.0854 1864 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:17:35.0854 1864 ACPI - ok
09:17:35.0854 1864 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:17:35.0854 1864 AcpiPmi - ok
09:17:35.0854 1864 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:17:35.0854 1864 AdobeARMservice - ok
09:17:35.0885 1864 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:17:35.0885 1864 AdobeFlashPlayerUpdateSvc - ok
09:17:35.0901 1864 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:17:35.0901 1864 adp94xx - ok
09:17:35.0917 1864 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:17:35.0917 1864 adpahci - ok
09:17:35.0917 1864 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:17:35.0917 1864 adpu320 - ok
09:17:35.0917 1864 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:17:35.0917 1864 AeLookupSvc - ok
09:17:35.0932 1864 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:17:35.0932 1864 AFD - ok
09:17:35.0932 1864 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:17:35.0932 1864 agp440 - ok
09:17:35.0932 1864 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:17:35.0932 1864 ALG - ok
09:17:35.0932 1864 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:17:35.0948 1864 aliide - ok
09:17:35.0948 1864 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:17:35.0948 1864 amdide - ok
09:17:35.0948 1864 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:17:35.0948 1864 AmdK8 - ok
09:17:35.0948 1864 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:17:35.0948 1864 AmdPPM - ok
09:17:35.0948 1864 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:17:35.0948 1864 amdsata - ok
09:17:35.0963 1864 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:17:35.0963 1864 amdsbs - ok
09:17:35.0963 1864 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:17:35.0963 1864 amdxata - ok
09:17:35.0963 1864 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:17:35.0963 1864 AppID - ok
09:17:35.0963 1864 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:17:35.0963 1864 AppIDSvc - ok
09:17:35.0963 1864 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:17:35.0963 1864 Appinfo - ok
09:17:35.0979 1864 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:17:35.0979 1864 Apple Mobile Device - ok
09:17:35.0979 1864 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:17:35.0979 1864 AppMgmt - ok
09:17:35.0979 1864 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:17:35.0979 1864 arc - ok
09:17:35.0979 1864 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:17:35.0995 1864 arcsas - ok
09:17:35.0995 1864 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:17:35.0995 1864 aspnet_state - ok
09:17:35.0995 1864 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:17:35.0995 1864 AsyncMac - ok
09:17:35.0995 1864 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:17:35.0995 1864 atapi - ok
09:17:36.0010 1864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:17:36.0010 1864 AudioEndpointBuilder - ok
09:17:36.0010 1864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:17:36.0010 1864 AudioSrv - ok
09:17:36.0026 1864 AVGIDSHA - ok
09:17:36.0026 1864 [ E964EA70249DDE1343C8F694B52575EE ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
09:17:36.0026 1864 avgtp - ok
09:17:36.0026 1864 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:17:36.0026 1864 AxInstSV - ok
09:17:36.0026 1864 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:17:36.0041 1864 b06bdrv - ok
09:17:36.0041 1864 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:17:36.0041 1864 b57nd60a - ok
09:17:36.0041 1864 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:17:36.0041 1864 BDESVC - ok
09:17:36.0057 1864 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:17:36.0057 1864 Beep - ok
09:17:36.0057 1864 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:17:36.0057 1864 BFE - ok
09:17:36.0073 1864 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
09:17:36.0073 1864 BITS - ok
09:17:36.0073 1864 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:17:36.0073 1864 blbdrive - ok
09:17:36.0088 1864 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:17:36.0088 1864 Bonjour Service - ok
09:17:36.0088 1864 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:17:36.0088 1864 bowser - ok
09:17:36.0088 1864 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:17:36.0088 1864 BrFiltLo - ok
09:17:36.0088 1864 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:17:36.0088 1864 BrFiltUp - ok
09:17:36.0088 1864 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:17:36.0088 1864 BridgeMP - ok
09:17:36.0104 1864 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:17:36.0104 1864 Browser - ok
09:17:36.0104 1864 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:17:36.0104 1864 Brserid - ok
09:17:36.0104 1864 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:17:36.0104 1864 BrSerWdm - ok
09:17:36.0119 1864 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:17:36.0119 1864 BrUsbMdm - ok
09:17:36.0119 1864 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:17:36.0119 1864 BrUsbSer - ok
09:17:36.0119 1864 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:17:36.0119 1864 BTHMODEM - ok
09:17:36.0119 1864 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:17:36.0119 1864 bthserv - ok
09:17:36.0119 1864 catchme - ok
09:17:36.0135 1864 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:17:36.0135 1864 cdfs - ok
09:17:36.0135 1864 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:17:36.0135 1864 cdrom - ok
09:17:36.0135 1864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:17:36.0135 1864 CertPropSvc - ok
09:17:36.0135 1864 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:17:36.0135 1864 circlass - ok
09:17:36.0151 1864 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:17:36.0151 1864 CLFS - ok
09:17:36.0151 1864 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:17:36.0151 1864 clr_optimization_v2.0.50727_32 - ok
