Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run Windows Update, believe I am infected


  • This topic is locked This topic is locked
16 replies to this topic

#1 decklankrane

decklankrane

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 17 October 2012 - 06:13 AM

On October 15th I started getting an error message for Windows update 80072f8f. It said it was due to my time/date stamp being incorrect, however it is correct so I researched the problem further. I read an older topic reply by a Microsoft MVP Shane Stanley or something, trying to help another person who had the same problem. He said to run several virus scans. So I did that, I ran MBAM, SuperAntiSpyware and ESET Online scan. MBAM Found nothing, SAS found a trojan which it claimed was removed, and ESET which was done last, found something called OpenCandy and a variant of Win32/Toolbar.Widgi application. It stated it cleaned both of them. Windows Update still failed to function correctly, which made me dread even more and more that it was a difficult virus to remove.

I went to the microsoft support site and told an online rep about my problem and he said it could be an infected system with damaged software and that he would fix it for the price of 99 dollars. I couldn't afford it so I left. I then found this place and several nice people who seem to help out unfortunate sods like myself.

I followed all the instructions in the preperation guide. I am running windows 7 64 bit and therefore no GMER log. Here is all my info. I would like to once again thank you for any help provided.

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2
Run by Toplips at 3:59:47 on 2012-10-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2117 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {E11DB59D-5008-42ff-9069-535843BC0BE1} - <orphaned>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe
uRun: [Easy Speed PC] C:\Program Files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: MaxRecentDocs = dword:15
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{49CD94BE-836A-44CF-9C9F-0A81AC724BF5} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schanne ]
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: {E11DB59D-5008-42ff-9069-535843BC0BE1} - <orphaned>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-15 399432]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-6 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-4-5 11174400]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-4-5 343040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-14 565352]
R3 rzjoystk;Razer VJoystick;C:\Windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-10-12 50072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-31 1255736]
S4 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-4-27 759048]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]
S4 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S4 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S4 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-8-3 35840]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-2-24 21384]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-2 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-2 136176]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-5 8704]
S4 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-2-24 821592]
S4 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-8-17 72216]
S4 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-2-24 33184]
S4 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-2-24 21872]
S4 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-5-9 14544]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-17 10:06:20 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-17 09:49:34 -------- d-----w- C:\Users\Toplips\AppData\Roaming\Probit Software
2012-10-17 09:32:44 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B51A86D9-DE54-4CC7-8EB3-FB493B1339FA}\mpengine.dll
2012-10-16 16:03:46 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-16 15:10:23 -------- d-----w- C:\Users\Toplips\AppData\Local\temp
2012-10-16 15:06:42 -------- d-----w- C:\$RECYCLE.BIN
2012-10-16 14:58:25 98816 ----a-w- C:\Windows\sed.exe
2012-10-16 14:58:25 256000 ----a-w- C:\Windows\PEV.exe
2012-10-16 14:58:25 208896 ----a-w- C:\Windows\MBR.exe
2012-10-16 10:25:55 -------- d-----w- C:\Windows\System32\catroot2
2012-10-16 10:06:00 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0564442C-67C9-426D-9EA9-10BA55F0FDB4}\gapaengine.dll
2012-10-16 10:03:38 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-10-16 10:03:33 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-10-16 07:24:47 -------- d-----w- C:\Users\Toplips\AppData\Local\ElevatedDiagnostics
2012-10-16 03:16:36 -------- d-----w- C:\Windows\System32\CatRoot2_2012101632420
2012-10-16 03:08:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-16 03:08:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-16 00:31:23 -------- d-----w- C:\Program Files (x86)\Siber Systems
2012-10-15 12:09:20 -------- d-----w- C:\Users\Toplips\AppData\Roaming\SUPERAntiSpyware.com
2012-10-15 12:09:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-10-15 12:09:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-10-14 02:50:04 -------- d-----w- C:\Windows\System32\help
2012-10-11 23:30:59 -------- dc----w- C:\Users\Toplips\AppData\Local\MigWiz
2012-10-09 22:17:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-09 00:41:08 466944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
2012-10-09 00:41:08 -------- d-----w- C:\Users\Toplips\AppData\Roaming\Catalina Marketing Corp
2012-10-09 00:41:02 489712 ----a-w- C:\Users\Toplips\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-10-07 01:11:54 -------- d-----w- C:\Temp
2012-09-27 10:24:41 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
2012-09-27 10:24:41 -------- d--h--w- C:\ProgramData\CanonEPP
2012-09-27 10:24:07 -------- d-----w- C:\Program Files (x86)\Canon
2012-09-27 10:23:36 -------- d-----w- C:\Program Files\Canon
2012-09-27 09:17:15 -------- d--h--w- C:\ProgramData\CanonIJScan
2012-09-24 21:00:42 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-24 21:00:42 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-24 21:00:42 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-10-17 10:06:14 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-17 10:06:13 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-11 22:21:23 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-10-11 22:21:23 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-10-11 22:21:23 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-10-11 22:21:23 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 07:14:52 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-22 07:14:52 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-22 07:14:40 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-22 06:34:48 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-19 13:21:40 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-07-19 13:21:40 249856 ------w- C:\Windows\Setup1.exe
.
============= FINISH: 4:00:20.41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:43 PM

Posted 17 October 2012 - 11:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 18 October 2012 - 05:01 AM

Gringo, first let me thank you so much for helping me. I will follow all of your steps exactly as best as I can.

First reply is the AdwCleaner[S1] text document.

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 02:49:28
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Toplips - TOPLIPPED
# Boot Mode : Normal
# Running from : C:\Users\Toplips\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Toplips\AppData\Roaming\Mozilla\Firefox\Profiles\piuugciq.default\searchplugins\icqplugin.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Toplips\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Toplips\AppData\Roaming\Mozilla\Firefox\Profiles\piuugciq.default\ConduitCommon
Folder Deleted : C:\Users\Toplips\AppData\Roaming\Mozilla\Firefox\Profiles\piuugciq.default\CT3072253
Folder Deleted : C:\Users\Toplips\AppData\Roaming\Mozilla\Firefox\Profiles\piuugciq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\Toplips\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\69nnw7yq.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Toplips\AppData\Roaming\Mozilla\Firefox\Profiles\piuugciq.default\prefs.js

C:\Users\Toplips\AppData\Roaming\Mozilla\Firefox\Profiles\piuugciq.default\user.js ... Deleted !

Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "8-11-2011");
Deleted : user_pref("CT2786678.DSInstall", true);
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Mon Nov 07 2011 23:00:40 GMT-0800 (Pacific Standa[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Nov 08 2011 11:13:15 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT2786678.EnableClickToSearchBox", false);
Deleted : user_pref("CT2786678.EnableSearchHistory", false);
Deleted : user_pref("CT2786678.EnableSearchSuggest", false);
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 269);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "8-11-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HPInstall", false);
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Mon Nov 07 2011 23:00:39 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Mon Nov 07 2011 23:00:41 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Tue Nov 08 2011 09:00:34 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT2786678.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT2786678.SearchCaption", " ");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Mon Nov 07 2011 23:00:41 GMT-0800 (Pacific Stand[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Mon Nov 07 2011 23:00:36 GMT-0800 (Pacific Standard [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Nov 08 2011 11:13:14 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1314985690");
Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Mon Nov 07 2011 23:00:36 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.Uninstall", true);
Deleted : user_pref("CT2786678.UserID", "UN12566185938192418");
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Nov 08 2011 11:13:17 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "4D6F6E204E6F7620303720323031312032333A30303A34322[...]
Deleted : user_pref("CT2786678.backendstorage.pairingkey", "42413544414136443339333842343833373241374436423432[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32353832342C226C6162656C223A5B5D[...]
Deleted : user_pref("CT2786678.components.1000034", false);
Deleted : user_pref("CT2786678.components.1000234", false);
Deleted : user_pref("CT2786678.components.129295698017012804", false);
Deleted : user_pref("CT2786678.components.129309489763975460", false);
Deleted : user_pref("CT2786678.components.129526967958500204", false);
Deleted : user_pref("CT2786678.components.129579220236217502", false);
Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Tue Nov 08 2011 09:00:35 GMT-0800 (Pacific [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.isSearchProtectorNotifyChanges", false);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Mon Nov 07 2011 23:00:39 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon Nov 07 2011 23:00:41 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2786678.usageEnabled", false);
Deleted : user_pref("CT2786678.usagesFlag", 1);
Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "20-6-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Wed Jun 20 2012 03:41:27 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "20-6-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT3072253.InstallationId", "fft1CCF.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Wed Jun 20 2012 03:41:27 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Wed Jun 20 2012 03:41:28 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Wed Jun 20 2012 03:41:28 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Wed Jun 20 2012 03:41:28 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Wed Jun 20 2012 03:41:26 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Wed Jun 20 2012 03:41:26 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1339665152");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Jun 20 2012 03:41:26 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarDisabled", false);
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN72349543494077780");
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", 0);
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Wed Jun 20 2012 03:41:27 GMT-0700 (Pacific [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Wed Jun 20 2012 03:41:27 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Wed Jun 20 2012 03:41:28 GMT-0700 (Pacific D[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Toplips\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT3072253");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Nov 07 2011 23:00:41 GMT-0800 (Pac[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "94327ef2-ab3b-4b4c-a00a-2418b967e070");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jun 20 2012 03:41:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Nov 08 2011 01:45:10 GMT-080[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jun 20 2012 03:41:25 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "8aad3608-7614-4718-95b0-6142e66a7109");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Toplips\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [26118 octets] - [18/10/2012 02:49:28]

########## EOF - C:\AdwCleaner[S1].txt - [26179 octets] ##########

Next reply is the Security Check text file called Checkup.txt

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.1
Java™ 6 Update 31
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Thunderbird 13.0. Thunderbird out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.57
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 18 October 2012 - 05:03 AM

Next replay is the Security Check text file. (if I double posted on this one I apologize).

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.1
Java™ 6 Update 31
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Thunderbird 13.0. Thunderbird out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.57
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#5 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 18 October 2012 - 05:07 AM

Final replay is for rogue killer. Text document information below.

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Toplips [Admin rights]
Mode : Remove -- Date : 10/18/2012 03:05:22

Bad processes : 0

Registry Entries : 13
[TASK][SUSP PATH] {25A185DA-7A15-4721-A93D-DC11B1853A87} : C:\Windows\system32\pcalua.exe -a C:\Users\Toplips\Desktop\Images\NCsoftLauncherSetup.exe -d C:\Users\Toplips\Desktop\Images -> DELETED
[TASK][SUSP PATH] {5B4FD113-C1BA-4855-ADF9-64516969D1FA} : C:\Windows\system32\pcalua.exe -a C:\Users\Toplips\AppData\Local\Temp\VSD337F.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d "C:\Users\Toplips\Desktop\invt\A SMUGGLE BEAR\Downloads" -c /lang:enu /passive /norestart -> DELETED
[TASK][SUSP PATH] {802C9DA8-46DE-4480-94C5-7CFA1CF8BE52} : C:\Users\Toplips\Desktop\invt\A SMUGGLE BEAR\Downloads\NCsoftLauncherSetup.exe -> DELETED
[TASK][SUSP PATH] {91926FFD-C9A8-4120-A1D6-F0E957C47BF7} : C:\Windows\system32\pcalua.exe -a "C:\Users\Toplips\Desktop\invt\A SMUGGLE BEAR\Downloads\NCsoftLauncherSetup.exe" -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: Disk drive +++++
--- User ---
[MBR] 198e7c9277ddea88551e968d2d275f3e
[BSP] 6fee9273048d33d24cd0ac77191b79c5 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 18 October 2012 - 05:12 AM

Ok, after running all three programs windows update still gives the same error message 80072f8f and I am still unable to update MSE (same error message 80072f8f. If I have followed any of the instructions incorrectly please let me know. Thank you again ahead of time.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:43 PM

Posted 18 October 2012 - 07:33 AM

Hello decklankrane

It my take a couple of tries to get things working correctly

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 18 October 2012 - 05:15 PM

No problems with combo fix. I made sure to turn off all anti-virus/anti-spyware software. Windows Update and MSE still fail to update with error code 80072f8f. With Windows Update it still says "Most Recent Check for Updates: Never" and "Updates were Installed: Never" which is strange as when I check my "Installed Updates" tab it says my last installed update was "Security Update for Microsoft .NET framework 4 client profile (KB2446708)" which was installed on October 15th 2012.

Here is the combo fix log.

ComboFix 12-10-18.03 - Toplips 10/18/2012 14:57:32.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.3211 [GMT -7:00]
Running from: c:\users\Toplips\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-16 10:25 . 2012-10-16 10:32 -------- d-----w- c:\windows\system32\catroot2
2012-10-16 10:06 . 2012-08-07 23:18 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0564442C-67C9-426D-9EA9-10BA55F0FDB4}\gapaengine.dll
2012-10-16 10:03 . 2012-10-16 10:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-16 10:03 . 2012-10-16 10:03 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-16 07:24 . 2012-10-16 09:11 -------- d-----w- c:\users\Toplips\AppData\Local\ElevatedDiagnostics
2012-10-16 03:16 . 2012-10-16 03:19 -------- d-----w- c:\windows\system32\CatRoot2_2012101632420
2012-10-16 00:31 . 2012-10-16 00:31 -------- d-----w- c:\program files (x86)\Siber Systems
2012-10-15 12:09 . 2012-10-18 10:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-14 02:50 . 2012-10-14 02:50 -------- d-----w- c:\windows\system32\help
2012-10-11 23:30 . 2012-10-12 22:34 -------- dc----w- c:\users\Toplips\AppData\Local\MigWiz
2012-10-09 22:17 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-10-09 00:41 . 2012-10-09 00:41 466944 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\NPcol400.dll
2012-10-09 00:41 . 2012-10-09 00:41 -------- d-----w- c:\users\Toplips\AppData\Roaming\Catalina Marketing Corp
2012-10-09 00:41 . 2012-10-09 00:40 489712 ----a-w- c:\users\Toplips\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-10-07 01:11 . 2012-10-07 01:11 -------- d-----w- C:\Temp
2012-09-27 10:24 . 2012-09-27 10:24 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2012-09-27 10:24 . 2012-09-27 10:24 -------- d--h--w- c:\programdata\CanonEPP
2012-09-27 10:24 . 2012-09-27 10:28 -------- d-----w- c:\program files (x86)\Canon
2012-09-27 10:23 . 2012-09-27 10:28 -------- d-----w- c:\program files\Canon
2012-09-27 09:17 . 2012-09-27 09:17 -------- d--h--w- c:\programdata\CanonIJScan
2012-09-27 09:17 . 2012-09-27 09:17 -------- d-----w- c:\users\Toplips\AppData\Roaming\Canon
2012-09-24 21:00 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-24 21:00 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-24 21:00 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-17 10:06 . 2012-07-02 04:08 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-17 10:06 . 2010-08-01 18:29 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-11 22:21 . 2010-07-31 11:08 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-11 22:21 . 2010-07-31 11:08 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-11 22:21 . 2010-07-31 11:08 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-11 22:21 . 2010-07-31 11:08 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-09 22:21 . 2010-07-31 11:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 05:03 . 2012-08-31 05:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 07:14 . 2012-08-22 06:34 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-22 07:14 . 2011-11-28 20:59 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-22 07:14 . 2012-08-22 06:34 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-22 06:34 . 2012-08-22 06:34 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-21 09:12 . 2011-12-04 08:42 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-20 17:38 . 2012-10-09 22:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-28 15:41 . 2012-07-28 15:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B79D2BD-6506-4EED-9864-429D31F17D3E}\offreg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schanne
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R4 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-04-27 759048]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984]
R4 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R4 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R4 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-06-11 35840]
R4 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R4 esihdrv;esihdrv;c:\users\Daniel\AppData\Local\Temp\esihdrv.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 136176]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-15 8704]
R4 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R4 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-15 157184]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 07:38]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 07:38]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1230443429-1178693867-1124587801-1011Core.job
- c:\users\Toplips\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-21 19:03]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1230443429-1178693867-1124587801-1011UA.job
- c:\users\Toplips\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-21 19:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 22:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Easy Driver Pro - c:\program files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe
Wow6432Node-HKCU-Run-Easy Speed PC - c:\program files (x86)\Probit Software\Easy Speed PC\ESPCLauncher.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-FileASSASSIN - c:\users\Toplips\Desktop\FileASSASSIN\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-18 15:05:22
ComboFix-quarantined-files.txt 2012-10-18 22:05
ComboFix2.txt 2012-10-16 15:10
.
Pre-Run: 622,439,518,208 bytes free
Post-Run: 622,358,491,136 bytes free
.
- - End Of File - - EB1B66E9A27EC0A7562A45361A0D322C

