Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up/Re direct virus


  • Please log in to reply
17 replies to this topic

#1 trevorisonfire

trevorisonfire

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 10 October 2012 - 08:28 PM

I've been trying to get rid of this virus when I click on a link it re directs sometimes to a site that has to do with the site i actually wanted or sometimes it say re direct as the url and list other sites in blue font and 1 out of 3 websites there a pop ad either on the left or right corner as a video just an add or a phone usually when I'm on youtube itll be pornagraphic ads and I just want to get rid of it I tried all the other things on the other topics and forums malware tdss aswmbr norton eraser tool and still havent gotten rid of it I would appreciate the help I'm running on 64 hp windows

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:22 PM

Posted 10 October 2012 - 08:31 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 trevorisonfire

trevorisonfire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 17 October 2012 - 06:12 AM

TDDS KILLER LOG
19:54:47.0175 5336 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:54:49.0180 5336 ============================================================
19:54:49.0180 5336 Current date / time: 2012/10/16 19:54:49.0180
19:54:49.0180 5336 SystemInfo:
19:54:49.0180 5336
19:54:49.0180 5336 OS Version: 6.1.7601 ServicePack: 1.0
19:54:49.0180 5336 Product type: Workstation
19:54:49.0180 5336 ComputerName: BEARKIN-HP
19:54:49.0180 5336 UserName: bearkin
19:54:49.0180 5336 Windows directory: C:\Windows
19:54:49.0180 5336 System windows directory: C:\Windows
19:54:49.0180 5336 Running under WOW64
19:54:49.0180 5336 Processor architecture: Intel x64
19:54:49.0180 5336 Number of processors: 4
19:54:49.0180 5336 Page size: 0x1000
19:54:49.0180 5336 Boot type: Normal boot
19:54:49.0180 5336 ============================================================
19:54:49.0893 5336 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:54:49.0902 5336 ============================================================
19:54:49.0902 5336 \Device\Harddisk0\DR0:
19:54:49.0903 5336 MBR partitions:
19:54:49.0903 5336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:54:49.0903 5336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380E8800
19:54:49.0903 5336 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3814C800, BlocksNum 0x2205800
19:54:49.0903 5336 ============================================================
19:54:49.0952 5336 C: <-> \Device\Harddisk0\DR0\Partition2
19:54:49.0994 5336 D: <-> \Device\Harddisk0\DR0\Partition3
19:54:49.0994 5336 ============================================================
19:54:49.0994 5336 Initialize success
19:54:49.0994 5336 ============================================================
19:55:06.0797 4028 ============================================================
19:55:06.0798 4028 Scan started
19:55:06.0798 4028 Mode: Manual; TDLFS;
19:55:06.0798 4028 ============================================================
19:55:08.0601 4028 ================ Scan system memory ========================
19:55:08.0601 4028 System memory - ok
19:55:08.0602 4028 ================ Scan services =============================
19:55:09.0016 4028 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:55:09.0021 4028 1394ohci - ok
19:55:09.0073 4028 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:55:09.0079 4028 ACPI - ok
19:55:09.0141 4028 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:55:09.0142 4028 AcpiPmi - ok
19:55:09.0297 4028 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:09.0304 4028 AdobeFlashPlayerUpdateSvc - ok
19:55:09.0360 4028 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:55:09.0369 4028 adp94xx - ok
19:55:09.0421 4028 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:55:09.0427 4028 adpahci - ok
19:55:09.0468 4028 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:55:09.0471 4028 adpu320 - ok
19:55:09.0504 4028 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:55:09.0506 4028 AeLookupSvc - ok
19:55:09.0583 4028 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:55:09.0586 4028 AERTFilters - ok
19:55:09.0643 4028 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:55:09.0653 4028 AFD - ok
19:55:09.0731 4028 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:55:09.0765 4028 AgereSoftModem - ok
19:55:09.0809 4028 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:55:09.0811 4028 agp440 - ok
19:55:09.0862 4028 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:55:09.0864 4028 ALG - ok
19:55:09.0898 4028 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:55:09.0900 4028 aliide - ok
19:55:09.0932 4028 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:55:09.0933 4028 amdide - ok
19:55:09.0971 4028 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:55:09.0973 4028 AmdK8 - ok
19:55:09.0988 4028 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:55:09.0990 4028 AmdPPM - ok
19:55:10.0029 4028 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:55:10.0031 4028 amdsata - ok
19:55:10.0062 4028 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:55:10.0067 4028 amdsbs - ok
19:55:10.0089 4028 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:55:10.0090 4028 amdxata - ok
19:55:10.0157 4028 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:55:10.0159 4028 AppID - ok
19:55:10.0194 4028 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:55:10.0196 4028 AppIDSvc - ok
19:55:10.0247 4028 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:55:10.0249 4028 Appinfo - ok
19:55:10.0356 4028 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:55:10.0358 4028 Apple Mobile Device - ok
19:55:10.0399 4028 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:55:10.0401 4028 arc - ok
19:55:10.0423 4028 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:55:10.0425 4028 arcsas - ok
19:55:10.0453 4028 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:55:10.0454 4028 AsyncMac - ok
19:55:10.0501 4028 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:55:10.0502 4028 atapi - ok
19:55:10.0578 4028 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:55:10.0624 4028 athr - ok
19:55:10.0701 4028 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:55:10.0717 4028 AudioEndpointBuilder - ok
19:55:10.0736 4028 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:55:10.0744 4028 AudioSrv - ok
19:55:10.0814 4028 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:55:10.0816 4028 AxInstSV - ok
19:55:10.0872 4028 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:55:10.0881 4028 b06bdrv - ok
19:55:10.0943 4028 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:55:10.0948 4028 b57nd60a - ok
19:55:11.0061 4028 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:55:11.0099 4028 BCM43XX - ok
19:55:11.0169 4028 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:55:11.0171 4028 BDESVC - ok
19:55:11.0229 4028 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:55:11.0229 4028 Beep - ok
19:55:11.0271 4028 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:55:11.0272 4028 blbdrive - ok
19:55:11.0333 4028 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:55:11.0341 4028 Bonjour Service - ok
19:55:11.0390 4028 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:55:11.0392 4028 bowser - ok
19:55:11.0432 4028 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:55:11.0434 4028 BrFiltLo - ok
19:55:11.0451 4028 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:55:11.0453 4028 BrFiltUp - ok
19:55:11.0505 4028 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:55:11.0509 4028 Browser - ok
19:55:11.0544 4028 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:55:11.0549 4028 Brserid - ok
19:55:11.0578 4028 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:55:11.0580 4028 BrSerWdm - ok
19:55:11.0589 4028 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:55:11.0590 4028 BrUsbMdm - ok
19:55:11.0604 4028 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:55:11.0605 4028 BrUsbSer - ok
19:55:11.0651 4028 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:55:11.0652 4028 BthEnum - ok
19:55:11.0681 4028 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:55:11.0683 4028 BTHMODEM - ok
19:55:11.0712 4028 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:55:11.0715 4028 BthPan - ok
19:55:11.0761 4028 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:55:11.0769 4028 BTHPORT - ok
19:55:11.0826 4028 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:55:11.0828 4028 bthserv - ok
19:55:11.0878 4028 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:55:11.0880 4028 BTHUSB - ok
19:55:11.0900 4028 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:55:11.0902 4028 cdfs - ok
19:55:11.0964 4028 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:55:11.0967 4028 cdrom - ok
19:55:12.0014 4028 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:55:12.0016 4028 CertPropSvc - ok
19:55:12.0049 4028 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
19:55:12.0052 4028 CinemaNow Service - ok
19:55:12.0091 4028 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:55:12.0093 4028 circlass - ok
19:55:12.0130 4028 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:55:12.0136 4028 CLFS - ok
19:55:12.0209 4028 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:12.0211 4028 clr_optimization_v2.0.50727_32 - ok
19:55:12.0273 4028 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:55:12.0275 4028 clr_optimization_v2.0.50727_64 - ok
19:55:12.0352 4028 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:12.0378 4028 clr_optimization_v4.0.30319_32 - ok
19:55:12.0412 4028 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:55:12.0415 4028 clr_optimization_v4.0.30319_64 - ok
19:55:12.0450 4028 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:55:12.0451 4028 CmBatt - ok
19:55:12.0483 4028 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:55:12.0485 4028 cmdide - ok
19:55:12.0537 4028 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:55:12.0547 4028 CNG - ok
19:55:12.0615 4028 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:55:12.0615 4028 Compbatt - ok
19:55:12.0699 4028 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:55:12.0700 4028 CompositeBus - ok
19:55:12.0725 4028 COMSysApp - ok
19:55:12.0763 4028 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:55:12.0765 4028 crcdisk - ok
19:55:12.0831 4028 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:55:12.0835 4028 CryptSvc - ok
19:55:12.0967 4028 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:55:12.0984 4028 cvhsvc - ok
19:55:13.0051 4028 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:55:13.0060 4028 DcomLaunch - ok
19:55:13.0103 4028 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:55:13.0109 4028 defragsvc - ok
19:55:13.0157 4028 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:55:13.0160 4028 DfsC - ok
19:55:13.0211 4028 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:55:13.0217 4028 Dhcp - ok
19:55:13.0259 4028 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:55:13.0260 4028 discache - ok
19:55:13.0289 4028 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:55:13.0290 4028 Disk - ok
19:55:13.0337 4028 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:55:13.0343 4028 Dnscache - ok
19:55:13.0390 4028 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:55:13.0396 4028 dot3svc - ok
19:55:13.0438 4028 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:55:13.0442 4028 DPS - ok
19:55:13.0464 4028 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:55:13.0465 4028 drmkaud - ok
19:55:13.0531 4028 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:55:13.0544 4028 DXGKrnl - ok
19:55:13.0577 4028 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:55:13.0580 4028 EapHost - ok
19:55:13.0705 4028 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:55:13.0804 4028 ebdrv - ok
19:55:13.0839 4028 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:55:13.0841 4028 EFS - ok
19:55:13.0914 4028 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:55:13.0925 4028 ehRecvr - ok
19:55:13.0952 4028 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:55:13.0955 4028 ehSched - ok