09:17:36.0151 1864 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:17:36.0151 1864 clr_optimization_v2.0.50727_64 - ok
09:17:36.0166 1864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:17:36.0166 1864 clr_optimization_v4.0.30319_32 - ok
09:17:36.0166 1864 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:17:36.0166 1864 clr_optimization_v4.0.30319_64 - ok
09:17:36.0166 1864 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:17:36.0166 1864 CmBatt - ok
09:17:36.0166 1864 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:17:36.0166 1864 cmdide - ok
09:17:36.0182 1864 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:17:36.0182 1864 CNG - ok
09:17:36.0182 1864 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:17:36.0182 1864 Compbatt - ok
09:17:36.0182 1864 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:17:36.0182 1864 CompositeBus - ok
09:17:36.0182 1864 COMSysApp - ok
09:17:36.0182 1864 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:17:36.0182 1864 crcdisk - ok
09:17:36.0197 1864 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:17:36.0197 1864 CryptSvc - ok
09:17:36.0197 1864 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:17:36.0197 1864 CSC - ok
09:17:36.0213 1864 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:17:36.0213 1864 CscService - ok
09:17:36.0213 1864 [ AD227CE1E1A558853FFA1F7EB40E21E0 ] dc21x4vm C:\Windows\system32\DRIVERS\dc21x4vm.sys
09:17:36.0213 1864 dc21x4vm - ok
09:17:36.0213 1864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:17:36.0229 1864 DcomLaunch - ok
09:17:36.0229 1864 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:17:36.0229 1864 defragsvc - ok
09:17:36.0229 1864 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:17:36.0229 1864 DfsC - ok
09:17:36.0229 1864 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:17:36.0244 1864 Dhcp - ok
09:17:36.0244 1864 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:17:36.0244 1864 discache - ok
09:17:36.0244 1864 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:17:36.0244 1864 Disk - ok
09:17:36.0244 1864 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:17:36.0244 1864 dmvsc - ok
09:17:36.0244 1864 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:17:36.0244 1864 Dnscache - ok
09:17:36.0260 1864 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:17:36.0260 1864 dot3svc - ok
09:17:36.0260 1864 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:17:36.0260 1864 DPS - ok
09:17:36.0260 1864 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:17:36.0260 1864 drmkaud - ok
09:17:36.0275 1864 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:17:36.0275 1864 DXGKrnl - ok
09:17:36.0275 1864 [ 1BEF2C2E229452EC49FFE5A27283341D ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
09:17:36.0291 1864 e1cexpress - ok
09:17:36.0291 1864 EagleX64 - ok
09:17:36.0291 1864 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:17:36.0291 1864 EapHost - ok
09:17:36.0322 1864 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:17:36.0353 1864 ebdrv - ok
09:17:36.0353 1864 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:17:36.0353 1864 EFS - ok
09:17:36.0353 1864 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:17:36.0369 1864 ehRecvr - ok
09:17:36.0369 1864 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:17:36.0369 1864 ehSched - ok
09:17:36.0369 1864 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:17:36.0369 1864 elxstor - ok
09:17:36.0385 1864 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:17:36.0385 1864 ErrDev - ok
09:17:36.0385 1864 [ 3663291D0D26001A2BB67678AB61D14C ] EtronHub3 C:\Windows\System32\Drivers\EtronHub3.sys
09:17:36.0385 1864 EtronHub3 - ok
09:17:36.0385 1864 [ 744420D6C062C38F7361870F010D6D4B ] EtronXHCI C:\Windows\System32\Drivers\EtronXHCI.sys
09:17:36.0385 1864 EtronXHCI - ok
09:17:36.0385 1864 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:17:36.0400 1864 EventSystem - ok
09:17:36.0400 1864 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:17:36.0400 1864 exfat - ok
09:17:36.0400 1864 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:17:36.0400 1864 fastfat - ok
09:17:36.0416 1864 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:17:36.0416 1864 Fax - ok
09:17:36.0416 1864 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:17:36.0416 1864 fdc - ok
09:17:36.0416 1864 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:17:36.0416 1864 fdPHost - ok
09:17:36.0416 1864 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:17:36.0416 1864 FDResPub - ok
09:17:36.0431 1864 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:17:36.0431 1864 FileInfo - ok
09:17:36.0431 1864 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:17:36.0431 1864 Filetrace - ok
09:17:36.0431 1864 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:17:36.0431 1864 flpydisk - ok
09:17:36.0431 1864 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:17:36.0431 1864 FltMgr - ok
09:17:36.0447 1864 [ 4A8D45A1DE1B1E53F81190CA4E437DD6 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
09:17:36.0447 1864 FLxHCIc - ok
09:17:36.0447 1864 [ BB0A3FB710C90D1BC2D78266012C0CF6 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
09:17:36.0447 1864 FLxHCIh - ok
09:17:36.0447 1864 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:17:36.0463 1864 FontCache - ok
09:17:36.0463 1864 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:17:36.0463 1864 FontCache3.0.0.0 - ok
09:17:36.0463 1864 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:17:36.0463 1864 FsDepends - ok
09:17:36.0463 1864 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:17:36.0463 1864 fssfltr - ok
09:17:36.0478 1864 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:17:36.0478 1864 fsssvc - ok
09:17:36.0494 1864 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:17:36.0494 1864 Fs_Rec - ok
09:17:36.0494 1864 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:17:36.0494 1864 fvevol - ok
