Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer problem help needed please


  • Please log in to reply
18 replies to this topic

#1 AdamP123

AdamP123

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 06:39 AM

Hi Guys,

I'm new to the forum but I have used Bleeping Computer.com before to help get rid of virus and its been brilliant, until now and I require a bit more help please.

My browser started to run slower and slower until finally yesterday I got an error occur. It was a file restore fake program, when I ran Avast in boot up scan mode and it said I had MBR:SST. I choose delete on the options. When my pc loaded up after the boot scan I was able to remove the File restore thanks to Rkill, Malwarebytes and TDsskiller, however I don't think the MBR:SST has gone as Iím unable to update windows and it looks like windows hasnt updated in the last month. Iíve run Rkill since and it find 4 missing file and a local host 127.0.01. Iíve since ran Malwarebytes and Avast again and they both say its clean. I've also ran TDsskiller again and found nothing, but my windows won't update and my browser still running slow.

Any help would be greatly appreciated

Thanks

Adam

BC AdBot (Login to Remove)

 


#2 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 07:49 AM

I've just finished running Microsoft Safety Scanner and it found two trojans

Win32/Alureon.FA
Win32/Alureon.FF

It says they been partly removed but i need to manuel remove the rest. I've tried googling how to remove them but there doesn't seem to be an answer, i've ran TDsskiller and it doesn't find them, am i best renaming malwarebytes in the hope it finds them?

Edited by Orange Blossom, 10 November 2012 - 10:18 AM.
Moved to AII from Windows 7. ~ OB


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:46 AM

Posted 10 November 2012 - 08:02 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 08:10 AM

Hi Narenxp,

Thank you for your help,

so i don't get this wrong before i post logs, i just wanted to check if i just copy and paste the log reports?

Edited by AdamP123, 10 November 2012 - 08:11 AM.