19:55:13.0996 4028 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:55:14.0006 4028 elxstor - ok
19:55:14.0049 4028 EraserUtilDrv11120 - ok
19:55:14.0067 4028 EraserUtilDrvI13 - ok
19:55:14.0088 4028 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:55:14.0089 4028 ErrDev - ok
19:55:14.0148 4028 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:55:14.0156 4028 EventSystem - ok
19:55:14.0188 4028 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:55:14.0192 4028 exfat - ok
19:55:14.0214 4028 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:55:14.0219 4028 fastfat - ok
19:55:14.0288 4028 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:55:14.0305 4028 Fax - ok
19:55:14.0335 4028 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:55:14.0337 4028 fdc - ok
19:55:14.0364 4028 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:55:14.0366 4028 fdPHost - ok
19:55:14.0381 4028 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:55:14.0383 4028 FDResPub - ok
19:55:14.0402 4028 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:55:14.0403 4028 FileInfo - ok
19:55:14.0431 4028 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:55:14.0432 4028 Filetrace - ok
19:55:14.0452 4028 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:55:14.0454 4028 flpydisk - ok
19:55:14.0513 4028 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:55:14.0518 4028 FltMgr - ok
19:55:14.0603 4028 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:55:14.0639 4028 FontCache - ok
19:55:14.0689 4028 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:55:14.0690 4028 FontCache3.0.0.0 - ok
19:55:14.0713 4028 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:55:14.0715 4028 FsDepends - ok
19:55:14.0747 4028 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:55:14.0748 4028 Fs_Rec - ok
19:55:14.0788 4028 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:55:14.0792 4028 fvevol - ok
19:55:14.0829 4028 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:55:14.0832 4028 gagp30kx - ok
19:55:14.0896 4028 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:55:14.0900 4028 GamesAppService - ok
19:55:14.0949 4028 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:55:14.0949 4028 GEARAspiWDM - ok
19:55:15.0008 4028 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:55:15.0029 4028 gpsvc - ok
19:55:15.0115 4028 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:15.0118 4028 gupdate - ok
19:55:15.0148 4028 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:15.0150 4028 gupdatem - ok
19:55:15.0190 4028 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:55:15.0192 4028 hcw85cir - ok
19:55:15.0243 4028 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:55:15.0250 4028 HdAudAddService - ok
19:55:15.0281 4028 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:55:15.0283 4028 HDAudBus - ok
19:55:15.0313 4028 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:55:15.0314 4028 HECIx64 - ok
19:55:15.0347 4028 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:55:15.0348 4028 HidBatt - ok
19:55:15.0365 4028 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:55:15.0368 4028 HidBth - ok
19:55:15.0391 4028 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:55:15.0393 4028 HidIr - ok
19:55:15.0421 4028 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:55:15.0423 4028 hidserv - ok
19:55:15.0478 4028 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:55:15.0479 4028 HidUsb - ok
19:55:15.0513 4028 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:55:15.0518 4028 hkmsvc - ok
19:55:15.0553 4028 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:55:15.0559 4028 HomeGroupListener - ok
19:55:15.0591 4028 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:55:15.0597 4028 HomeGroupProvider - ok
19:55:15.0691 4028 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:55:15.0693 4028 HP Support Assistant Service - ok
19:55:15.0761 4028 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
19:55:15.0763 4028 HP Wireless Assistant Service - ok
19:55:15.0818 4028 [ D17F9E527F01770BD04A9223BC40EC22 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:55:15.0822 4028 HPDrvMntSvc.exe - ok
19:55:15.0871 4028 [ 0955C23C041451FB4E7099D6B2CF1C06 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:55:15.0905 4028 hpqwmiex - ok
19:55:15.0950 4028 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:55:15.0952 4028 HpSAMD - ok
19:55:16.0015 4028 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:55:16.0016 4028 HPWMISVC - ok
19:55:16.0072 4028 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:55:16.0089 4028 HTTP - ok
19:55:16.0131 4028 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:55:16.0131 4028 hwpolicy - ok
19:55:16.0181 4028 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:55:16.0184 4028 i8042prt - ok
19:55:16.0234 4028 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:55:16.0241 4028 iaStor - ok
19:55:16.0319 4028 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:55:16.0320 4028 IAStorDataMgrSvc - ok
19:55:16.0357 4028 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:55:16.0365 4028 iaStorV - ok
19:55:16.0441 4028 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:55:16.0463 4028 idsvc - ok
19:55:16.0752 4028 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:55:17.0023 4028 igfx - ok
19:55:17.0069 4028 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:55:17.0070 4028 iirsp - ok
19:55:17.0131 4028 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:55:17.0163 4028 IKEEXT - ok
19:55:17.0275 4028 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:55:17.0309 4028 IntcAzAudAddService - ok
19:55:17.0378 4028 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:55:17.0383 4028 IntcDAud - ok
19:55:17.0411 4028 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:55:17.0412 4028 intelide - ok
19:55:17.0447 4028 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:55:17.0448 4028 intelppm - ok
19:55:17.0483 4028 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:55:17.0486 4028 IPBusEnum - ok
19:55:17.0522 4028 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:17.0527 4028 IpFilterDriver - ok
19:55:17.0578 4028 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:55:17.0580 4028 IPMIDRV - ok
19:55:17.0637 4028 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:55:17.0640 4028 IPNAT - ok
19:55:17.0736 4028 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:55:17.0770 4028 iPod Service - ok
19:55:17.0805 4028 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:55:17.0807 4028 IRENUM - ok
19:55:17.0825 4028 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:55:17.0827 4028 isapnp - ok
19:55:17.0867 4028 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:55:17.0874 4028 iScsiPrt - ok
19:55:17.0919 4028 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:55:17.0921 4028 kbdclass - ok
19:55:17.0987 4028 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:55:17.0989 4028 kbdhid - ok
19:55:18.0017 4028 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:55:18.0018 4028 KeyIso - ok
19:55:18.0055 4028 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:55:18.0057 4028 KSecDD - ok
19:55:18.0079 4028 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:55:18.0081 4028 KSecPkg - ok
19:55:18.0122 4028 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:55:18.0123 4028 ksthunk - ok
19:55:18.0159 4028 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:55:18.0168 4028 KtmRm - ok
19:55:18.0235 4028 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:55:18.0241 4028 LanmanServer - ok
19:55:18.0291 4028 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:55:18.0296 4028 LanmanWorkstation - ok
19:55:18.0343 4028 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:55:18.0345 4028 lltdio - ok
19:55:18.0393 4028 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:55:18.0401 4028 lltdsvc - ok
19:55:18.0423 4028 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:55:18.0426 4028 lmhosts - ok
19:55:18.0479 4028 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:55:18.0484 4028 LMS - ok
19:55:18.0522 4028 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:55:18.0524 4028 LSI_FC - ok
19:55:18.0559 4028 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:55:18.0562 4028 LSI_SAS - ok
19:55:18.0606 4028 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:55:18.0608 4028 LSI_SAS2 - ok
19:55:18.0623 4028 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:55:18.0625 4028 LSI_SCSI - ok
19:55:18.0656 4028 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:55:18.0658 4028 luafv - ok
19:55:18.0735 4028 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:55:18.0738 4028 Mcx2Svc - ok
19:55:18.0772 4028 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:55:18.0774 4028 megasas - ok
19:55:18.0819 4028 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:55:18.0824 4028 MegaSR - ok
19:55:18.0852 4028 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:55:18.0854 4028 MMCSS - ok
19:55:18.0897 4028 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:55:18.0898 4028 Modem - ok
19:55:18.0943 4028 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:55:18.0944 4028 monitor - ok
19:55:18.0984 4028 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:55:18.0985 4028 mouclass - ok
19:55:19.0039 4028 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:55:19.0041 4028 mouhid - ok
19:55:19.0081 4028 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:55:19.0083 4028 mountmgr - ok
19:55:19.0168 4028 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:55:19.0171 4028 MozillaMaintenance - ok
19:55:19.0193 4028 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:55:19.0197 4028 mpio - ok
19:55:19.0231 4028 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:55:19.0234 4028 mpsdrv - ok
19:55:19.0281 4028 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:55:19.0284 4028 MRxDAV - ok
19:55:19.0328 4028 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:19.0332 4028 mrxsmb - ok
19:55:19.0370 4028 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:19.0378 4028 mrxsmb10 - ok
19:55:19.0420 4028 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:19.0422 4028 mrxsmb20 - ok
19:55:19.0451 4028 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:55:19.0452 4028 msahci - ok
19:55:19.0486 4028 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:55:19.0489 4028 msdsm - ok
19:55:19.0521 4028 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:55:19.0528 4028 MSDTC - ok
19:55:19.0573 4028 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:55:19.0575 4028 Msfs - ok
19:55:19.0605 4028 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:55:19.0607 4028 mshidkmdf - ok
19:55:19.0648 4028 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:55:19.0649 4028 msisadrv - ok
19:55:19.0705 4028 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:55:19.0710 4028 MSiSCSI - ok
19:55:19.0722 4028 msiserver - ok
19:55:19.0763 4028 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:55:19.0765 4028 MSKSSRV - ok
19:55:19.0797 4028 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:19.0799 4028 MSPCLOCK - ok
19:55:19.0830 4028 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:55:19.0831 4028 MSPQM - ok
19:55:19.0874 4028 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:55:19.0881 4028 MsRPC - ok
19:55:19.0934 4028 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:55:19.0935 4028 mssmbios - ok
19:55:19.0962 4028 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:55:19.0963 4028 MSTEE - ok
19:55:19.0985 4028 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:55:19.0986 4028 MTConfig - ok
19:55:20.0012 4028 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:55:20.0014 4028 Mup - ok
19:55:20.0067 4028 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:55:20.0076 4028 napagent - ok
19:55:20.0120 4028 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:55:20.0126 4028 NativeWifiP - ok
19:55:20.0209 4028 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:55:20.0245 4028 NDIS - ok
19:55:20.0294 4028 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:20.0295 4028 NdisCap - ok