09:17:36.0494 1864 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:17:36.0494 1864 gagp30kx - ok
09:17:36.0494 1864 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:17:36.0494 1864 GEARAspiWDM - ok
09:17:36.0509 1864 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:17:36.0509 1864 gpsvc - ok
09:17:36.0509 1864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:17:36.0509 1864 gupdate - ok
09:17:36.0509 1864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:17:36.0509 1864 gupdatem - ok
09:17:36.0525 1864 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:17:36.0525 1864 hcw85cir - ok
09:17:36.0525 1864 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:17:36.0525 1864 HdAudAddService - ok
09:17:36.0525 1864 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:17:36.0525 1864 HDAudBus - ok
09:17:36.0525 1864 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:17:36.0541 1864 HidBatt - ok
09:17:36.0541 1864 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:17:36.0541 1864 HidBth - ok
09:17:36.0541 1864 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:17:36.0541 1864 HidIr - ok
09:17:36.0541 1864 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
09:17:36.0541 1864 hidserv - ok
09:17:36.0541 1864 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:17:36.0541 1864 HidUsb - ok
09:17:36.0556 1864 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:17:36.0556 1864 hkmsvc - ok
09:17:36.0556 1864 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:17:36.0556 1864 HomeGroupListener - ok
09:17:36.0556 1864 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:17:36.0556 1864 HomeGroupProvider - ok
09:17:36.0556 1864 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:17:36.0556 1864 HpSAMD - ok
09:17:36.0572 1864 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:17:36.0572 1864 HTTP - ok
09:17:36.0572 1864 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:17:36.0572 1864 hwpolicy - ok
09:17:36.0572 1864 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:17:36.0587 1864 i8042prt - ok
09:17:36.0587 1864 [ DB81EDC524A0F07FC2BD0B7415676528 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
09:17:36.0587 1864 iaStorA - ok
09:17:36.0587 1864 [ 4621FAE7D3C969A1E84A2790D88FCCDE ] iaStorF C:\Windows\system32\drivers\iaStorF.sys
09:17:36.0587 1864 iaStorF - ok
09:17:36.0603 1864 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:17:36.0603 1864 iaStorV - ok
09:17:36.0603 1864 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:17:36.0619 1864 idsvc - ok
09:17:36.0619 1864 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:17:36.0619 1864 iirsp - ok
09:17:36.0619 1864 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:17:36.0634 1864 IKEEXT - ok
09:17:36.0650 1864 [ 26407A11D7E222AFB7CE32700ABBD9D1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:17:36.0665 1864 IntcAzAudAddService - ok
09:17:36.0665 1864 [ 42CEE1BA152FA267AE8587B4DE3B7B28 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
09:17:36.0665 1864 Intel® PROSet Monitoring Service - ok
09:17:36.0665 1864 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:17:36.0665 1864 intelide - ok
09:17:36.0665 1864 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:17:36.0665 1864 intelppm - ok
09:17:36.0681 1864 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:17:36.0681 1864 IPBusEnum - ok
09:17:36.0681 1864 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:17:36.0681 1864 IpFilterDriver - ok
09:17:36.0681 1864 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:17:36.0681 1864 iphlpsvc - ok
09:17:36.0697 1864 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:17:36.0697 1864 IPMIDRV - ok
09:17:36.0697 1864 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:17:36.0697 1864 IPNAT - ok
09:17:36.0697 1864 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:17:36.0712 1864 iPod Service - ok
09:17:36.0712 1864 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:17:36.0712 1864 IRENUM - ok
09:17:36.0712 1864 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:17:36.0712 1864 isapnp - ok
09:17:36.0712 1864 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:17:36.0712 1864 iScsiPrt - ok
09:17:36.0728 1864 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
09:17:36.0728 1864 iusb3hcs - ok
09:17:36.0728 1864 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\drivers\iusb3hub.sys
09:17:36.0728 1864 iusb3hub - ok
09:17:36.0743 1864 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys
09:17:36.0743 1864 iusb3xhc - ok
09:17:36.0743 1864 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:17:36.0743 1864 kbdclass - ok
09:17:36.0743 1864 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:17:36.0743 1864 kbdhid - ok
09:17:36.0743 1864 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:17:36.0743 1864 KeyIso - ok
09:17:36.0759 1864 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:17:36.0759 1864 KSecDD - ok
09:17:36.0759 1864 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:17:36.0759 1864 KSecPkg - ok
09:17:36.0759 1864 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
09:17:36.0759 1864 KSS - ok
09:17:36.0759 1864 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:17:36.0759 1864 ksthunk - ok
09:17:36.0775 1864 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:17:36.0775 1864 KtmRm - ok
09:17:36.0775 1864 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:17:36.0775 1864 LanmanServer - ok
09:17:36.0775 1864 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:17:36.0790 1864 LanmanWorkstation - ok
09:17:36.0790 1864 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:17:36.0790 1864 lltdio - ok
09:17:36.0790 1864 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:17:36.0790 1864 lltdsvc - ok
09:17:36.0790 1864 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:17:36.0790 1864 lmhosts - ok