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:43 PM

Posted 18 October 2012 - 06:43 PM

Hello


I have uploaded a file - I want you to download it the desktop and right click on it and select mergw


restart the computer and check windows update

Attached Files


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 19 October 2012 - 04:51 AM

I downloaded the file, selected the "Merge" option, it gave me a few prompts and I hit OK on each one. It then said it created a registry entry. I restarted my computer as instructed, then went to Windows Update and still get the same error message :(

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:43 PM

Posted 19 October 2012 - 07:53 AM

Lets see if we can fix windows update


please go here Fix Windows Update and click on the Fix It Button
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 19 October 2012 - 08:18 AM

When I try to run that file that you linked I get an error message "We're sorry, but the program encountered an error trying to contact the server" Code 80072F8F

I clicked on the link, downloaded the file and ran it, it goes through the "preparing to load" part, then it breaks with that error message.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:43 PM

Posted 19 October 2012 - 08:25 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 19 October 2012 - 05:57 PM

TDSSKiller log

15:55:57.0947 3768 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:55:58.0524 3768 ============================================================
15:55:58.0524 3768 Current date / time: 2012/10/19 15:55:58.0524
15:55:58.0524 3768 SystemInfo:
15:55:58.0524 3768
15:55:58.0524 3768 OS Version: 6.1.7601 ServicePack: 1.0
15:55:58.0524 3768 Product type: Workstation
15:55:58.0524 3768 ComputerName: TOPLIPPED
15:55:58.0524 3768 UserName: Toplips
15:55:58.0524 3768 Windows directory: C:\Windows
15:55:58.0524 3768 System windows directory: C:\Windows
15:55:58.0524 3768 Running under WOW64
15:55:58.0524 3768 Processor architecture: Intel x64
15:55:58.0524 3768 Number of processors: 4
15:55:58.0524 3768 Page size: 0x1000
15:55:58.0524 3768 Boot type: Normal boot
15:55:58.0524 3768 ============================================================
15:55:59.0757 3768 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:59.0772 3768 ============================================================
15:55:59.0772 3768 \Device\Harddisk0\DR0:
15:55:59.0772 3768 MBR partitions:
15:55:59.0772 3768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
15:55:59.0772 3768 ============================================================
15:55:59.0788 3768 C: <-> \Device\Harddisk0\DR0\Partition1
15:55:59.0788 3768 ============================================================
15:55:59.0788 3768 Initialize success
15:55:59.0788 3768 ============================================================
15:56:10.0614 3820 ============================================================
15:56:10.0614 3820 Scan started
15:56:10.0614 3820 Mode: Manual;
15:56:10.0614 3820 ============================================================
15:56:11.0067 3820 ================ Scan system memory ========================
15:56:11.0067 3820 System memory - ok
15:56:11.0067 3820 ================ Scan services =============================
15:56:11.0145 3820 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:56:11.0145 3820 1394ohci - ok
15:56:11.0207 3820 [ E4BA653119103D51744A8D7C89C10E03 ] ABBYY.Licensing.PDFTransformer.Classic.3.0 C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
15:56:11.0238 3820 ABBYY.Licensing.PDFTransformer.Classic.3.0 - ok
15:56:11.0254 3820 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:56:11.0254 3820 ACPI - ok
15:56:11.0269 3820 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:56:11.0269 3820 AcpiPmi - ok
15:56:11.0316 3820 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:11.0316 3820 AdobeARMservice - ok
15:56:11.0363 3820 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:56:11.0363 3820 adp94xx - ok
15:56:11.0379 3820 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:56:11.0379 3820 adpahci - ok
15:56:11.0410 3820 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:56:11.0410 3820 adpu320 - ok
15:56:11.0441 3820 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:56:11.0441 3820 AeLookupSvc - ok
15:56:11.0472 3820 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:56:11.0472 3820 AFD - ok
15:56:11.0488 3820 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:56:11.0488 3820 agp440 - ok
15:56:11.0503 3820 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:56:11.0503 3820 ALG - ok
15:56:11.0519 3820 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:56:11.0519 3820 aliide - ok
15:56:11.0550 3820 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:56:11.0550 3820 AMD External Events Utility - ok
15:56:11.0581 3820 AMD FUEL Service - ok
15:56:11.0597 3820 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:56:11.0597 3820 amdide - ok
15:56:11.0597 3820 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
15:56:11.0597 3820 amdiox64 - ok
15:56:11.0613 3820 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:56:11.0613 3820 AmdK8 - ok
15:56:11.0769 3820 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:56:11.0909 3820 amdkmdag - ok
15:56:11.0940 3820 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:56:11.0940 3820 amdkmdap - ok
15:56:11.0940 3820 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:56:11.0956 3820 AmdPPM - ok
15:56:11.0971 3820 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:56:11.0971 3820 amdsata - ok
15:56:11.0987 3820 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:56:11.0987 3820 amdsbs - ok
15:56:11.0987 3820 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:56:11.0987 3820 amdxata - ok
15:56:12.0018 3820 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:56:12.0018 3820 AODDriver4.01 - ok
15:56:12.0018 3820 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:56:12.0018 3820 AODDriver4.1 - ok
15:56:12.0034 3820 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:56:12.0034 3820 AppID - ok
15:56:12.0049 3820 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:56:12.0049 3820 AppIDSvc - ok
15:56:12.0065 3820 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:56:12.0065 3820 Appinfo - ok
15:56:12.0127 3820 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:56:12.0127 3820 Apple Mobile Device - ok
15:56:12.0159 3820 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:56:12.0159 3820 arc - ok
15:56:12.0174 3820 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:56:12.0174 3820 arcsas - ok
15:56:12.0237 3820 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:56:12.0237 3820 aspnet_state - ok
15:56:12.0252 3820 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:12.0252 3820 AsyncMac - ok
15:56:12.0268 3820 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:56:12.0268 3820 atapi - ok
15:56:12.0283 3820 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:56:12.0283 3820 AtiHDAudioService - ok
15:56:12.0299 3820 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:56:12.0299 3820 AtiHdmiService - ok
15:56:12.0330 3820 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:12.0346 3820 AudioEndpointBuilder - ok
15:56:12.0346 3820 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:56:12.0346 3820 AudioSrv - ok
15:56:12.0377 3820 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:56:12.0377 3820 AxInstSV - ok
15:56:12.0393 3820 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:56:12.0393 3820 b06bdrv - ok
15:56:12.0424 3820 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:12.0424 3820 b57nd60a - ok
15:56:12.0439 3820 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:56:12.0439 3820 BDESVC - ok
15:56:12.0455 3820 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:56:12.0455 3820 Beep - ok
15:56:12.0471 3820 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:56:12.0471 3820 BFE - ok
15:56:12.0502 3820 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:56:12.0517 3820 BITS - ok
15:56:12.0517 3820 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:56:12.0517 3820 blbdrive - ok
15:56:12.0549 3820 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:56:12.0549 3820 Bonjour Service - ok
15:56:12.0564 3820 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:56:12.0564 3820 bowser - ok
15:56:12.0580 3820 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:56:12.0580 3820 BrFiltLo - ok
15:56:12.0595 3820 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:56:12.0595 3820 BrFiltUp - ok
15:56:12.0627 3820 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:56:12.0627 3820 BridgeMP - ok
15:56:12.0658 3820 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:56:12.0658 3820 Browser - ok
15:56:12.0689 3820 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:56:12.0689 3820 Brserid - ok
15:56:12.0705 3820 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:12.0705 3820 BrSerWdm - ok
15:56:12.0705 3820 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:12.0705 3820 BrUsbMdm - ok
15:56:12.0720 3820 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:12.0720 3820 BrUsbSer - ok
15:56:12.0736 3820 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:56:12.0751 3820 BTHMODEM - ok
15:56:12.0751 3820 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:56:12.0751 3820 bthserv - ok
15:56:12.0783 3820 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
15:56:12.0783 3820 BVRPMPR5a64 - ok
15:56:12.0783 3820 catchme - ok
15:56:12.0798 3820 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:56:12.0798 3820 cdfs - ok
15:56:12.0829 3820 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:56:12.0829 3820 cdrom - ok
15:56:12.0845 3820 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:56:12.0845 3820 CertPropSvc - ok