19:55:20.0315 4028 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:20.0316 4028 NdisTapi - ok
19:55:20.0364 4028 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:20.0366 4028 Ndisuio - ok
19:55:20.0412 4028 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:20.0415 4028 NdisWan - ok
19:55:20.0446 4028 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:55:20.0448 4028 NDProxy - ok
19:55:20.0479 4028 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:55:20.0480 4028 NetBIOS - ok
19:55:20.0529 4028 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:55:20.0534 4028 NetBT - ok
19:55:20.0550 4028 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:55:20.0553 4028 Netlogon - ok
19:55:20.0600 4028 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:55:20.0610 4028 Netman - ok
19:55:20.0649 4028 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:55:20.0660 4028 netprofm - ok
19:55:20.0688 4028 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:20.0692 4028 NetTcpPortSharing - ok
19:55:20.0866 4028 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:55:21.0022 4028 netw5v64 - ok
19:55:21.0054 4028 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:21.0055 4028 nfrd960 - ok
19:55:21.0098 4028 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:55:21.0106 4028 NlaSvc - ok
19:55:21.0140 4028 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:55:21.0142 4028 Npfs - ok
19:55:21.0172 4028 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:55:21.0174 4028 nsi - ok
19:55:21.0186 4028 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:55:21.0187 4028 nsiproxy - ok
19:55:21.0279 4028 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:55:21.0331 4028 Ntfs - ok
19:55:21.0365 4028 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:55:21.0366 4028 Null - ok
19:55:21.0424 4028 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:55:21.0428 4028 nvraid - ok
19:55:21.0454 4028 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:55:21.0462 4028 nvstor - ok
19:55:21.0508 4028 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:55:21.0512 4028 nv_agp - ok
19:55:21.0566 4028 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:55:21.0568 4028 ohci1394 - ok
19:55:21.0611 4028 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:21.0615 4028 ose - ok
19:55:21.0833 4028 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:55:21.0990 4028 osppsvc - ok
19:55:22.0066 4028 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:55:22.0079 4028 p2pimsvc - ok
19:55:22.0124 4028 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:55:22.0136 4028 p2psvc - ok
19:55:22.0181 4028 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:55:22.0184 4028 Parport - ok
19:55:22.0219 4028 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:55:22.0222 4028 partmgr - ok
19:55:22.0265 4028 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:55:22.0272 4028 PcaSvc - ok
19:55:22.0299 4028 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:55:22.0303 4028 pci - ok
19:55:22.0347 4028 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:55:22.0349 4028 pciide - ok
19:55:22.0384 4028 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:22.0388 4028 pcmcia - ok
19:55:22.0412 4028 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:55:22.0413 4028 pcw - ok
19:55:22.0445 4028 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:55:22.0462 4028 PEAUTH - ok
19:55:22.0547 4028 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:55:22.0550 4028 PerfHost - ok
19:55:22.0643 4028 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:55:22.0688 4028 pla - ok
19:55:22.0767 4028 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:55:22.0777 4028 PlugPlay - ok
19:55:22.0820 4028 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:55:22.0823 4028 PNRPAutoReg - ok
19:55:22.0855 4028 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:55:22.0861 4028 PNRPsvc - ok
19:55:22.0924 4028 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:55:22.0940 4028 PolicyAgent - ok
19:55:22.0986 4028 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:55:22.0991 4028 Power - ok
19:55:23.0057 4028 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:55:23.0060 4028 PptpMiniport - ok
19:55:23.0100 4028 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:55:23.0102 4028 Processor - ok
19:55:23.0151 4028 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:55:23.0158 4028 ProfSvc - ok
19:55:23.0183 4028 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:55:23.0186 4028 ProtectedStorage - ok
19:55:23.0245 4028 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:55:23.0247 4028 Psched - ok
19:55:23.0313 4028 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:55:23.0361 4028 ql2300 - ok
19:55:23.0416 4028 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:23.0419 4028 ql40xx - ok
19:55:23.0460 4028 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:55:23.0467 4028 QWAVE - ok
19:55:23.0491 4028 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:55:23.0493 4028 QWAVEdrv - ok
19:55:23.0538 4028 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:55:23.0539 4028 RasAcd - ok
19:55:23.0570 4028 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:23.0572 4028 RasAgileVpn - ok
19:55:23.0601 4028 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:55:23.0606 4028 RasAuto - ok
19:55:23.0648 4028 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:23.0651 4028 Rasl2tp - ok
19:55:23.0724 4028 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:55:23.0751 4028 RasMan - ok
19:55:23.0801 4028 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:23.0804 4028 RasPppoe - ok
19:55:23.0834 4028 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:55:23.0837 4028 RasSstp - ok
19:55:23.0892 4028 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:55:23.0898 4028 rdbss - ok
19:55:23.0930 4028 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:23.0932 4028 rdpbus - ok
19:55:23.0975 4028 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:23.0975 4028 RDPCDD - ok
19:55:24.0019 4028 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:55:24.0020 4028 RDPENCDD - ok
19:55:24.0047 4028 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:55:24.0049 4028 RDPREFMP - ok
19:55:24.0095 4028 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:55:24.0099 4028 RDPWD - ok
19:55:24.0208 4028 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:55:24.0211 4028 rdyboost - ok
19:55:24.0324 4028 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:55:24.0328 4028 RemoteAccess - ok
19:55:24.0494 4028 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:55:24.0500 4028 RemoteRegistry - ok
19:55:24.0732 4028 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:55:24.0735 4028 RFCOMM - ok
19:55:24.0853 4028 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:55:24.0856 4028 RpcEptMapper - ok
19:55:24.0977 4028 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:55:24.0979 4028 RpcLocator - ok
19:55:25.0162 4028 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:55:25.0170 4028 RpcSs - ok
19:55:25.0334 4028 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:55:25.0336 4028 rspndr - ok
19:55:25.0501 4028 RSUSBSTOR - ok
19:55:26.0035 4028 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:55:26.0039 4028 RTL8167 - ok
19:55:26.0544 4028 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
19:55:26.0550 4028 RtVOsdService - ok
19:55:26.0606 4028 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:55:26.0608 4028 SamSs - ok
19:55:26.0729 4028 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:55:26.0732 4028 sbp2port - ok
19:55:26.0919 4028 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:55:26.0961 4028 SCardSvr - ok
19:55:27.0072 4028 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:55:27.0073 4028 scfilter - ok
19:55:27.0343 4028 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:55:27.0414 4028 Schedule - ok
19:55:27.0513 4028 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:55:27.0515 4028 SCPolicySvc - ok
19:55:27.0950 4028 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:55:27.0953 4028 sdbus - ok
19:55:28.0113 4028 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:55:28.0117 4028 SDRSVC - ok
19:55:28.0285 4028 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:55:28.0286 4028 secdrv - ok
19:55:28.0381 4028 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:55:28.0384 4028 seclogon - ok
19:55:28.0497 4028 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:55:28.0500 4028 SENS - ok
19:55:28.0615 4028 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:55:28.0618 4028 SensrSvc - ok
19:55:28.0729 4028 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:55:28.0730 4028 Serenum - ok
19:55:28.0836 4028 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:55:28.0840 4028 Serial - ok
19:55:29.0023 4028 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:55:29.0025 4028 sermouse - ok
19:55:29.0148 4028 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:55:29.0153 4028 SessionEnv - ok
19:55:29.0274 4028 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:55:29.0281 4028 sffdisk - ok
19:55:29.0351 4028 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:55:29.0353 4028 sffp_mmc - ok
19:55:29.0418 4028 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:55:29.0419 4028 sffp_sd - ok
19:55:29.0526 4028 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:29.0584 4028 sfloppy - ok
19:55:30.0271 4028 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:55:30.0281 4028 Sftfs - ok
19:55:30.0592 4028 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:55:30.0601 4028 sftlist - ok
19:55:30.0756 4028 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:55:30.0761 4028 Sftplay - ok
19:55:30.0882 4028 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:55:30.0883 4028 Sftredir - ok
19:55:30.0947 4028 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:55:30.0948 4028 Sftvol - ok
19:55:31.0116 4028 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:55:31.0123 4028 sftvsa - ok
19:55:31.0343 4028 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:55:31.0351 4028 ShellHWDetection - ok
19:55:31.0445 4028 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:31.0500 4028 SiSRaid2 - ok
19:55:31.0634 4028 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:31.0637 4028 SiSRaid4 - ok
19:55:31.0845 4028 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:55:31.0895 4028 Smb - ok
19:55:32.0081 4028 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:55:32.0086 4028 SNMPTRAP - ok
19:55:32.0140 4028 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:55:32.0141 4028 spldr - ok
19:55:32.0256 4028 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:55:32.0284 4028 Spooler - ok
19:55:32.0512 4028 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:55:32.0613 4028 sppsvc - ok
19:55:32.0666 4028 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:55:32.0669 4028 sppuinotify - ok
19:55:32.0892 4028 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:55:32.0902 4028 srv - ok
19:55:33.0002 4028 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:55:33.0021 4028 srv2 - ok
19:55:33.0133 4028 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:55:33.0177 4028 SrvHsfHDA - ok
19:55:33.0538 4028 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:55:33.0865 4028 SrvHsfV92 - ok
19:55:34.0063 4028 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:55:34.0110 4028 SrvHsfWinac - ok
19:55:34.0351 4028 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:55:34.0354 4028 srvnet - ok
19:55:34.0496 4028 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:55:34.0515 4028 SSDPSRV - ok
19:55:34.0571 4028 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:55:34.0574 4028 SstpSvc - ok
19:55:34.0647 4028 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:55:34.0649 4028 stexstor - ok
19:55:34.0778 4028 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:55:34.0792 4028 stisvc - ok
19:55:34.0885 4028 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:55:34.0891 4028 swenum - ok
19:55:34.0961 4028 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:55:34.0973 4028 swprv - ok