#5 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 08:19 AM

Sorry if this is in the wrong place

Here is the log report from TDSSkiller

13:03:50.0636 5644 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:03:50.0870 5644 ============================================================
13:03:50.0870 5644 Current date / time: 2012/11/10 13:03:50.0870
13:03:50.0870 5644 SystemInfo:
13:03:50.0870 5644
13:03:50.0870 5644 OS Version: 6.1.7600 ServicePack: 0.0
13:03:50.0870 5644 Product type: Workstation
13:03:50.0870 5644 ComputerName: ADAM-PC
13:03:50.0870 5644 UserName: Adam
13:03:50.0870 5644 Windows directory: C:\Windows
13:03:50.0870 5644 System windows directory: C:\Windows
13:03:50.0870 5644 Running under WOW64
13:03:50.0870 5644 Processor architecture: Intel x64
13:03:50.0870 5644 Number of processors: 4
13:03:50.0870 5644 Page size: 0x1000
13:03:50.0870 5644 Boot type: Normal boot
13:03:50.0870 5644 ============================================================
13:03:52.0945 5644 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x1273D, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
13:03:52.0960 5644 ============================================================
13:03:52.0960 5644 \Device\Harddisk0\DR0:
13:03:52.0960 5644 MBR partitions:
13:03:52.0960 5644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:03:52.0960 5644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1328B700
13:03:52.0960 5644 ============================================================
13:03:53.0023 5644 C: <-> \Device\Harddisk0\DR0\Partition2
13:03:53.0023 5644 ============================================================
13:03:53.0023 5644 Initialize success
13:03:53.0023 5644 ============================================================
13:04:20.0453 3472 ============================================================
13:04:20.0453 3472 Scan started
13:04:20.0453 3472 Mode: Manual; TDLFS;
13:04:20.0453 3472 ============================================================
13:04:20.0594 3472 ================ Scan system memory ========================
13:04:20.0594 3472 System memory - ok
13:04:20.0594 3472 ================ Scan services =============================
13:04:20.0656 3472 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:04:20.0656 3472 1394ohci - ok
13:04:20.0687 3472 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
13:04:20.0703 3472 ACPI - ok
13:04:20.0718 3472 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
13:04:20.0718 3472 AcpiPmi - ok
13:04:20.0812 3472 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:04:20.0812 3472 AdobeARMservice - ok
13:04:20.0843 3472 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:04:20.0859 3472 adp94xx - ok
13:04:20.0890 3472 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:04:20.0906 3472 adpahci - ok
13:04:20.0921 3472 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:04:20.0921 3472 adpu320 - ok
13:04:20.0952 3472 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:04:20.0952 3472 AeLookupSvc - ok
13:04:20.0984 3472 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
13:04:20.0999 3472 AFD - ok
13:04:21.0030 3472 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
13:04:21.0030 3472 agp440 - ok
13:04:21.0046 3472 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:04:21.0046 3472 ALG - ok
13:04:21.0062 3472 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
13:04:21.0062 3472 aliide - ok
13:04:21.0108 3472 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:04:21.0108 3472 AMD External Events Utility - ok
13:04:21.0140 3472 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
13:04:21.0140 3472 amdide - ok
13:04:21.0155 3472 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:04:21.0155 3472 AmdK8 - ok
13:04:21.0436 3472 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:04:21.0654 3472 amdkmdag - ok
13:04:21.0686 3472 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:04:21.0701 3472 amdkmdap - ok
13:04:21.0717 3472 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:04:21.0717 3472 AmdPPM - ok
13:04:21.0748 3472 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:04:21.0748 3472 amdsata - ok
13:04:21.0764 3472 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:04:21.0764 3472 amdsbs - ok
13:04:21.0779 3472 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:04:21.0779 3472 amdxata - ok
13:04:21.0795 3472 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
13:04:21.0795 3472 AppID - ok
13:04:21.0810 3472 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:04:21.0810 3472 AppIDSvc - ok
13:04:21.0842 3472 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
13:04:21.0842 3472 Appinfo - ok
13:04:21.0935 3472 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:04:21.0935 3472 Apple Mobile Device - ok
13:04:21.0951 3472 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:04:21.0951 3472 AppMgmt - ok
13:04:21.0966 3472 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:04:21.0966 3472 arc - ok
13:04:21.0982 3472 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:04:21.0982 3472 arcsas - ok
13:04:22.0013 3472 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
13:04:22.0013 3472 aswFsBlk - ok
13:04:22.0060 3472 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:04:22.0060 3472 aswMonFlt - ok
13:04:22.0107 3472 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
13:04:22.0107 3472 aswRdr - ok
13:04:22.0169 3472 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:04:22.0185 3472 aswSnx - ok
13:04:22.0232 3472 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:04:22.0232 3472 aswSP - ok
13:04:22.0263 3472 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:04:22.0263 3472 aswTdi - ok
13:04:22.0278 3472 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:04:22.0278 3472 AsyncMac - ok