15:56:12.0861 3820 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:56:12.0861 3820 circlass - ok
15:56:12.0876 3820 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:56:12.0876 3820 CLFS - ok
15:56:12.0923 3820 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:12.0923 3820 clr_optimization_v2.0.50727_32 - ok
15:56:12.0939 3820 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:12.0939 3820 clr_optimization_v2.0.50727_64 - ok
15:56:12.0985 3820 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:13.0001 3820 clr_optimization_v4.0.30319_32 - ok
15:56:13.0001 3820 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:13.0001 3820 clr_optimization_v4.0.30319_64 - ok
15:56:13.0017 3820 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:13.0017 3820 CmBatt - ok
15:56:13.0017 3820 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:56:13.0017 3820 cmdide - ok
15:56:13.0063 3820 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:56:13.0063 3820 CNG - ok
15:56:13.0063 3820 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:56:13.0079 3820 Compbatt - ok
15:56:13.0079 3820 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:56:13.0079 3820 CompositeBus - ok
15:56:13.0095 3820 COMSysApp - ok
15:56:13.0095 3820 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:56:13.0095 3820 crcdisk - ok
15:56:13.0126 3820 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:56:13.0126 3820 CryptSvc - ok
15:56:13.0157 3820 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
15:56:13.0157 3820 CT20XUT - ok
15:56:13.0157 3820 [ 229E3B8F266ABDAFD54E4A372B9D5DDC ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
15:56:13.0157 3820 CT20XUT.SYS - ok
15:56:13.0188 3820 [ EB3843A91A10150C9E05607CBCB44090 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
15:56:13.0188 3820 ctac32k - ok
15:56:13.0204 3820 [ BC06EFB59A2316537765462DFE40F764 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
15:56:13.0204 3820 ctaud2k - ok
15:56:13.0235 3820 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
15:56:13.0235 3820 CTEXFIFX - ok
15:56:13.0266 3820 [ 63B2B6CE9D3EF182981FB64BD5433DA4 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
15:56:13.0266 3820 CTEXFIFX.SYS - ok
15:56:13.0282 3820 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
15:56:13.0282 3820 CTHWIUT - ok
15:56:13.0297 3820 [ 6D115CC80873B85FD80DDA1C41F75A2C ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
15:56:13.0297 3820 CTHWIUT.SYS - ok
15:56:13.0313 3820 [ EBC9548EF5838CB5AA8F18B3AC28AF12 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
15:56:13.0313 3820 ctprxy2k - ok
15:56:13.0313 3820 [ 459BEE1682121842285C162E2D98D81A ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
15:56:13.0313 3820 ctsfm2k - ok
15:56:13.0344 3820 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:56:13.0344 3820 dc3d - ok
15:56:13.0360 3820 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:56:13.0360 3820 DcomLaunch - ok
15:56:13.0391 3820 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:56:13.0391 3820 defragsvc - ok
15:56:13.0407 3820 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:56:13.0422 3820 DfsC - ok
15:56:13.0438 3820 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:56:13.0438 3820 Dhcp - ok
15:56:13.0453 3820 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:56:13.0453 3820 discache - ok
15:56:13.0453 3820 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:56:13.0469 3820 Disk - ok
15:56:13.0485 3820 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:56:13.0485 3820 Dnscache - ok
15:56:13.0500 3820 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:56:13.0500 3820 dot3svc - ok
15:56:13.0531 3820 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:56:13.0531 3820 Dot4 - ok
15:56:13.0563 3820 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
15:56:13.0563 3820 Dot4Print - ok
15:56:13.0578 3820 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:56:13.0578 3820 dot4usb - ok
15:56:13.0578 3820 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:56:13.0578 3820 DPS - ok
15:56:13.0594 3820 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:56:13.0594 3820 drmkaud - ok
15:56:13.0625 3820 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:56:13.0625 3820 DXGKrnl - ok
15:56:13.0641 3820 EagleX64 - ok
15:56:13.0672 3820 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:56:13.0672 3820 EapHost - ok
15:56:13.0719 3820 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:56:13.0797 3820 ebdrv - ok
15:56:13.0828 3820 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:56:13.0828 3820 EFS - ok
15:56:13.0843 3820 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:56:13.0859 3820 elxstor - ok
15:56:13.0875 3820 [ C26133B6165928FBD156C6FE570F9ED2 ] emupia C:\Windows\system32\drivers\emupia2k.sys
15:56:13.0875 3820 emupia - ok
15:56:13.0875 3820 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:56:13.0875 3820 ErrDev - ok
15:56:13.0921 3820 esihdrv - ok
15:56:13.0921 3820 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:56:13.0937 3820 EventSystem - ok
15:56:13.0953 3820 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:56:13.0953 3820 exfat - ok
15:56:13.0968 3820 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:56:13.0968 3820 fastfat - ok
15:56:13.0984 3820 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:56:13.0984 3820 fdc - ok
15:56:13.0984 3820 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:56:13.0984 3820 fdPHost - ok
15:56:13.0999 3820 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:56:13.0999 3820 FDResPub - ok
15:56:14.0015 3820 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:56:14.0015 3820 FileInfo - ok
15:56:14.0077 3820 [ 060CC45CECAE2FEAFF9C8C52D8FAFAA8 ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
15:56:14.0077 3820 FileMonitor - ok
15:56:14.0093 3820 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:56:14.0093 3820 Filetrace - ok
15:56:14.0109 3820 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:56:14.0109 3820 flpydisk - ok
15:56:14.0109 3820 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:56:14.0109 3820 FltMgr - ok
15:56:14.0140 3820 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:56:14.0171 3820 FontCache - ok
15:56:14.0171 3820 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:56:14.0171 3820 FsDepends - ok
15:56:14.0187 3820 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:56:14.0187 3820 Fs_Rec - ok
15:56:14.0202 3820 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:56:14.0202 3820 fvevol - ok
15:56:14.0218 3820 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:56:14.0218 3820 gagp30kx - ok
15:56:14.0233 3820 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:56:14.0233 3820 GEARAspiWDM - ok
15:56:14.0265 3820 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:56:14.0265 3820 gpsvc - ok
15:56:14.0327 3820 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:56:14.0327 3820 gupdate - ok
15:56:14.0327 3820 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:56:14.0343 3820 gupdatem - ok
15:56:14.0358 3820 [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
15:56:14.0374 3820 ha20x2k - ok
15:56:14.0389 3820 [ 091582DA724F54830012E3FAAF2F1D1A ] Hardlock C:\Windows\system32\drivers\hardlock.sys
15:56:14.0389 3820 Hardlock - ok
15:56:14.0405 3820 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:56:14.0405 3820 hcw85cir - ok
15:56:14.0421 3820 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:56:14.0421 3820 HdAudAddService - ok
15:56:14.0436 3820 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:56:14.0436 3820 HDAudBus - ok
15:56:14.0452 3820 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:56:14.0452 3820 HidBatt - ok
15:56:14.0467 3820 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:56:14.0467 3820 HidBth - ok
15:56:14.0483 3820 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:56:14.0483 3820 HidIr - ok
15:56:14.0514 3820 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:56:14.0514 3820 hidserv - ok
15:56:14.0530 3820 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:56:14.0530 3820 HidUsb - ok
15:56:14.0561 3820 [ 5350AEF38CA2D8885F47D4455E7EF4EE ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
15:56:14.0561 3820 HiPatchService - ok
15:56:14.0577 3820 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:56:14.0592 3820 hkmsvc - ok
15:56:14.0608 3820 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:56:14.0608 3820 HomeGroupListener - ok
15:56:14.0639 3820 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:56:14.0639 3820 HomeGroupProvider - ok
15:56:14.0655 3820 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:56:14.0655 3820 HpSAMD - ok
15:56:14.0686 3820 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:56:14.0686 3820 HTTP - ok
15:56:14.0701 3820 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:56:14.0701 3820 hwpolicy - ok
15:56:14.0717 3820 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:56:14.0717 3820 i8042prt - ok
15:56:14.0748 3820 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:56:14.0748 3820 iaStorV - ok
15:56:14.0764 3820 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:56:14.0764 3820 iirsp - ok
15:56:14.0795 3820 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:56:14.0795 3820 IKEEXT - ok
15:56:14.0826 3820 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
15:56:14.0873 3820 IMFservice - ok
15:56:14.0889 3820 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:56:14.0904 3820 intelide - ok
15:56:14.0904 3820 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:56:14.0904 3820 intelppm - ok
15:56:14.0935 3820 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:56:14.0935 3820 IPBusEnum - ok
15:56:14.0951 3820 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:14.0951 3820 IpFilterDriver - ok
15:56:14.0982 3820 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:56:14.0982 3820 iphlpsvc - ok