19:55:35.0213 4028 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:55:35.0263 4028 SynTP - ok
19:55:35.0537 4028 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:55:35.0947 4028 SysMain - ok
19:55:36.0023 4028 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:55:36.0030 4028 TabletInputService - ok
19:55:36.0139 4028 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:55:36.0146 4028 TapiSrv - ok
19:55:36.0189 4028 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:55:36.0192 4028 TBS - ok
19:55:36.0574 4028 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:55:36.0651 4028 Tcpip - ok
19:55:36.0817 4028 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:55:36.0835 4028 TCPIP6 - ok
19:55:36.0903 4028 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:55:36.0904 4028 tcpipreg - ok
19:55:36.0942 4028 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:55:36.0945 4028 TDPIPE - ok
19:55:36.0997 4028 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:55:36.0998 4028 TDTCP - ok
19:55:37.0045 4028 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:55:37.0047 4028 tdx - ok
19:55:37.0090 4028 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:55:37.0091 4028 TermDD - ok
19:55:37.0164 4028 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:55:37.0175 4028 TermService - ok
19:55:37.0239 4028 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:55:37.0256 4028 Themes - ok
19:55:37.0273 4028 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:55:37.0275 4028 THREADORDER - ok
19:55:37.0334 4028 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:55:37.0338 4028 TrkWks - ok
19:55:37.0434 4028 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:55:37.0438 4028 TrustedInstaller - ok
19:55:37.0495 4028 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:37.0496 4028 tssecsrv - ok
19:55:37.0575 4028 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:55:37.0577 4028 TsUsbFlt - ok
19:55:37.0731 4028 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:55:37.0735 4028 tunnel - ok
19:55:38.0065 4028 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:55:38.0070 4028 uagp35 - ok
19:55:38.0168 4028 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:55:38.0175 4028 udfs - ok
19:55:38.0259 4028 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:55:38.0263 4028 UI0Detect - ok
19:55:38.0334 4028 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:55:38.0336 4028 uliagpkx - ok
19:55:38.0414 4028 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:55:38.0416 4028 umbus - ok
19:55:38.0508 4028 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:55:38.0510 4028 UmPass - ok
19:55:38.0924 4028 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:55:38.0998 4028 UNS - ok
19:55:39.0060 4028 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:55:39.0077 4028 upnphost - ok
19:55:39.0123 4028 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:55:39.0125 4028 USBAAPL64 - ok
19:55:39.0199 4028 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:55:39.0202 4028 usbaudio - ok
19:55:39.0251 4028 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:39.0255 4028 usbccgp - ok
19:55:39.0306 4028 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:55:39.0308 4028 usbcir - ok
19:55:39.0360 4028 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:55:39.0361 4028 usbehci - ok
19:55:39.0426 4028 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:55:39.0433 4028 usbhub - ok
19:55:39.0484 4028 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:55:39.0485 4028 usbohci - ok
19:55:39.0549 4028 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:55:39.0554 4028 usbprint - ok
19:55:39.0693 4028 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:55:39.0695 4028 usbscan - ok
19:55:39.0751 4028 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:39.0807 4028 USBSTOR - ok
19:55:39.0824 4028 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:55:39.0825 4028 usbuhci - ok
19:55:39.0907 4028 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:55:39.0910 4028 usbvideo - ok
19:55:39.0936 4028 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:55:39.0939 4028 UxSms - ok
19:55:39.0960 4028 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:55:39.0962 4028 VaultSvc - ok
19:55:40.0024 4028 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:55:40.0024 4028 vdrvroot - ok
19:55:40.0215 4028 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:55:40.0225 4028 vds - ok
19:55:40.0283 4028 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:40.0284 4028 vga - ok
19:55:40.0368 4028 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:55:40.0370 4028 VgaSave - ok
19:55:40.0468 4028 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:55:40.0472 4028 vhdmp - ok
19:55:40.0532 4028 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:55:40.0534 4028 viaide - ok
19:55:40.0561 4028 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:55:40.0562 4028 volmgr - ok
19:55:40.0679 4028 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:55:40.0684 4028 volmgrx - ok
19:55:40.0781 4028 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:55:40.0785 4028 volsnap - ok
19:55:40.0849 4028 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:40.0852 4028 vsmraid - ok
19:55:41.0259 4028 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:55:41.0323 4028 VSS - ok
19:55:41.0360 4028 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:55:41.0362 4028 vwifibus - ok
19:55:41.0428 4028 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:41.0431 4028 vwififlt - ok
19:55:41.0491 4028 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:55:41.0507 4028 W32Time - ok
19:55:41.0786 4028 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:55:41.0788 4028 WacomPen - ok
19:55:42.0072 4028 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:55:42.0074 4028 WANARP - ok
19:55:42.0122 4028 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:55:42.0123 4028 Wanarpv6 - ok
19:55:42.0485 4028 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:55:42.0504 4028 WatAdminSvc - ok
19:55:42.0628 4028 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:55:42.0744 4028 wbengine - ok
19:55:42.0795 4028 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:55:42.0804 4028 WbioSrvc - ok
19:55:42.0908 4028 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:55:42.0916 4028 wcncsvc - ok
19:55:42.0962 4028 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:55:42.0965 4028 WcsPlugInService - ok
19:55:43.0020 4028 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:55:43.0021 4028 Wd - ok
19:55:43.0149 4028 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:55:43.0163 4028 Wdf01000 - ok
19:55:43.0185 4028 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:55:43.0191 4028 WdiServiceHost - ok
19:55:43.0202 4028 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:55:43.0208 4028 WdiSystemHost - ok
19:55:43.0310 4028 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:55:43.0316 4028 WebClient - ok
19:55:43.0398 4028 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:55:43.0414 4028 Wecsvc - ok
19:55:43.0464 4028 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:55:43.0468 4028 wercplsupport - ok
19:55:43.0553 4028 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:55:43.0556 4028 WerSvc - ok
19:55:43.0621 4028 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:43.0622 4028 WfpLwf - ok
19:55:43.0652 4028 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:55:43.0654 4028 WIMMount - ok
19:55:43.0662 4028 WinHttpAutoProxySvc - ok
19:55:43.0855 4028 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:55:43.0860 4028 Winmgmt - ok
19:55:43.0966 4028 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:55:44.0040 4028 WinRM - ok
19:55:44.0165 4028 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:44.0168 4028 WinUsb - ok
19:55:44.0336 4028 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:55:44.0590 4028 Wlansvc - ok
19:55:45.0140 4028 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:45.0208 4028 wlidsvc - ok
19:55:45.0250 4028 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:55:45.0251 4028 WmiAcpi - ok
19:55:45.0284 4028 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:55:45.0288 4028 wmiApSrv - ok
19:55:45.0325 4028 WMPNetworkSvc - ok
19:55:45.0352 4028 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:55:45.0356 4028 WPCSvc - ok
19:55:45.0393 4028 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:55:45.0397 4028 WPDBusEnum - ok
19:55:45.0428 4028 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:55:45.0429 4028 ws2ifsl - ok
19:55:45.0437 4028 WSearch - ok
19:55:45.0468 4028 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:55:45.0471 4028 WudfPf - ok
19:55:45.0529 4028 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:45.0534 4028 WUDFRd - ok
19:55:45.0571 4028 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:55:45.0575 4028 wudfsvc - ok
19:55:45.0610 4028 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:55:45.0616 4028 WwanSvc - ok
19:55:45.0656 4028 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:55:45.0664 4028 yukonw7 - ok
19:55:45.0684 4028 ================ Scan global ===============================
19:55:45.0711 4028 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:55:45.0751 4028 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:55:45.0772 4028 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:55:45.0797 4028 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:55:45.0844 4028 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:55:45.0852 4028 [Global] - ok
19:55:45.0853 4028 ================ Scan MBR ==================================
19:55:45.0869 4028 [ A9D691444202B6B49CC6C7223076F181 ] \Device\Harddisk0\DR0
19:55:45.0869 4028 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:55:45.0928 4028 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:55:45.0928 4028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:55:46.0000 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:55:46.0000 4028 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:55:46.0001 4028 ================ Scan VBR ==================================
19:55:46.0006 4028 [ 511DB2468D04CC3662B6F4CF30D68C0E ] \Device\Harddisk0\DR0\Partition1
19:55:46.0010 4028 \Device\Harddisk0\DR0\Partition1 - ok
19:55:46.0058 4028 [ 8EE34FACA9FD81E8F6A09A9E499CC57B ] \Device\Harddisk0\DR0\Partition2
19:55:46.0061 4028 \Device\Harddisk0\DR0\Partition2 - ok
19:55:46.0100 4028 [ B1E5E89D062BBDFE1588BC02CEEF01D7 ] \Device\Harddisk0\DR0\Partition3
19:55:46.0102 4028 \Device\Harddisk0\DR0\Partition3 - ok
19:55:46.0103 4028 ============================================================
19:55:46.0103 4028 Scan finished
19:55:46.0103 4028 ============================================================
19:55:46.0125 4204 Detected object count: 2
19:55:46.0125 4204 Actual detected object count: 2
19:56:14.0983 4204 \Device\Harddisk0\DR0\# - copied to quarantine
19:56:14.0985 4204 \Device\Harddisk0\DR0 - copied to quarantine
19:56:15.0037 4204 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:56:15.0039 4204 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:56:15.0060 4204 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:56:15.0069 4204 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:56:15.0070 4204 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:56:15.0072 4204 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:56:15.0075 4204 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:56:15.0077 4204 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:56:15.0081 4204 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:56:15.0082 4204 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:56:15.0083 4204 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:56:15.0084 4204 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:56:15.0117 4204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:56:15.0128 4204 \Device\Harddisk0\DR0 - ok
19:56:15.0439 4204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:56:15.0440 4204 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:56:15.0440 4204 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

ASWMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-16 20:17:38
-----------------------------
20:17:38.956 OS Version: Windows x64 6.1.7601 Service Pack 1
20:17:38.956 Number of processors: 4 586 0x2505
20:17:38.956 ComputerName: BEARKIN-HP UserName: bearkin
20:17:41.109 Initialize success
20:30:33.341 AVAST engine defs: 12101601
20:33:29.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:33:29.434 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:33:29.434 Device \Driver\iaStor -> MajorFunction fffffa800645a5e8
20:33:29.434 Disk 0 MBR read successfully
20:33:29.434 Disk 0 MBR scan
20:33:29.450 Disk 0 unknown MBR code
20:33:29.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:33:29.465 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459217 MB offset 409600
20:33:29.496 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17419 MB offset 940886016
20:33:29.512 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
20:33:29.559 Disk 0 scanning C:\Windows\system32\drivers
20:33:40.521 Service scanning
20:34:24.426 Modules scanning
20:34:24.432 Disk 0 trace - called modules:
20:34:24.442 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800645a5e8]<<
20:34:24.446 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f08060]
20:34:24.451 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f1c050]
20:34:24.456 \Driver\iaStor[0xfffffa8005e1fa60] -> IRP_MJ_CREATE -> 0xfffffa800645a5e8
20:34:27.225 AVAST engine scan C:\Windows
20:34:29.759 AVAST engine scan C:\Windows\system32
20:36:30.441 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:36:33.093 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:37:40.861 AVAST engine scan C:\Windows\system32\drivers
20:38:10.879 AVAST engine scan C:\Users\bearkin
20:52:58.613 AVAST engine scan C:\ProgramData
20:54:48.335 Scan finished successfully
22:02:28.102 Disk 0 MBR has been saved successfully to "C:\Users\bearkin\Documents\MBR.dat"
22:02:28.107 The log file has been saved successfully to "C:\Users\bearkin\Documents\aswMBR.txt"