09:17:36.0806 1864 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:17:36.0806 1864 LSI_FC - ok
09:17:36.0806 1864 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:17:36.0806 1864 LSI_SAS - ok
09:17:36.0806 1864 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:17:36.0806 1864 LSI_SAS2 - ok
09:17:36.0806 1864 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:17:36.0821 1864 LSI_SCSI - ok
09:17:36.0821 1864 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:17:36.0821 1864 luafv - ok
09:17:36.0821 1864 [ E5ECF40E5FD459141E5F6685FFD51804 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys
09:17:36.0821 1864 Lycosa - ok
09:17:36.0821 1864 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:17:36.0821 1864 MBAMProtector - ok
09:17:36.0821 1864 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:17:36.0837 1864 MBAMScheduler - ok
09:17:36.0837 1864 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:17:36.0837 1864 MBAMService - ok
09:17:36.0837 1864 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:17:36.0837 1864 Mcx2Svc - ok
09:17:36.0837 1864 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:17:36.0853 1864 megasas - ok
09:17:36.0853 1864 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:17:36.0853 1864 MegaSR - ok
09:17:36.0853 1864 [ 86614752D2FAE34CCD9E7B2AABA5FBEC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:17:36.0853 1864 MEIx64 - ok
09:17:36.0853 1864 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:17:36.0853 1864 MMCSS - ok
09:17:36.0868 1864 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:17:36.0868 1864 Modem - ok
09:17:36.0868 1864 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:17:36.0868 1864 monitor - ok
09:17:36.0868 1864 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:17:36.0868 1864 mouclass - ok
09:17:36.0868 1864 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:17:36.0868 1864 mouhid - ok
09:17:36.0868 1864 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:17:36.0868 1864 mountmgr - ok
09:17:36.0868 1864 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:17:36.0884 1864 MozillaMaintenance - ok
09:17:36.0884 1864 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:17:36.0884 1864 MpFilter - ok
09:17:36.0884 1864 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:17:36.0884 1864 mpio - ok
09:17:36.0884 1864 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:17:36.0884 1864 mpsdrv - ok
09:17:36.0899 1864 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:17:36.0899 1864 MpsSvc - ok
09:17:36.0899 1864 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:17:36.0899 1864 MRxDAV - ok
09:17:36.0915 1864 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:17:36.0915 1864 mrxsmb - ok
09:17:36.0915 1864 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:17:36.0915 1864 mrxsmb10 - ok
09:17:36.0915 1864 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:17:36.0915 1864 mrxsmb20 - ok
09:17:36.0915 1864 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:17:36.0915 1864 msahci - ok
09:17:36.0931 1864 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:17:36.0931 1864 msdsm - ok
09:17:36.0931 1864 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:17:36.0931 1864 MSDTC - ok
09:17:36.0931 1864 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:17:36.0931 1864 Msfs - ok
09:17:36.0931 1864 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:17:36.0931 1864 mshidkmdf - ok
09:17:36.0946 1864 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:17:36.0946 1864 msisadrv - ok
09:17:36.0946 1864 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:17:36.0946 1864 MSiSCSI - ok
09:17:36.0946 1864 msiserver - ok
09:17:36.0946 1864 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:17:36.0946 1864 MSKSSRV - ok
09:17:36.0946 1864 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:17:36.0946 1864 MsMpSvc - ok
09:17:36.0962 1864 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:17:36.0962 1864 MSPCLOCK - ok
09:17:36.0962 1864 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:17:36.0962 1864 MSPQM - ok
09:17:36.0962 1864 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:17:36.0962 1864 MsRPC - ok
09:17:36.0962 1864 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:17:36.0962 1864 mssmbios - ok
09:17:36.0977 1864 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:17:36.0977 1864 MSTEE - ok
09:17:36.0977 1864 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:17:36.0977 1864 MTConfig - ok
09:17:36.0977 1864 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:17:36.0977 1864 Mup - ok
09:17:36.0977 1864 [ 56616652CFE590E2C936C72DF6094B88 ] mv91cons C:\Windows\system32\drivers\mv91cons.sys
09:17:36.0977 1864 mv91cons - ok
09:17:36.0977 1864 [ 97CCA67FCDABB8441149F04B34ABF510 ] mvs91xx C:\Windows\system32\drivers\mvs91xx.sys
09:17:36.0993 1864 mvs91xx - ok
09:17:36.0993 1864 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:17:36.0993 1864 napagent - ok
09:17:36.0993 1864 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:17:36.0993 1864 NativeWifiP - ok
09:17:37.0009 1864 ncvet.dll - ok
09:17:37.0009 1864 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:17:37.0009 1864 NDIS - ok
09:17:37.0024 1864 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:17:37.0024 1864 NdisCap - ok
09:17:37.0024 1864 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:17:37.0024 1864 NdisTapi - ok
09:17:37.0024 1864 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:17:37.0024 1864 Ndisuio - ok
09:17:37.0024 1864 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:17:37.0024 1864 NdisWan - ok
09:17:37.0024 1864 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:17:37.0024 1864 NDProxy - ok
09:17:37.0040 1864 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
09:17:37.0040 1864 Netaapl - ok
09:17:37.0040 1864 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:17:37.0040 1864 NetBIOS - ok
09:17:37.0040 1864 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:17:37.0040 1864 NetBT - ok