15:56:15.0013 3820 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:56:15.0013 3820 IPMIDRV - ok
15:56:15.0029 3820 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:56:15.0029 3820 IPNAT - ok
15:56:15.0060 3820 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:56:15.0076 3820 iPod Service - ok
15:56:15.0076 3820 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:56:15.0091 3820 IRENUM - ok
15:56:15.0091 3820 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:56:15.0091 3820 isapnp - ok
15:56:15.0123 3820 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:56:15.0123 3820 iScsiPrt - ok
15:56:15.0138 3820 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:15.0138 3820 kbdclass - ok
15:56:15.0138 3820 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:56:15.0138 3820 kbdhid - ok
15:56:15.0154 3820 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:56:15.0154 3820 KeyIso - ok
15:56:15.0185 3820 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:56:15.0185 3820 KSecDD - ok
15:56:15.0201 3820 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:56:15.0201 3820 KSecPkg - ok
15:56:15.0201 3820 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:56:15.0201 3820 ksthunk - ok
15:56:15.0232 3820 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:56:15.0232 3820 KtmRm - ok
15:56:15.0263 3820 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:56:15.0263 3820 LanmanServer - ok
15:56:15.0294 3820 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:56:15.0294 3820 LanmanWorkstation - ok
15:56:15.0310 3820 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:56:15.0310 3820 LHidFilt - ok
15:56:15.0325 3820 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:56:15.0325 3820 lltdio - ok
15:56:15.0341 3820 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:56:15.0357 3820 lltdsvc - ok
15:56:15.0357 3820 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:56:15.0357 3820 lmhosts - ok
15:56:15.0388 3820 LMIInfo - ok
15:56:15.0403 3820 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
15:56:15.0403 3820 lmimirr - ok
15:56:15.0403 3820 LMIRfsClientNP - ok
15:56:15.0435 3820 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
15:56:15.0435 3820 LMIRfsDriver - ok
15:56:15.0450 3820 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:56:15.0450 3820 LMouFilt - ok
15:56:15.0466 3820 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:56:15.0466 3820 LSI_FC - ok
15:56:15.0497 3820 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:56:15.0497 3820 LSI_SAS - ok
15:56:15.0497 3820 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:56:15.0497 3820 LSI_SAS2 - ok
15:56:15.0513 3820 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:56:15.0513 3820 LSI_SCSI - ok
15:56:15.0544 3820 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:56:15.0544 3820 luafv - ok
15:56:15.0559 3820 [ 6562FCEE704F14C05F5338B147D67A16 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
15:56:15.0559 3820 LVUSBS64 - ok
15:56:15.0575 3820 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:56:15.0575 3820 megasas - ok
15:56:15.0591 3820 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:56:15.0591 3820 MegaSR - ok
15:56:15.0606 3820 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:56:15.0606 3820 MMCSS - ok
15:56:15.0622 3820 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:56:15.0622 3820 Modem - ok
15:56:15.0622 3820 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:56:15.0622 3820 monitor - ok
15:56:15.0637 3820 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:56:15.0637 3820 mouclass - ok
15:56:15.0653 3820 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:56:15.0653 3820 mouhid - ok
15:56:15.0653 3820 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:56:15.0653 3820 mountmgr - ok
15:56:15.0700 3820 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:56:15.0700 3820 MpFilter - ok
15:56:15.0715 3820 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:56:15.0715 3820 mpio - ok
15:56:15.0731 3820 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:56:15.0731 3820 mpsdrv - ok
15:56:15.0762 3820 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:56:15.0762 3820 MpsSvc - ok
15:56:15.0778 3820 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:56:15.0793 3820 MRxDAV - ok
15:56:15.0809 3820 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:15.0809 3820 mrxsmb - ok
15:56:15.0825 3820 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:15.0840 3820 mrxsmb10 - ok
15:56:15.0840 3820 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:15.0840 3820 mrxsmb20 - ok
15:56:15.0856 3820 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:56:15.0856 3820 msahci - ok
15:56:15.0871 3820 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:56:15.0871 3820 msdsm - ok
15:56:15.0887 3820 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:56:15.0887 3820 MSDTC - ok
15:56:15.0903 3820 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:56:15.0903 3820 Msfs - ok
15:56:15.0918 3820 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:56:15.0918 3820 mshidkmdf - ok
15:56:15.0934 3820 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:56:15.0934 3820 msisadrv - ok
15:56:15.0949 3820 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:56:15.0965 3820 MSiSCSI - ok
15:56:15.0965 3820 msiserver - ok
15:56:15.0981 3820 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:56:15.0981 3820 MSKSSRV - ok
15:56:16.0059 3820 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:56:16.0059 3820 MsMpSvc - ok
15:56:16.0059 3820 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:16.0059 3820 MSPCLOCK - ok
15:56:16.0074 3820 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:56:16.0074 3820 MSPQM - ok
15:56:16.0105 3820 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:56:16.0105 3820 MsRPC - ok
15:56:16.0121 3820 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:56:16.0121 3820 mssmbios - ok
15:56:16.0121 3820 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:56:16.0121 3820 MSTEE - ok
15:56:16.0152 3820 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:56:16.0152 3820 MTConfig - ok
15:56:16.0168 3820 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:56:16.0168 3820 Mup - ok
15:56:16.0183 3820 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:56:16.0183 3820 napagent - ok
15:56:16.0199 3820 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:56:16.0199 3820 NativeWifiP - ok
15:56:16.0246 3820 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:56:16.0261 3820 NDIS - ok
15:56:16.0277 3820 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:56:16.0277 3820 NdisCap - ok
15:56:16.0277 3820 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:16.0293 3820 NdisTapi - ok
15:56:16.0293 3820 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:16.0293 3820 Ndisuio - ok
15:56:16.0324 3820 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:16.0324 3820 NdisWan - ok
15:56:16.0339 3820 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:56:16.0339 3820 NDProxy - ok
15:56:16.0371 3820 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:56:16.0371 3820 Net Driver HPZ12 - ok
15:56:16.0386 3820 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:56:16.0386 3820 NetBIOS - ok
15:56:16.0386 3820 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:56:16.0402 3820 NetBT - ok
15:56:16.0402 3820 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:56:16.0402 3820 Netlogon - ok
15:56:16.0433 3820 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:56:16.0449 3820 Netman - ok
15:56:16.0464 3820 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:16.0464 3820 NetMsmqActivator - ok
15:56:16.0464 3820 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:16.0464 3820 NetPipeActivator - ok
15:56:16.0495 3820 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:56:16.0495 3820 netprofm - ok
15:56:16.0495 3820 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:16.0495 3820 NetTcpActivator - ok
15:56:16.0511 3820 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:56:16.0511 3820 NetTcpPortSharing - ok
15:56:16.0527 3820 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:56:16.0527 3820 nfrd960 - ok
15:56:16.0573 3820 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:56:16.0573 3820 NisDrv - ok
15:56:16.0620 3820 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:56:16.0620 3820 NisSrv - ok
15:56:16.0636 3820 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:56:16.0636 3820 NlaSvc - ok
15:56:16.0651 3820 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:56:16.0651 3820 Npfs - ok
15:56:16.0683 3820 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:56:16.0683 3820 nsi - ok
15:56:16.0683 3820 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:56:16.0683 3820 nsiproxy - ok
15:56:16.0729 3820 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:56:16.0745 3820 Ntfs - ok
15:56:16.0761 3820 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:56:16.0761 3820 Null - ok
15:56:16.0776 3820 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:56:16.0776 3820 nvraid - ok
15:56:16.0792 3820 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:56:16.0792 3820 nvstor - ok
15:56:16.0823 3820 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:56:16.0823 3820 nv_agp - ok
15:56:16.0901 3820 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:56:16.0901 3820 odserv - ok
15:56:16.0932 3820 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:56:16.0932 3820 ohci1394 - ok
15:56:16.0948 3820 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:16.0948 3820 ose - ok
15:56:16.0948 3820 [ 0E2DE427EBE106E7E5B52869D5C99F68 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
15:56:16.0948 3820 ossrv - ok
15:56:16.0963 3820 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:56:16.0979 3820 p2pimsvc - ok
15:56:16.0995 3820 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:56:16.0995 3820 p2psvc - ok