ESET
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\n Win64/Sirefef.AR trojan cleaned by deleting (after the next restart) - quarantined
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.10.2012_19.54.49\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.10.2012_19.54.49\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.10.2012_19.54.49\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.OX trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.10.2012_19.54.49\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.10.2012_19.54.49\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.10.2012_19.54.49\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\bearkin\AppData\Local\Temp\NODF3E6.tmp Win64/Sirefef.AR trojan cleaned by deleting (after the next restart) - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:22 PM

Posted 17 October 2012 - 07:38 AM

Run TDSSkiller again and select DELETE

19:56:15.0440 4204 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 trevorisonfire

trevorisonfire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 17 October 2012 - 07:16 PM

tried adware cleaner but it would just ask me to restart my computer and wouldnt show a log after it restarted

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.17.12

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
bearkin :: BEARKIN-HP [administrator]

10/17/2012 5:35:59 PM
mbam-log-2012-10-17 (17-35-59).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 408693
Time elapsed: 1 hour(s), 3 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 16
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\n (Trojan.0Access) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\17.10.2012_17.22.01\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\17.10.2012_17.22.01\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)



MiniToolBox by Farbar Version: 23-07-2012
Ran by bearkin (administrator) on 17-10-2012 at 18:44:56
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Broadcom 4313 802.11b/g/n = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : bearkin-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Broadcom 4313 802.11b/g/n
Physical Address. . . . . . . . . : AC-81-12-20-7B-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::34a1:9f83:cd51:671e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.73(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 17, 2012 6:41:46 PM
Lease Expires . . . . . . . . . . : Thursday, October 18, 2012 6:41:46 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 313295122
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-A7-1E-E4-3C-4A-92-C8-C6-55
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4009:803::1009
74.125.225.102
74.125.225.103
74.125.225.104
74.125.225.105
74.125.225.110
74.125.225.96
74.125.225.97
74.125.225.98
74.125.225.99
74.125.225.100
74.125.225.101


Pinging google.com [74.125.225.46] with 32 bytes of data:
Reply from 74.125.225.46: bytes=32 time=31ms TTL=51
Reply from 74.125.225.46: bytes=32 time=30ms TTL=51

Ping statistics for 74.125.225.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 31ms, Average = 30ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=85ms TTL=44
Reply from 98.138.253.109: bytes=32 time=91ms TTL=44

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 85ms, Maximum = 91ms, Average = 88ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...ac 81 12 20 7b c2 ......Broadcom 4313 802.11b/g/n
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.73 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.73 281
192.168.1.73 255.255.255.255 On-link 192.168.1.73 281
192.168.1.255 255.255.255.255 On-link 192.168.1.73 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.73 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.73 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::34a1:9f83:cd51:671e/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/17/2012 05:15:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/17/2012 05:15:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/16/2012 08:03:43 PM) (Source: CVHSVC) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (10/16/2012 07:59:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x105c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/16/2012 07:51:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0xd7c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/16/2012 07:50:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x10dc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/16/2012 07:49:16 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/16/2012 07:48:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x17f4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/16/2012 07:46:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x1144
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/16/2012 07:43:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000374
Fault offset: 0x000ce6c3
Faulting process id: 0x12e4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (10/17/2012 06:41:49 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (10/17/2012 06:41:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error Code: 21

Error: (10/17/2012 06:41:43 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/17/2012 06:41:43 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/17/2012 06:41:40 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/17/2012 06:41:35 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/17/2012 06:41:25 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
Wanarpv6

Error: (10/17/2012 06:41:24 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068

Error: (10/17/2012 06:41:24 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (10/17/2012 06:41:24 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (10/17/2012 05:15:29 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (10/17/2012 05:15:29 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (10/16/2012 08:03:43 PM) (Source: CVHSVC)(User: )
Description: Click-2-Run package registration failure.