13:04:22.0294 3472 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
13:04:22.0294 3472 atapi - ok
13:04:22.0559 3472 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:04:22.0622 3472 atikmdag - ok
13:04:22.0653 3472 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:04:22.0684 3472 AudioEndpointBuilder - ok
13:04:22.0700 3472 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:04:22.0700 3472 AudioSrv - ok
13:04:22.0778 3472 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:04:22.0778 3472 avast! Antivirus - ok
13:04:22.0809 3472 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:04:22.0809 3472 AxInstSV - ok
13:04:22.0824 3472 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:04:22.0840 3472 b06bdrv - ok
13:04:22.0856 3472 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:04:22.0856 3472 b57nd60a - ok
13:04:22.0887 3472 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:04:22.0887 3472 BDESVC - ok
13:04:22.0887 3472 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:04:22.0887 3472 Beep - ok
13:04:22.0918 3472 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
13:04:22.0934 3472 BFE - ok
13:04:22.0980 3472 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
13:04:23.0012 3472 BITS - ok
13:04:23.0027 3472 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:04:23.0043 3472 blbdrive - ok
13:04:23.0105 3472 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:04:23.0121 3472 Bonjour Service - ok
13:04:23.0168 3472 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:04:23.0168 3472 bowser - ok
13:04:23.0183 3472 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:04:23.0183 3472 BrFiltLo - ok
13:04:23.0199 3472 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:04:23.0199 3472 BrFiltUp - ok
13:04:23.0246 3472 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:04:23.0246 3472 BridgeMP - ok
13:04:23.0277 3472 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
13:04:23.0277 3472 Browser - ok
13:04:23.0308 3472 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:04:23.0324 3472 Brserid - ok
13:04:23.0339 3472 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:04:23.0339 3472 BrSerWdm - ok
13:04:23.0355 3472 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:04:23.0355 3472 BrUsbMdm - ok
13:04:23.0370 3472 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:04:23.0370 3472 BrUsbSer - ok
13:04:23.0386 3472 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:04:23.0386 3472 BTHMODEM - ok
13:04:23.0402 3472 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:04:23.0402 3472 bthserv - ok
13:04:23.0417 3472 catchme - ok
13:04:23.0433 3472 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:04:23.0448 3472 cdfs - ok
13:04:23.0448 3472 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:04:23.0464 3472 cdrom - ok
13:04:23.0480 3472 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
13:04:23.0480 3472 CertPropSvc - ok
13:04:23.0495 3472 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:04:23.0495 3472 circlass - ok
13:04:23.0526 3472 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:04:23.0542 3472 CLFS - ok
13:04:23.0604 3472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:04:23.0604 3472 clr_optimization_v2.0.50727_32 - ok
13:04:23.0651 3472 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:04:23.0651 3472 clr_optimization_v2.0.50727_64 - ok
13:04:23.0729 3472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:04:23.0729 3472 clr_optimization_v4.0.30319_32 - ok
13:04:23.0760 3472 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:04:23.0760 3472 clr_optimization_v4.0.30319_64 - ok
13:04:23.0776 3472 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:04:23.0792 3472 CmBatt - ok
13:04:23.0807 3472 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
13:04:23.0807 3472 cmdide - ok
13:04:23.0838 3472 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
13:04:23.0854 3472 CNG - ok
13:04:23.0870 3472 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:04:23.0870 3472 Compbatt - ok
13:04:23.0885 3472 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:04:23.0885 3472 CompositeBus - ok
13:04:23.0885 3472 COMSysApp - ok
13:04:23.0901 3472 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:04:23.0901 3472 crcdisk - ok
13:04:23.0948 3472 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:04:23.0948 3472 CryptSvc - ok
13:04:23.0979 3472 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
13:04:24.0010 3472 CSC - ok
13:04:24.0026 3472 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
13:04:24.0041 3472 CscService - ok
13:04:24.0088 3472 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:04:24.0104 3472 DcomLaunch - ok
13:04:24.0104 3472 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:04:24.0119 3472 defragsvc - ok
13:04:24.0150 3472 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:04:24.0166 3472 DfsC - ok
13:04:24.0182 3472 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
13:04:24.0182 3472 Dhcp - ok
13:04:24.0197 3472 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:04:24.0197 3472 discache - ok
13:04:24.0213 3472 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:04:24.0213 3472 Disk - ok
13:04:24.0244 3472 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:04:24.0244 3472 Dnscache - ok
13:04:24.0275 3472 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
13:04:24.0275 3472 dot3svc - ok
13:04:24.0306 3472 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
13:04:24.0306 3472 DPS - ok
13:04:24.0338 3472 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:04:24.0338 3472 drmkaud - ok
13:04:24.0400 3472 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:04:24.0431 3472 DXGKrnl - ok
13:04:24.0447 3472 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:04:24.0447 3472 EapHost - ok
13:04:24.0556 3472 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:04:24.0634 3472 ebdrv - ok