15:56:17.0010 3820 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:56:17.0010 3820 Parport - ok
15:56:17.0041 3820 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:56:17.0041 3820 partmgr - ok
15:56:17.0041 3820 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:56:17.0041 3820 PcaSvc - ok
15:56:17.0057 3820 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:56:17.0057 3820 pci - ok
15:56:17.0073 3820 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:56:17.0073 3820 pciide - ok
15:56:17.0088 3820 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:56:17.0088 3820 pcmcia - ok
15:56:17.0104 3820 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:56:17.0104 3820 pcw - ok
15:56:17.0119 3820 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:56:17.0135 3820 PEAUTH - ok
15:56:17.0182 3820 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:56:17.0182 3820 PerfHost - ok
15:56:17.0197 3820 [ DB5C32A4130E6B36CD6ED7A5A6C7751E ] PID_0928 C:\Windows\system32\DRIVERS\LV561V64.SYS
15:56:17.0213 3820 PID_0928 - ok
15:56:17.0244 3820 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:56:17.0275 3820 pla - ok
15:56:17.0291 3820 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:56:17.0307 3820 PlugPlay - ok
15:56:17.0322 3820 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:56:17.0322 3820 Pml Driver HPZ12 - ok
15:56:17.0338 3820 PnkBstrA - ok
15:56:17.0353 3820 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:56:17.0353 3820 PNRPAutoReg - ok
15:56:17.0369 3820 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:56:17.0369 3820 PNRPsvc - ok
15:56:17.0385 3820 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:56:17.0400 3820 PolicyAgent - ok
15:56:17.0416 3820 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:56:17.0416 3820 Power - ok
15:56:17.0447 3820 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:56:17.0447 3820 PptpMiniport - ok
15:56:17.0478 3820 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:56:17.0478 3820 Processor - ok
15:56:17.0494 3820 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:56:17.0494 3820 ProfSvc - ok
15:56:17.0509 3820 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:56:17.0509 3820 ProtectedStorage - ok
15:56:17.0525 3820 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:56:17.0525 3820 Psched - ok
15:56:17.0556 3820 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:56:17.0587 3820 ql2300 - ok
15:56:17.0603 3820 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:56:17.0603 3820 ql40xx - ok
15:56:17.0619 3820 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:56:17.0619 3820 QWAVE - ok
15:56:17.0634 3820 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:56:17.0634 3820 QWAVEdrv - ok
15:56:17.0650 3820 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:56:17.0650 3820 RasAcd - ok
15:56:17.0665 3820 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:56:17.0665 3820 RasAgileVpn - ok
15:56:17.0681 3820 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:56:17.0681 3820 RasAuto - ok
15:56:17.0697 3820 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:17.0697 3820 Rasl2tp - ok
15:56:17.0728 3820 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:56:17.0728 3820 RasMan - ok
15:56:17.0728 3820 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:17.0728 3820 RasPppoe - ok
15:56:17.0743 3820 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:56:17.0743 3820 RasSstp - ok
15:56:17.0759 3820 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:56:17.0759 3820 rdbss - ok
15:56:17.0775 3820 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:56:17.0775 3820 rdpbus - ok
15:56:17.0790 3820 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:17.0790 3820 RDPCDD - ok
15:56:17.0790 3820 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:56:17.0790 3820 RDPENCDD - ok
15:56:17.0806 3820 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:56:17.0806 3820 RDPREFMP - ok
15:56:17.0821 3820 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:56:17.0821 3820 RDPWD - ok
15:56:17.0837 3820 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:56:17.0837 3820 rdyboost - ok
15:56:17.0915 3820 [ C7DE6F41B1A734EA70BD2DC67235BECC ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
15:56:17.0915 3820 RegFilter - ok
15:56:17.0946 3820 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:56:17.0946 3820 RemoteAccess - ok
15:56:17.0962 3820 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:56:17.0962 3820 RemoteRegistry - ok
15:56:17.0977 3820 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:56:17.0977 3820 RpcEptMapper - ok
15:56:17.0993 3820 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:56:17.0993 3820 RpcLocator - ok
15:56:18.0009 3820 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:56:18.0009 3820 RpcSs - ok
15:56:18.0024 3820 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:56:18.0024 3820 rspndr - ok
15:56:18.0055 3820 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:56:18.0055 3820 RTL8167 - ok
15:56:18.0087 3820 [ B674400273552406F11A02387222CD0F ] rzjoystk C:\Windows\system32\DRIVERS\rzjoystk.sys
15:56:18.0087 3820 rzjoystk - ok
15:56:18.0102 3820 [ 95CBC73E98F4A5EF4366DBB4B4E5D436 ] RzSynapse C:\Windows\system32\DRIVERS\RzSynapse.sys
15:56:18.0102 3820 RzSynapse - ok
15:56:18.0118 3820 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:56:18.0118 3820 SamSs - ok
15:56:18.0133 3820 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:56:18.0133 3820 sbp2port - ok
15:56:18.0165 3820 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:56:18.0165 3820 SCardSvr - ok
15:56:18.0180 3820 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:56:18.0196 3820 scfilter - ok
15:56:18.0211 3820 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:56:18.0227 3820 Schedule - ok
15:56:18.0258 3820 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:56:18.0258 3820 SCPolicySvc - ok
15:56:18.0289 3820 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:56:18.0289 3820 SDRSVC - ok
15:56:18.0289 3820 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:56:18.0289 3820 secdrv - ok
15:56:18.0305 3820 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:56:18.0321 3820 seclogon - ok
15:56:18.0321 3820 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:56:18.0321 3820 SENS - ok
15:56:18.0336 3820 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:56:18.0336 3820 SensrSvc - ok
15:56:18.0352 3820 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:56:18.0352 3820 Serenum - ok
15:56:18.0352 3820 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:56:18.0352 3820 Serial - ok
15:56:18.0367 3820 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:56:18.0367 3820 sermouse - ok
15:56:18.0383 3820 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:56:18.0399 3820 SessionEnv - ok
15:56:18.0414 3820 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:56:18.0414 3820 sffdisk - ok
15:56:18.0430 3820 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:56:18.0430 3820 sffp_mmc - ok
15:56:18.0430 3820 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:56:18.0430 3820 sffp_sd - ok
15:56:18.0445 3820 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:56:18.0445 3820 sfloppy - ok
15:56:18.0477 3820 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:56:18.0477 3820 SharedAccess - ok
15:56:18.0492 3820 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:56:18.0508 3820 ShellHWDetection - ok
15:56:18.0508 3820 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:56:18.0523 3820 SiSRaid2 - ok
15:56:18.0539 3820 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:56:18.0539 3820 SiSRaid4 - ok
15:56:18.0539 3820 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:56:18.0539 3820 Smb - ok
15:56:18.0555 3820 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:56:18.0555 3820 SNMPTRAP - ok
15:56:18.0570 3820 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:56:18.0570 3820 spldr - ok
15:56:18.0601 3820 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:56:18.0617 3820 Spooler - ok
15:56:18.0679 3820 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:56:18.0726 3820 sppsvc - ok
15:56:18.0757 3820 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:56:18.0757 3820 sppuinotify - ok
15:56:18.0789 3820 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:56:18.0789 3820 srv - ok
15:56:18.0804 3820 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:56:18.0804 3820 srv2 - ok
15:56:18.0820 3820 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:56:18.0820 3820 srvnet - ok
15:56:18.0835 3820 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:56:18.0835 3820 SSDPSRV - ok
15:56:18.0835 3820 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:56:18.0851 3820 SstpSvc - ok
15:56:18.0851 3820 Steam Client Service - ok
15:56:18.0867 3820 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:56:18.0867 3820 stexstor - ok
15:56:18.0882 3820 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:56:18.0898 3820 stisvc - ok
15:56:18.0913 3820 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:56:18.0913 3820 swenum - ok
15:56:18.0929 3820 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:56:18.0929 3820 swprv - ok
15:56:18.0976 3820 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:56:19.0007 3820 SysMain - ok
15:56:19.0023 3820 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:56:19.0023 3820 TabletInputService - ok
15:56:19.0038 3820 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:56:19.0038 3820 TapiSrv - ok
15:56:19.0054 3820 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:56:19.0054 3820 TBS - ok
15:56:19.0101 3820 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:56:19.0116 3820 Tcpip - ok
15:56:19.0147 3820 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:56:19.0147 3820 TCPIP6 - ok