09:17:37.0040 1864 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:17:37.0040 1864 Netlogon - ok
09:17:37.0055 1864 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:17:37.0055 1864 Netman - ok
09:17:37.0055 1864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:17:37.0055 1864 NetMsmqActivator - ok
09:17:37.0055 1864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:17:37.0055 1864 NetPipeActivator - ok
09:17:37.0071 1864 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:17:37.0071 1864 netprofm - ok
09:17:37.0071 1864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:17:37.0071 1864 NetTcpActivator - ok
09:17:37.0071 1864 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:17:37.0071 1864 NetTcpPortSharing - ok
09:17:37.0071 1864 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:17:37.0071 1864 nfrd960 - ok
09:17:37.0071 1864 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:17:37.0087 1864 NisDrv - ok
09:17:37.0087 1864 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:17:37.0087 1864 NisSrv - ok
09:17:37.0087 1864 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:17:37.0087 1864 NlaSvc - ok
09:17:37.0087 1864 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:17:37.0087 1864 Npfs - ok
09:17:37.0102 1864 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:17:37.0102 1864 nsi - ok
09:17:37.0102 1864 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:17:37.0102 1864 nsiproxy - ok
09:17:37.0118 1864 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:17:37.0133 1864 Ntfs - ok
09:17:37.0133 1864 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:17:37.0133 1864 Null - ok
09:17:37.0133 1864 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
09:17:37.0133 1864 nusb3hub - ok
09:17:37.0133 1864 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
09:17:37.0133 1864 nusb3xhc - ok
09:17:37.0149 1864 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
09:17:37.0149 1864 NVHDA - ok
09:17:37.0227 1864 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:17:37.0274 1864 nvlddmkm - ok
09:17:37.0289 1864 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:17:37.0289 1864 nvraid - ok
09:17:37.0289 1864 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:17:37.0289 1864 nvstor - ok
09:17:37.0305 1864 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
09:17:37.0305 1864 nvsvc - ok
09:17:37.0321 1864 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:17:37.0321 1864 nvUpdatusService - ok
09:17:37.0321 1864 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:17:37.0321 1864 nv_agp - ok
09:17:37.0321 1864 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:17:37.0321 1864 ohci1394 - ok
09:17:37.0336 1864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:17:37.0336 1864 p2pimsvc - ok
09:17:37.0336 1864 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:17:37.0336 1864 p2psvc - ok
09:17:37.0352 1864 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:17:37.0352 1864 Parport - ok
09:17:37.0352 1864 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:17:37.0352 1864 partmgr - ok
09:17:37.0352 1864 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:17:37.0352 1864 PcaSvc - ok
09:17:37.0352 1864 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:17:37.0352 1864 pci - ok
09:17:37.0367 1864 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:17:37.0367 1864 pciide - ok
09:17:37.0367 1864 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:17:37.0367 1864 pcmcia - ok
09:17:37.0367 1864 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:17:37.0367 1864 pcw - ok
09:17:37.0383 1864 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:17:37.0383 1864 PEAUTH - ok
09:17:37.0383 1864 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:17:37.0399 1864 PeerDistSvc - ok
09:17:37.0414 1864 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:17:37.0414 1864 PerfHost - ok
09:17:37.0445 1864 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:17:37.0461 1864 pla - ok
09:17:37.0461 1864 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:17:37.0461 1864 PlugPlay - ok
09:17:37.0461 1864 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:17:37.0461 1864 PNRPAutoReg - ok
09:17:37.0477 1864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:17:37.0477 1864 PNRPsvc - ok
09:17:37.0477 1864 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:17:37.0477 1864 PolicyAgent - ok
09:17:37.0477 1864 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:17:37.0492 1864 Power - ok
09:17:37.0492 1864 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:17:37.0492 1864 PptpMiniport - ok
09:17:37.0492 1864 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:17:37.0492 1864 Processor - ok
09:17:37.0492 1864 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:17:37.0492 1864 ProfSvc - ok
09:17:37.0508 1864 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:17:37.0508 1864 ProtectedStorage - ok
09:17:37.0508 1864 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:17:37.0508 1864 Psched - ok
09:17:37.0523 1864 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:17:37.0523 1864 ql2300 - ok
09:17:37.0539 1864 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:17:37.0539 1864 ql40xx - ok
09:17:37.0539 1864 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:17:37.0539 1864 QWAVE - ok
09:17:37.0539 1864 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:17:37.0539 1864 QWAVEdrv - ok
09:17:37.0555 1864 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:17:37.0555 1864 RasAcd - ok
09:17:37.0555 1864 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:17:37.0555 1864 RasAgileVpn - ok
09:17:37.0555 1864 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:17:37.0555 1864 RasAuto - ok
09:17:37.0555 1864 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:17:37.0555 1864 Rasl2tp - ok