Error: (10/16/2012 07:59:19 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3105c01cdac01964958d9\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dlle1292d87-17f5-11e2-ba7b-9bf0d5079ff2

Error: (10/16/2012 07:51:36 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3d7c01cdac01783a0d5b\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dllcd4b2854-17f4-11e2-ba7b-9bf0d5079ff2

Error: (10/16/2012 07:50:46 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c310dc01cdac0135208e56\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dllaf5383df-17f4-11e2-ba7b-9bf0d5079ff2

Error: (10/16/2012 07:49:16 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/16/2012 07:48:53 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c317f401cdac00d8a81707\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll6c07344c-17f4-11e2-ba7b-9bf0d5079ff2

Error: (10/16/2012 07:46:17 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3114401cdac0069f83f9c\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll0f396fcd-17f4-11e2-ba7b-9bf0d5079ff2

Error: (10/16/2012 07:43:12 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c312e401cdac002eb097d7\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dlla0f7ae78-17f3-11e2-ba7b-9bf0d5079ff2


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9.5.1 MUI (Version: 9.5.1)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
Akamai NetSession Interface
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Applian FLV Player (Version: 2.0.25)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Build-a-lot 2 (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
ConvertHelper 2.2
CyberLink DVD Suite (Version: 7.0.3003)
CyberLink MediaShow (Version: 5.0.1616)
CyberLink PowerDVD 9 (Version: 9.0.1.4217)
CyberLink YouCam (Version: 3.0.2511)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DivX Setup (Version: 2.3.0.20)
Dora's Carnival Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 22.0.1229.94)
Google Update Helper (Version: 1.3.21.123)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.1.3)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP Photo Creations (Version: 1.0.0.3611)
HP Power Manager (Version: 1.4.7)
HP Quick Launch (Version: 2.6.3)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 4.1.8.1)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.9.0)
iCloud (Version: 1.1.0.40)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2131)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 7 Update 5 (Version: 7.0.50)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
JScreenFix
Junk Mail filter update (Version: 14.0.8117.416)
LabelPrint (Version: 2.5.2907)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
Plants vs. Zombies (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4204)
PowerDirector (Version: 8.0.3003)
QuickTime (Version: 7.72.80.56)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30105)
Recovery Manager (Version: 5.5.3023)
Roxio CinemaNow 2.0 (Version: 1.0.278)
RtVOsd (Version: 1.0.6)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.2)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Yahoo! Detect
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3893.86 MB
Available physical RAM: 2939 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 6876.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.64 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:448.45 GB) (Free:368.56 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:17.01 GB) (Free:2.46 GB) NTFS

========================= Users: ========================================

User accounts for \\BEARKIN-HP

Administrator bearkin Guest

========================= Restore Points ==================================

25-09-2012 05:00:02 Scheduled Checkpoint
06-10-2012 00:09:54 Removed Skype™ 5.10
06-10-2012 22:24:12 Installed STOPzilla. Available with Windows Installer version 1.2 and later.
06-10-2012 22:44:18 StopZILLA! Restore Point.
07-10-2012 17:23:57 Removed STOPzilla. Available with Windows Installer version 1.2 and later.
08-10-2012 23:49:13 Norton_Power_Eraser_20121008184912242
10-10-2012 00:59:36 Removed Skype™ 5.10
10-10-2012 01:17:00 HPSF Restore Point
12-10-2012 02:01:13 Installed Microsoft Fix it 50267

**** End of log ****



Farbar Service Scanner Version: 07-10-2012
Ran by bearkin (administrator) on 17-10-2012 at 18:47:21
Running from "C:\Users\bearkin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Junkware Removal Tool (JRT) by Thisisu
Version: 1.7.2 (10.17.2012)
OS: Windows 7 Home Premium x64
Ran by bearkin on Wed 10/17/2012 at 18:55:11.51
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Removed the following from [PREFS.JS] :

user_pref("extensions.enabledItems", "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900,{6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3,{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.3,engine@conduit.com:3.3.3.2,{88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2,{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18");


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Wed 10/17/2012 at 19:10:11.01
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:22 PM

Posted 17 October 2012 - 07:20 PM

Run malwarebytes again and post the clean log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 trevorisonfire

trevorisonfire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 17 October 2012 - 08:41 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.17.13

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
bearkin :: BEARKIN-HP [administrator]

10/17/2012 7:31:18 PM
mbam-log-2012-10-17 (19-31-18).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 409534
Time elapsed: 54 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Log Opened: 2012-10-17 @ 20:29:54
20:29:54 - -----------------
20:29:54 - | Begin Logging |
20:29:54 - -----------------
20:29:54 - Fix started on a WIN_7 X64 computer
20:29:54 - Prep in progress. Please Wait.
20:29:55 - Prep complete
20:29:55 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
20:29:55 - Services Repair Complete.
20:30:45 - Reboot Initiated

Farbar Service Scanner Version: 07-10-2012
Ran by bearkin (administrator) on 17-10-2012 at 20:35:17
Running from "C:\Users\bearkin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/17/2012 08:37:23 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\bearkin\Desktop\rkill\rkill-10-17-2012-08-37-25.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\L\201d3dde [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$34abdb91f75e6e4d3541138e74b7a4fe\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-694546055-2663675398-4204403197-1001\$34abdb91f75e6e4d3541138e74b7a4fe\U\ [ZA Dir]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/17/2012 08:37:37 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HPWirelessAssistant" "" "" "c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkngui64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "DivX Download Manager" "DivX Download Manager Service" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\ddmservice.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files (x86)\divx\divx update\divxupdate.exe"
+ "HP Quick Launch" "HP Message Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "21287A78-F192-47AB-9104-466BD43EEA65" "" "" "File not found: start"
+ "Malwarebytes Anti-Malware (cleanup)" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Akamai NetSession Interface" "Akamai NetSession Client" "Akamai Technologies, Inc." "c:\users\bearkin\appdata\local\akamai\netsession_win.exe"
+ "MobileDocuments" "ubd.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\ubd.exe"
+ "YahooPartnerToolbar" "fmtpdf" "I.R.I.S. Group" "c:\users\bearkin\appdata\local\yahoopartnertoolbar\jmddvjwo.dll"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "Report" "" "" "c:\adwcleaner[s5].txt"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "MyHook" "CopyHook Module" "" "c:\program files (x86)\griffin technology\italk sync\copyhook64.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX HiQ" "DivX Web Player version 2.1.0.900" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\npdivx32.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Web Player version 2.1.0.900" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\npdivx32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AERTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\program files\realtek\audio\hda\aertsr64.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CinemaNow Service" "CinemaNow Service Application" "CinemaNow, Inc." "c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowsvc.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe"
+ "HP Wireless Assistant Service" "This service monitors the wireless devices in this computer and allows the HP Wireless Assistant application to turn devices on and off." "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp wireless assistant\hpwa_service.exe"
+ "HPDrvMntSvc.exe" "HP Quick Synchronization Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe"
+ "hpqwmiex" "HP Software Framework WMI Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RtVOsdService" "Realtek OSD Control" "Realtek Semiconductor Corp." "c:\program files\realtek\rtvosd\rtvosdservice.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "LSI Corp" "c:\windows\system32\drivers\agrsm64.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilDrv11120" "" "" "File not found: C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys"
+ "EraserUtilDrvI13" "" "" "File not found: C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "netw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "" "" "File not found: System32\Drivers\RtsUStor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder (PDVD9)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claud.ax"
+ "CyberLink Audio Decoder(PDVD9 UPnP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\claud.ax"
+ "CyberLink Audio Effect (PDVD9)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudfx.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD9)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudspa.ax"
+ "CyberLink Audio Spectrum Analyzer(PDVD9 UPnP)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\claudspa.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter (PDVD9)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudiocd.ax"
+ "CyberLink Demultiplexer(PDVD9 UPnP)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\cldemuxer.ax"
+ "CyberLink Demux (PDVD9)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\cldemuxer.ax"
+ "CyberLink Digest Filter (PDVD9)" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\cyberlink\powerdvd9\digestfilter.dll"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DVD Navigator (PDVD9)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clnavx.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink HD/BD Mixer (PDVD9)" "CLHBMixer" " " "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clhbmixer.ax"
+ "CyberLink Line21 Decoder (PDVD9)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\clsplter.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD9)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clm4splt.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink Push-Mode CLStream(PDVD9)" "CLStream" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd9\upnp\clstream(pushmode).ax"
+ "CyberLink Streamming Filter(PDVD9)" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\clstream.ax"
+ "Cyberlink SubTitle Importor (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TimeStretch Filter (PDVD9)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "CyberLink Tzan Filter (PDVD9)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\cltzan.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clvsd.ax"
+ "CyberLink Video/SP Decoder(PDVD9 UPnP)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\clvsd.ax"
+ "CyberLink WMV/WMA Demux(PDVD9)" "WMV/WMA Demux" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd9\upnp\clwmfdemux.ax"
+ "DivX AAC Decoder" "AAC Audio Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "DivX MKV Demux" "DivX MKV Splitter" "" "c:\program files (x86)\divx\divx plus directshow filters\dmfsource.ax"
+ "DivX MKV Demux (unrestricted)" "DivX MKV Splitter" "" "c:\program files (x86)\divx\divx plus directshow filters\dmfsource.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpz3lw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpz3lw71.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:22 PM

Posted 17 October 2012 - 09:10 PM

Reboot to normal mode ,run malwarebytes scan again and post the log

Run farbar scanner again,post the log

Now run RKILL given in previous instructions and post the new log

Edited by narenxp, 18 October 2012 - 09:02 PM.