13:04:24.0665 3472 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
13:04:24.0665 3472 EFS - ok
13:04:24.0728 3472 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:04:24.0743 3472 ehRecvr - ok
13:04:24.0774 3472 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:04:24.0774 3472 ehSched - ok
13:04:24.0790 3472 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:04:24.0821 3472 elxstor - ok
13:04:24.0837 3472 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
13:04:24.0837 3472 ErrDev - ok
13:04:24.0884 3472 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:04:24.0899 3472 EventSystem - ok
13:04:24.0915 3472 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:04:24.0915 3472 exfat - ok
13:04:24.0930 3472 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:04:24.0946 3472 fastfat - ok
13:04:24.0977 3472 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
13:04:24.0993 3472 Fax - ok
13:04:25.0008 3472 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:04:25.0024 3472 fdc - ok
13:04:25.0024 3472 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:04:25.0040 3472 fdPHost - ok
13:04:25.0040 3472 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:04:25.0055 3472 FDResPub - ok
13:04:25.0055 3472 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:04:25.0055 3472 FileInfo - ok
13:04:25.0086 3472 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:04:25.0086 3472 Filetrace - ok
13:04:25.0086 3472 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:04:25.0086 3472 flpydisk - ok
13:04:25.0118 3472 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:04:25.0133 3472 FltMgr - ok
13:04:25.0196 3472 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
13:04:25.0227 3472 FontCache - ok
13:04:25.0305 3472 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:04:25.0305 3472 FontCache3.0.0.0 - ok
13:04:25.0320 3472 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:04:25.0320 3472 FsDepends - ok
13:04:25.0352 3472 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:04:25.0352 3472 Fs_Rec - ok
13:04:25.0398 3472 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:04:25.0398 3472 fvevol - ok
13:04:25.0414 3472 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:04:25.0414 3472 gagp30kx - ok
13:04:25.0445 3472 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:04:25.0445 3472 GEARAspiWDM - ok
13:04:25.0492 3472 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
13:04:25.0523 3472 gpsvc - ok
13:04:25.0539 3472 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:04:25.0539 3472 hcw85cir - ok
13:04:25.0586 3472 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:04:25.0601 3472 HdAudAddService - ok
13:04:25.0632 3472 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:04:25.0632 3472 HDAudBus - ok
13:04:25.0664 3472 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:04:25.0664 3472 HidBatt - ok
13:04:25.0679 3472 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:04:25.0695 3472 HidBth - ok
13:04:25.0710 3472 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:04:25.0710 3472 HidIr - ok
13:04:25.0710 3472 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:04:25.0726 3472 hidserv - ok
13:04:25.0742 3472 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:04:25.0742 3472 HidUsb - ok
13:04:25.0773 3472 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:04:25.0773 3472 hkmsvc - ok
13:04:25.0788 3472 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:04:25.0804 3472 HomeGroupListener - ok
13:04:25.0835 3472 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:04:25.0835 3472 HomeGroupProvider - ok
13:04:25.0851 3472 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
13:04:25.0851 3472 HpSAMD - ok
13:04:25.0882 3472 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:04:25.0898 3472 HTTP - ok
13:04:25.0913 3472 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:04:25.0913 3472 hwpolicy - ok
13:04:25.0929 3472 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:04:25.0929 3472 i8042prt - ok
13:04:25.0976 3472 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:04:25.0991 3472 iaStorV - ok
13:04:26.0054 3472 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:04:26.0069 3472 idsvc - ok
13:04:26.0085 3472 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:04:26.0085 3472 iirsp - ok
13:04:26.0132 3472 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
13:04:26.0147 3472 IKEEXT - ok
13:04:26.0225 3472 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:04:26.0272 3472 IntcAzAudAddService - ok
13:04:26.0288 3472 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:04:26.0288 3472 intelide - ok
13:04:26.0303 3472 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:04:26.0303 3472 intelppm - ok
13:04:26.0334 3472 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:04:26.0334 3472 IPBusEnum - ok
13:04:26.0350 3472 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:04:26.0366 3472 IpFilterDriver - ok
13:04:26.0381 3472 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:04:26.0397 3472 iphlpsvc - ok
13:04:26.0412 3472 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:04:26.0428 3472 IPMIDRV - ok
13:04:26.0444 3472 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:04:26.0444 3472 IPNAT - ok
13:04:26.0506 3472 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:04:26.0537 3472 iPod Service - ok
13:04:26.0553 3472 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:04:26.0553 3472 IRENUM - ok
13:04:26.0584 3472 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
13:04:26.0584 3472 isapnp - ok
13:04:26.0600 3472 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:04:26.0615 3472 iScsiPrt - ok
13:04:26.0646 3472 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:04:26.0662 3472 kbdclass - ok