09:17:37.0570 1864 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:17:37.0570 1864 RasMan - ok
09:17:37.0570 1864 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:17:37.0570 1864 RasPppoe - ok
09:17:37.0570 1864 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:17:37.0570 1864 RasSstp - ok
09:17:37.0570 1864 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:17:37.0586 1864 rdbss - ok
09:17:37.0586 1864 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:17:37.0586 1864 rdpbus - ok
09:17:37.0586 1864 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:17:37.0586 1864 RDPCDD - ok
09:17:37.0586 1864 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:17:37.0586 1864 RDPDR - ok
09:17:37.0586 1864 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:17:37.0586 1864 RDPENCDD - ok
09:17:37.0601 1864 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:17:37.0601 1864 RDPREFMP - ok
09:17:37.0601 1864 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:17:37.0601 1864 RDPWD - ok
09:17:37.0601 1864 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:17:37.0601 1864 rdyboost - ok
09:17:37.0617 1864 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:17:37.0617 1864 RemoteAccess - ok
09:17:37.0617 1864 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:17:37.0617 1864 RemoteRegistry - ok
09:17:37.0617 1864 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
09:17:37.0617 1864 Revoflt - ok
09:17:37.0617 1864 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:17:37.0617 1864 RpcEptMapper - ok
09:17:37.0633 1864 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:17:37.0633 1864 RpcLocator - ok
09:17:37.0633 1864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
09:17:37.0633 1864 RpcSs - ok
09:17:37.0633 1864 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:17:37.0633 1864 rspndr - ok
09:17:37.0648 1864 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:17:37.0648 1864 s3cap - ok
09:17:37.0648 1864 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:17:37.0648 1864 SamSs - ok
09:17:37.0648 1864 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:17:37.0648 1864 sbp2port - ok
09:17:37.0648 1864 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:17:37.0648 1864 SCardSvr - ok
09:17:37.0664 1864 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:17:37.0664 1864 scfilter - ok
09:17:37.0664 1864 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:17:37.0664 1864 Schedule - ok
09:17:37.0679 1864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:17:37.0679 1864 SCPolicySvc - ok
09:17:37.0679 1864 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:17:37.0679 1864 SDRSVC - ok
09:17:37.0679 1864 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:17:37.0679 1864 secdrv - ok
09:17:37.0679 1864 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:17:37.0695 1864 seclogon - ok
09:17:37.0695 1864 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
09:17:37.0695 1864 SENS - ok
09:17:37.0695 1864 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:17:37.0695 1864 SensrSvc - ok
09:17:37.0695 1864 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:17:37.0695 1864 Serenum - ok
09:17:37.0695 1864 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:17:37.0695 1864 Serial - ok
09:17:37.0711 1864 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:17:37.0711 1864 sermouse - ok
09:17:37.0711 1864 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:17:37.0711 1864 SessionEnv - ok
09:17:37.0711 1864 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:17:37.0711 1864 sffdisk - ok
09:17:37.0711 1864 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:17:37.0711 1864 sffp_mmc - ok
09:17:37.0726 1864 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:17:37.0726 1864 sffp_sd - ok
09:17:37.0726 1864 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:17:37.0726 1864 sfloppy - ok
09:17:37.0726 1864 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:17:37.0726 1864 SharedAccess - ok
09:17:37.0726 1864 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:17:37.0742 1864 ShellHWDetection - ok
09:17:37.0742 1864 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:17:37.0742 1864 SiSRaid2 - ok
09:17:37.0742 1864 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:17:37.0742 1864 SiSRaid4 - ok
09:17:37.0742 1864 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:17:37.0742 1864 Smb - ok
09:17:37.0757 1864 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:17:37.0757 1864 SNMPTRAP - ok
09:17:37.0757 1864 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:17:37.0757 1864 spldr - ok
09:17:37.0757 1864 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:17:37.0757 1864 Spooler - ok
09:17:37.0789 1864 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:17:37.0804 1864 sppsvc - ok
09:17:37.0804 1864 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:17:37.0804 1864 sppuinotify - ok
09:17:37.0820 1864 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:17:37.0820 1864 srv - ok
09:17:37.0820 1864 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:17:37.0820 1864 srv2 - ok
09:17:37.0835 1864 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:17:37.0835 1864 srvnet - ok
09:17:37.0835 1864 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:17:37.0851 1864 SSDPSRV - ok
09:17:37.0851 1864 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:17:37.0851 1864 SstpSvc - ok
09:17:37.0851 1864 Steam Client Service - ok
09:17:37.0867 1864 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:17:37.0867 1864 Stereo Service - ok
09:17:37.0867 1864 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:17:37.0867 1864 stexstor - ok
09:17:37.0867 1864 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:17:37.0867 1864 stisvc - ok
09:17:37.0882 1864 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:17:37.0882 1864 storflt - ok
09:17:37.0882 1864 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
09:17:37.0882 1864 StorSvc - ok