15:56:19.0179 3820 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:56:19.0179 3820 tcpipreg - ok
15:56:19.0179 3820 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:56:19.0194 3820 TDPIPE - ok
15:56:19.0194 3820 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:56:19.0210 3820 TDTCP - ok
15:56:19.0210 3820 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:56:19.0225 3820 tdx - ok
15:56:19.0225 3820 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:56:19.0225 3820 TermDD - ok
15:56:19.0257 3820 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:56:19.0257 3820 TermService - ok
15:56:19.0272 3820 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:56:19.0272 3820 Themes - ok
15:56:19.0288 3820 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:56:19.0288 3820 THREADORDER - ok
15:56:19.0303 3820 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:56:19.0319 3820 TrkWks - ok
15:56:19.0335 3820 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:56:19.0335 3820 TrustedInstaller - ok
15:56:19.0350 3820 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:56:19.0350 3820 tssecsrv - ok
15:56:19.0366 3820 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:56:19.0366 3820 TsUsbFlt - ok
15:56:19.0381 3820 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:56:19.0397 3820 tunnel - ok
15:56:19.0397 3820 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:56:19.0397 3820 uagp35 - ok
15:56:19.0428 3820 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:56:19.0428 3820 udfs - ok
15:56:19.0444 3820 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:56:19.0444 3820 UI0Detect - ok
15:56:19.0459 3820 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:56:19.0459 3820 uliagpkx - ok
15:56:19.0475 3820 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:56:19.0475 3820 umbus - ok
15:56:19.0475 3820 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:56:19.0475 3820 UmPass - ok
15:56:19.0491 3820 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:56:19.0506 3820 upnphost - ok
15:56:19.0522 3820 [ 82520FE7A49765E76281DCC7D90C09F6 ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
15:56:19.0522 3820 UrlFilter - ok
15:56:19.0537 3820 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:56:19.0553 3820 USBAAPL64 - ok
15:56:19.0569 3820 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:56:19.0569 3820 usbaudio - ok
15:56:19.0584 3820 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:56:19.0584 3820 usbccgp - ok
15:56:19.0600 3820 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:56:19.0600 3820 usbcir - ok
15:56:19.0631 3820 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:56:19.0631 3820 usbehci - ok
15:56:19.0647 3820 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
15:56:19.0647 3820 UsbFltr - ok
15:56:19.0662 3820 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:56:19.0662 3820 usbhub - ok
15:56:19.0678 3820 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:56:19.0678 3820 usbohci - ok
15:56:19.0709 3820 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:56:19.0709 3820 usbprint - ok
15:56:19.0725 3820 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:56:19.0725 3820 usbscan - ok
15:56:19.0740 3820 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:56:19.0740 3820 USBSTOR - ok
15:56:19.0756 3820 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:56:19.0756 3820 usbuhci - ok
15:56:19.0771 3820 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:56:19.0771 3820 UxSms - ok
15:56:19.0787 3820 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:56:19.0787 3820 VaultSvc - ok
15:56:19.0787 3820 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:56:19.0787 3820 vdrvroot - ok
15:56:19.0818 3820 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:56:19.0818 3820 vds - ok
15:56:19.0834 3820 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:56:19.0849 3820 vga - ok
15:56:19.0849 3820 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:56:19.0849 3820 VgaSave - ok
15:56:19.0865 3820 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:56:19.0865 3820 vhdmp - ok
15:56:19.0896 3820 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:56:19.0896 3820 viaide - ok
15:56:19.0912 3820 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:56:19.0912 3820 volmgr - ok
15:56:19.0927 3820 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:56:19.0927 3820 volmgrx - ok
15:56:19.0959 3820 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:56:19.0959 3820 volsnap - ok
15:56:19.0974 3820 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:56:19.0974 3820 vsmraid - ok
15:56:20.0005 3820 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:56:20.0021 3820 VSS - ok
15:56:20.0037 3820 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:56:20.0037 3820 vwifibus - ok
15:56:20.0052 3820 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:56:20.0052 3820 W32Time - ok
15:56:20.0068 3820 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:56:20.0068 3820 WacomPen - ok
15:56:20.0068 3820 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:56:20.0068 3820 WANARP - ok
15:56:20.0083 3820 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:56:20.0083 3820 Wanarpv6 - ok
15:56:20.0130 3820 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:56:20.0146 3820 WatAdminSvc - ok
15:56:20.0177 3820 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:56:20.0208 3820 wbengine - ok
15:56:20.0224 3820 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:56:20.0224 3820 WbioSrvc - ok
15:56:20.0239 3820 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:56:20.0239 3820 wcncsvc - ok
15:56:20.0271 3820 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:56:20.0271 3820 WcsPlugInService - ok
15:56:20.0271 3820 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:56:20.0271 3820 Wd - ok
15:56:20.0302 3820 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:56:20.0302 3820 Wdf01000 - ok
15:56:20.0317 3820 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:56:20.0317 3820 WdiServiceHost - ok
15:56:20.0317 3820 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:56:20.0317 3820 WdiSystemHost - ok
15:56:20.0333 3820 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:56:20.0333 3820 WebClient - ok
15:56:20.0364 3820 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:56:20.0364 3820 Wecsvc - ok
15:56:20.0380 3820 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:56:20.0380 3820 wercplsupport - ok
15:56:20.0395 3820 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:56:20.0395 3820 WerSvc - ok
15:56:20.0395 3820 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:56:20.0395 3820 WfpLwf - ok
15:56:20.0411 3820 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:56:20.0411 3820 WIMMount - ok
15:56:20.0427 3820 WinDefend - ok
15:56:20.0427 3820 WinHttpAutoProxySvc - ok
15:56:20.0473 3820 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:56:20.0473 3820 Winmgmt - ok
15:56:20.0505 3820 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
15:56:20.0505 3820 WinRing0_1_2_0 - ok
15:56:20.0551 3820 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:56:20.0567 3820 WinRM - ok
15:56:20.0598 3820 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:56:20.0598 3820 WinUsb - ok
15:56:20.0614 3820 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:56:20.0629 3820 Wlansvc - ok
15:56:20.0707 3820 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:56:20.0754 3820 wlidsvc - ok
15:56:20.0770 3820 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:56:20.0770 3820 WmiAcpi - ok
15:56:20.0785 3820 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:56:20.0785 3820 wmiApSrv - ok
15:56:20.0801 3820 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:56:20.0801 3820 WPCSvc - ok
15:56:20.0832 3820 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:56:20.0832 3820 WPDBusEnum - ok
15:56:20.0832 3820 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:56:20.0832 3820 ws2ifsl - ok
15:56:20.0848 3820 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:56:20.0863 3820 wscsvc - ok
15:56:20.0863 3820 WSearch - ok
15:56:20.0926 3820 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:56:20.0941 3820 wuauserv - ok
15:56:20.0957 3820 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:56:20.0957 3820 WudfPf - ok
15:56:20.0973 3820 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:56:20.0973 3820 WUDFRd - ok
15:56:20.0988 3820 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:56:20.0988 3820 wudfsvc - ok
15:56:21.0019 3820 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:56:21.0019 3820 WwanSvc - ok
15:56:21.0035 3820 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
15:56:21.0035 3820 xusb21 - ok
15:56:21.0035 3820 ================ Scan global ===============================
15:56:21.0066 3820 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:56:21.0097 3820 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:56:21.0113 3820 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:56:21.0113 3820 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:56:21.0144 3820 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:56:21.0144 3820 [Global] - ok
15:56:21.0144 3820 ================ Scan MBR ==================================
15:56:21.0144 3820 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:56:21.0269 3820 \Device\Harddisk0\DR0 - ok
15:56:21.0269 3820 ================ Scan VBR ==================================
15:56:21.0285 3820 [ 7D6970F384C9DB574138BD4445994CA0 ] \Device\Harddisk0\DR0\Partition1
15:56:21.0285 3820 \Device\Harddisk0\DR0\Partition1 - ok
15:56:21.0285 3820 ============================================================
15:56:21.0285 3820 Scan finished
15:56:21.0285 3820 ============================================================
15:56:21.0285 3812 Detected object count: 0
15:56:21.0285 3812 Actual detected object count: 0