#9 trevorisonfire

trevorisonfire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 18 October 2012 - 08:37 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.19.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bearkin :: BEARKIN-HP [administrator]

10/18/2012 7:29:29 PM
mbam-log-2012-10-18 (19-29-29).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 405014
Time elapsed: 1 hour(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Farbar Service Scanner Version: 07-10-2012
Ran by bearkin (administrator) on 18-10-2012 at 20:31:35
Running from "C:\Users\bearkin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/18/2012 08:35:24 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\bearkin\Desktop\rkill\rkill-10-18-2012-08-35-44.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
64.46.36.178 www.google-analytics.com.
64.46.36.178 ad-emea.doubleclick.net.
64.46.36.178 www.statcounter.com.
64.27.10.42 www.google-analytics.com.
64.27.10.42 ad-emea.doubleclick.net.
64.27.10.42 www.statcounter.com.

Program finished at: 10/18/2012 08:36:02 PM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:22 PM

Posted 18 October 2012 - 09:04 PM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts
Repair windows updates

Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

Run RKILL again and post the new log

Edited by narenxp, 18 October 2012 - 09:13 PM.


#11 trevorisonfire

trevorisonfire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 18 October 2012 - 09:33 PM

Farbar Service Scanner Version: 07-10-2012
Ran by bearkin (administrator) on 18-10-2012 at 20:31:35
Running from "C:\Users\bearkin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/18/2012 09:32:33 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (PID: 1284) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* BITS [Missing Service]
* iphlpsvc [Missing Service]
* WinDefend [Missing Service]
* wuauserv [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
64.46.36.178 www.google-analytics.com.
64.46.36.178 ad-emea.doubleclick.net.
64.46.36.178 www.statcounter.com.
64.27.10.42 www.google-analytics.com.
64.27.10.42 ad-emea.doubleclick.net.
64.27.10.42 www.statcounter.com.

Program finished at: 10/18/2012 09:33:09 PM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:22 PM

Posted 18 October 2012 - 09:38 PM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands

Download

Hosts fixit

Run it,restart the PC

Now launch mini toolbox and checkmark hosts contents alone and post the new log


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#13 trevorisonfire

trevorisonfire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 18 October 2012 - 09:54 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by bearkin (administrator) on 18-10-2012 at 21:51:37
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HPWirelessAssistant" "" "" "c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkngui64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "DivX Download Manager" "DivX Download Manager Service" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\ddmservice.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files (x86)\divx\divx update\divxupdate.exe"
+ "HP Quick Launch" "HP Message Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Akamai NetSession Interface" "Akamai NetSession Client" "Akamai Technologies, Inc." "c:\users\bearkin\appdata\local\akamai\netsession_win.exe"
+ "MobileDocuments" "ubd.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\ubd.exe"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "MyHook" "CopyHook Module" "" "c:\program files (x86)\griffin technology\italk sync\copyhook64.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX HiQ" "DivX Web Player version 2.1.0.900" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\npdivx32.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Web Player version 2.1.0.900" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\npdivx32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\HPCeeScheduleForbearkin" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\ServicePlan" "ESAdvRemIntegrator" "" "c:\program files (x86)\hewlett-packard\hp setup\remengine.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AERTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\program files\realtek\audio\hda\aertsr64.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CinemaNow Service" "CinemaNow Service Application" "CinemaNow, Inc." "c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowsvc.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe"
+ "HP Wireless Assistant Service" "This service monitors the wireless devices in this computer and allows the HP Wireless Assistant application to turn devices on and off." "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp wireless assistant\hpwa_service.exe"
+ "HPDrvMntSvc.exe" "HP Quick Synchronization Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe"
+ "hpqwmiex" "HP Software Framework WMI Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "RtVOsdService" "Realtek OSD Control" "Realtek Semiconductor Corp." "c:\program files\realtek\rtvosd\rtvosdservice.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "LSI Corp" "c:\windows\system32\drivers\agrsm64.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilDrv11120" "" "" "File not found: C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys"
+ "EraserUtilDrvI13" "" "" "File not found: C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "netw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "" "" "File not found: System32\Drivers\RtsUStor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder (PDVD9)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claud.ax"
+ "CyberLink Audio Decoder(PDVD9 UPnP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\claud.ax"
+ "CyberLink Audio Effect (PDVD9)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudfx.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD9)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudspa.ax"
+ "CyberLink Audio Spectrum Analyzer(PDVD9 UPnP)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\claudspa.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter (PDVD9)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\claudiocd.ax"
+ "CyberLink Demultiplexer(PDVD9 UPnP)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\cldemuxer.ax"
+ "CyberLink Demux (PDVD9)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\cldemuxer.ax"
+ "CyberLink Digest Filter (PDVD9)" "DigestFilter Dynamic Link Library" "" "c:\program files (x86)\cyberlink\powerdvd9\digestfilter.dll"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DVD Navigator (PDVD9)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clnavx.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink HD/BD Mixer (PDVD9)" "CLHBMixer" " " "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clhbmixer.ax"
+ "CyberLink Line21 Decoder (PDVD9)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\clsplter.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD9)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\navfilter\clm4splt.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink Push-Mode CLStream(PDVD9)" "CLStream" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd9\upnp\clstream(pushmode).ax"
+ "CyberLink Streamming Filter(PDVD9)" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\clstream.ax"
+ "Cyberlink SubTitle Importor (PDVD9)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TimeStretch Filter (PDVD9)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\audiofilter\clauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "CyberLink Tzan Filter (PDVD9)" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\cltzan.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\videofilter\clvsd.ax"
+ "CyberLink Video/SP Decoder(PDVD9 UPnP)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd9\upnp\clvsd.ax"
+ "CyberLink WMV/WMA Demux(PDVD9)" "WMV/WMA Demux" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd9\upnp\clwmfdemux.ax"
+ "DivX AAC Decoder" "AAC Audio Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "DivX MKV Demux" "DivX MKV Splitter" "" "c:\program files (x86)\divx\divx plus directshow filters\dmfsource.ax"
+ "DivX MKV Demux (unrestricted)" "DivX MKV Splitter" "" "c:\program files (x86)\divx\divx plus directshow filters\dmfsource.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpz3lw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpz3lw71.dll"

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:22 PM

Posted 18 October 2012 - 10:02 PM

Download

defender
wuauserv
BITS

Launch them ,click YES when you get UAC prompt

Run RKILL again and post the new log

#15 trevorisonfire

trevorisonfire
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 18 October 2012 - 10:06 PM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/18/2012 10:05:40 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* iphlpsvc [Missing Service]

* WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/18/2012 10:06:00 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users