09:17:37.0882 1864 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:17:37.0882 1864 storvsc - ok
09:17:37.0882 1864 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:17:37.0882 1864 swenum - ok
09:17:37.0898 1864 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:17:37.0898 1864 swprv - ok
09:17:37.0913 1864 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:17:37.0913 1864 SysMain - ok
09:17:37.0913 1864 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:17:37.0913 1864 TabletInputService - ok
09:17:37.0929 1864 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:17:37.0929 1864 TapiSrv - ok
09:17:37.0929 1864 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:17:37.0929 1864 TBS - ok
09:17:37.0945 1864 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:17:37.0960 1864 Tcpip - ok
09:17:37.0976 1864 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:17:37.0976 1864 TCPIP6 - ok
09:17:37.0991 1864 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:17:37.0991 1864 tcpipreg - ok
09:17:37.0991 1864 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:17:37.0991 1864 TDPIPE - ok
09:17:37.0991 1864 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:17:37.0991 1864 TDTCP - ok
09:17:37.0991 1864 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:17:37.0991 1864 tdx - ok
09:17:37.0991 1864 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:17:37.0991 1864 TermDD - ok
09:17:38.0007 1864 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:17:38.0007 1864 TermService - ok
09:17:38.0007 1864 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:17:38.0007 1864 Themes - ok
09:17:38.0023 1864 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:17:38.0023 1864 THREADORDER - ok
09:17:38.0023 1864 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:17:38.0023 1864 TrkWks - ok
09:17:38.0023 1864 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:17:38.0023 1864 TrustedInstaller - ok
09:17:38.0023 1864 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:17:38.0023 1864 tssecsrv - ok
09:17:38.0038 1864 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:17:38.0038 1864 TsUsbFlt - ok
09:17:38.0038 1864 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:17:38.0038 1864 TsUsbGD - ok
09:17:38.0054 1864 [ BA1EE944D5A06CC4A8DD51546BBA6547 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
09:17:38.0069 1864 TuneUp.UtilitiesSvc - ok
09:17:38.0069 1864 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
09:17:38.0069 1864 TuneUpUtilitiesDrv - ok
09:17:38.0069 1864 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:17:38.0069 1864 tunnel - ok
09:17:38.0069 1864 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:17:38.0069 1864 uagp35 - ok
09:17:38.0069 1864 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:17:38.0085 1864 udfs - ok
09:17:38.0085 1864 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:17:38.0085 1864 UI0Detect - ok
09:17:38.0085 1864 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:17:38.0085 1864 uliagpkx - ok
09:17:38.0085 1864 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:17:38.0085 1864 umbus - ok
09:17:38.0101 1864 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:17:38.0101 1864 UmPass - ok
09:17:38.0101 1864 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:17:38.0101 1864 UmRdpService - ok
09:17:38.0101 1864 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:17:38.0101 1864 upnphost - ok
09:17:38.0116 1864 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:17:38.0116 1864 USBAAPL64 - ok
09:17:38.0116 1864 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:17:38.0116 1864 usbccgp - ok
09:17:38.0116 1864 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:17:38.0116 1864 usbcir - ok
09:17:38.0116 1864 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:17:38.0116 1864 usbehci - ok
09:17:38.0132 1864 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:17:38.0132 1864 usbhub - ok
09:17:38.0132 1864 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:17:38.0132 1864 usbohci - ok
09:17:38.0132 1864 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
09:17:38.0132 1864 usbprint - ok
09:17:38.0132 1864 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:17:38.0132 1864 USBSTOR - ok
09:17:38.0132 1864 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:17:38.0132 1864 usbuhci - ok
09:17:38.0147 1864 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:17:38.0147 1864 UxSms - ok
09:17:38.0147 1864 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:17:38.0147 1864 VaultSvc - ok
09:17:38.0147 1864 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:17:38.0147 1864 vdrvroot - ok
09:17:38.0147 1864 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:17:38.0163 1864 vds - ok
09:17:38.0163 1864 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:17:38.0163 1864 vga - ok
09:17:38.0163 1864 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:17:38.0163 1864 VgaSave - ok
09:17:38.0163 1864 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:17:38.0163 1864 vhdmp - ok
09:17:38.0179 1864 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:17:38.0179 1864 viaide - ok
09:17:38.0179 1864 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:17:38.0179 1864 vmbus - ok
09:17:38.0179 1864 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:17:38.0179 1864 VMBusHID - ok
09:17:38.0179 1864 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:17:38.0179 1864 volmgr - ok
09:17:38.0194 1864 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:17:38.0194 1864 volmgrx - ok
09:17:38.0194 1864 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:17:38.0194 1864 volsnap - ok
09:17:38.0194 1864 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:17:38.0194 1864 vsmraid - ok
09:17:38.0210 1864 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:17:38.0225 1864 VSS - ok
09:17:38.0225 1864 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