#15 decklankrane

decklankrane
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 19 October 2012 - 07:04 PM

ASWmbr Log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-19 15:57:36
-----------------------------
15:57:36.711 OS Version: Windows x64 6.1.7601 Service Pack 1
15:57:36.711 Number of processors: 4 586 0x402
15:57:36.711 ComputerName: TOPLIPPED UserName: Toplips
15:57:42.124 Initialize success
15:58:50.067 AVAST engine defs: 12101901
15:58:53.545 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:58:53.545 Disk 0 Vendor: ST31000528AS CC3E Size: 953868MB BusType: 3
15:58:53.592 Disk 0 MBR read successfully
15:58:53.592 Disk 0 MBR scan
15:58:53.592 Disk 0 Windows 7 default MBR code
15:58:53.623 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953866 MB offset 2048
15:58:53.717 Disk 0 scanning C:\Windows\system32\drivers
15:59:07.211 Service scanning
15:59:31.022 Modules scanning
15:59:31.022 Disk 0 trace - called modules:
15:59:31.038 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:59:31.038 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a51060]
15:59:31.038 3 CLASSPNP.SYS[fffff8800187443f] -> nt!IofCallDriver -> [0xfffffa8003acd9b0]
15:59:31.038 5 ACPI.sys[fffff88000e817a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003ae9060]
15:59:32.286 AVAST engine scan C:\Windows
15:59:36.576 AVAST engine scan C:\Windows\system32
16:02:53.697 AVAST engine scan C:\Windows\system32\drivers
16:03:08.376 AVAST engine scan C:\Users\Toplips
16:38:04.115 AVAST engine scan C:\ProgramData
16:44:45.036 Scan finished successfully
17:02:38.437 Disk 0 MBR has been saved successfully to "C:\Users\Toplips\Desktop\MBR.dat"
17:02:38.499 The log file has been saved successfully to "C:\Users\Toplips\Desktop\aswMBR2.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users