09:17:38.0225 1864 vToolbarUpdater12.2.0 - ok
09:17:38.0241 1864 [ 316A1762BD41C3DB06EB484527838E2D ] VUSB3HUB C:\Windows\system32\drivers\ViaHub3.sys
09:17:38.0241 1864 VUSB3HUB - ok
09:17:38.0241 1864 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:17:38.0241 1864 vwifibus - ok
09:17:38.0241 1864 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:17:38.0241 1864 W32Time - ok
09:17:38.0257 1864 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:17:38.0257 1864 WacomPen - ok
09:17:38.0257 1864 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:17:38.0257 1864 WANARP - ok
09:17:38.0257 1864 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:17:38.0257 1864 Wanarpv6 - ok
09:17:38.0272 1864 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:17:38.0272 1864 WatAdminSvc - ok
09:17:38.0288 1864 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:17:38.0303 1864 wbengine - ok
09:17:38.0303 1864 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:17:38.0303 1864 WbioSrvc - ok
09:17:38.0319 1864 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:17:38.0319 1864 wcncsvc - ok
09:17:38.0319 1864 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:17:38.0319 1864 WcsPlugInService - ok
09:17:38.0319 1864 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:17:38.0319 1864 Wd - ok
09:17:38.0335 1864 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:17:38.0335 1864 Wdf01000 - ok
09:17:38.0335 1864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:17:38.0335 1864 WdiServiceHost - ok
09:17:38.0350 1864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:17:38.0350 1864 WdiSystemHost - ok
09:17:38.0350 1864 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:17:38.0350 1864 WebClient - ok
09:17:38.0350 1864 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:17:38.0350 1864 Wecsvc - ok
09:17:38.0366 1864 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:17:38.0366 1864 wercplsupport - ok
09:17:38.0366 1864 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:17:38.0366 1864 WerSvc - ok
09:17:38.0366 1864 [ EA8753F5A7DFC98FC9FBE286D7C2443A ] wfcs C:\Program Files\Windows Firewall Control\wfcs.exe
09:17:38.0366 1864 wfcs - ok
09:17:38.0366 1864 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:17:38.0381 1864 WfpLwf - ok
09:17:38.0381 1864 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:17:38.0381 1864 WIMMount - ok
09:17:38.0381 1864 WinDefend - ok
09:17:38.0381 1864 WinHttpAutoProxySvc - ok
09:17:38.0381 1864 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:17:38.0381 1864 Winmgmt - ok
09:17:38.0397 1864 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:17:38.0413 1864 WinRM - ok
09:17:38.0428 1864 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:17:38.0428 1864 WinUsb - ok
09:17:38.0428 1864 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:17:38.0428 1864 Wlansvc - ok
09:17:38.0444 1864 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:17:38.0444 1864 wlcrasvc - ok
09:17:38.0459 1864 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:17:38.0459 1864 wlidsvc - ok
09:17:38.0475 1864 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:17:38.0475 1864 WmiAcpi - ok
09:17:38.0475 1864 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:17:38.0475 1864 wmiApSrv - ok
09:17:38.0475 1864 WMPNetworkSvc - ok
09:17:38.0475 1864 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:17:38.0475 1864 WPCSvc - ok
09:17:38.0475 1864 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:17:38.0491 1864 WPDBusEnum - ok
09:17:38.0491 1864 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:17:38.0491 1864 ws2ifsl - ok
09:17:38.0491 1864 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
09:17:38.0491 1864 wscsvc - ok
09:17:38.0491 1864 WSearch - ok
09:17:38.0506 1864 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:17:38.0522 1864 wuauserv - ok
09:17:38.0522 1864 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:17:38.0522 1864 WudfPf - ok
09:17:38.0522 1864 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:17:38.0537 1864 WUDFRd - ok
09:17:38.0537 1864 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:17:38.0537 1864 wudfsvc - ok
09:17:38.0537 1864 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:17:38.0537 1864 WwanSvc - ok
09:17:38.0553 1864 [ FFDB0ED9D1D453F7F19DE55FE0706195 ] xhcdrv C:\Windows\system32\drivers\xhcdrv.sys
09:17:38.0553 1864 xhcdrv - ok
09:17:38.0553 1864 ================ Scan global ===============================
09:17:38.0553 1864 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:17:38.0553 1864 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:17:38.0569 1864 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:17:38.0569 1864 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:17:38.0569 1864 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:17:38.0569 1864 [Global] - ok
09:17:38.0569 1864 ================ Scan MBR ==================================
09:17:38.0569 1864 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:17:38.0647 1864 \Device\Harddisk0\DR0 - ok
09:17:38.0647 1864 ================ Scan VBR ==================================
09:17:38.0647 1864 [ 9B9892DE12AB22ECD359F70671573868 ] \Device\Harddisk0\DR0\Partition1
09:17:38.0647 1864 \Device\Harddisk0\DR0\Partition1 - ok
09:17:38.0647 1864 [ 552DFAF900E91AA73FFEF89E4B9EF27E ] \Device\Harddisk0\DR0\Partition2
09:17:38.0647 1864 \Device\Harddisk0\DR0\Partition2 - ok
09:17:38.0647 1864 ============================================================
09:17:38.0647 1864 Scan finished
09:17:38.0647 1864 ============================================================
09:17:38.0647 3212 Detected object count: 0
09:17:38.0647 3212 Actual detected object count: 0

#15 aquaviva

aquaviva
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 01 October 2012 - 02:19 AM

Everything is running just smoothly... No problems




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users