13:04:26.0678 3472 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:04:26.0693 3472 kbdhid - ok
13:04:26.0709 3472 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
13:04:26.0709 3472 KeyIso - ok
13:04:26.0756 3472 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:04:26.0771 3472 KSecDD - ok
13:04:26.0818 3472 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:04:26.0834 3472 KSecPkg - ok
13:04:26.0865 3472 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:04:26.0880 3472 ksthunk - ok
13:04:26.0927 3472 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:04:26.0943 3472 KtmRm - ok
13:04:26.0990 3472 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:04:27.0005 3472 LanmanServer - ok
13:04:27.0052 3472 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:04:27.0052 3472 LanmanWorkstation - ok
13:04:27.0068 3472 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:04:27.0068 3472 lltdio - ok
13:04:27.0099 3472 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:04:27.0130 3472 lltdsvc - ok
13:04:27.0146 3472 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:04:27.0146 3472 lmhosts - ok
13:04:27.0161 3472 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:04:27.0161 3472 LSI_FC - ok
13:04:27.0177 3472 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:04:27.0177 3472 LSI_SAS - ok
13:04:27.0192 3472 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:04:27.0192 3472 LSI_SAS2 - ok
13:04:27.0224 3472 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:04:27.0224 3472 LSI_SCSI - ok
13:04:27.0239 3472 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:04:27.0239 3472 luafv - ok
13:04:27.0286 3472 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:04:27.0286 3472 MBAMProtector - ok
13:04:27.0364 3472 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:04:27.0380 3472 MBAMScheduler - ok
13:04:27.0426 3472 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:04:27.0442 3472 MBAMService - ok
13:04:27.0473 3472 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:04:27.0473 3472 Mcx2Svc - ok
13:04:27.0520 3472 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:04:27.0520 3472 megasas - ok
13:04:27.0567 3472 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:04:27.0567 3472 MegaSR - ok
13:04:27.0645 3472 Microsoft SharePoint Workspace Audit Service - ok
13:04:27.0676 3472 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:04:27.0676 3472 MMCSS - ok
13:04:27.0707 3472 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:04:27.0707 3472 Modem - ok
13:04:27.0723 3472 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:04:27.0723 3472 monitor - ok
13:04:27.0754 3472 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:04:27.0754 3472 mouclass - ok
13:04:27.0754 3472 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:04:27.0754 3472 mouhid - ok
13:04:27.0770 3472 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:04:27.0770 3472 mountmgr - ok
13:04:27.0848 3472 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:04:27.0848 3472 MozillaMaintenance - ok
13:04:27.0879 3472 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:04:27.0879 3472 MpFilter - ok
13:04:27.0894 3472 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
13:04:27.0894 3472 mpio - ok
13:04:27.0910 3472 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:04:27.0910 3472 mpsdrv - ok
13:04:27.0941 3472 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:04:27.0972 3472 MpsSvc - ok
13:04:27.0988 3472 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:04:27.0988 3472 MRxDAV - ok
13:04:28.0035 3472 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:04:28.0035 3472 mrxsmb - ok
13:04:28.0082 3472 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:04:28.0097 3472 mrxsmb10 - ok
13:04:28.0113 3472 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:04:28.0113 3472 mrxsmb20 - ok
13:04:28.0113 3472 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
13:04:28.0113 3472 msahci - ok
13:04:28.0128 3472 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
13:04:28.0144 3472 msdsm - ok
13:04:28.0160 3472 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:04:28.0160 3472 MSDTC - ok
13:04:28.0191 3472 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:04:28.0191 3472 Msfs - ok
13:04:28.0191 3472 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:04:28.0206 3472 mshidkmdf - ok
13:04:28.0222 3472 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
13:04:28.0222 3472 msisadrv - ok
13:04:28.0253 3472 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:04:28.0253 3472 MSiSCSI - ok
13:04:28.0253 3472 msiserver - ok
13:04:28.0284 3472 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:04:28.0284 3472 MSKSSRV - ok
13:04:28.0347 3472 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:04:28.0347 3472 MsMpSvc - ok
13:04:28.0362 3472 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:04:28.0362 3472 MSPCLOCK - ok
13:04:28.0378 3472 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:04:28.0378 3472 MSPQM - ok
13:04:28.0409 3472 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:04:28.0425 3472 MsRPC - ok
13:04:28.0440 3472 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:04:28.0440 3472 mssmbios - ok
13:04:28.0456 3472 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:04:28.0456 3472 MSTEE - ok
13:04:28.0472 3472 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:04:28.0472 3472 MTConfig - ok
13:04:28.0503 3472 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:04:28.0503 3472 MTsensor - ok
13:04:28.0518 3472 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:04:28.0518 3472 Mup - ok
13:04:28.0550 3472 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
13:04:28.0581 3472 napagent - ok
13:04:28.0596 3472 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:04:28.0612 3472 NativeWifiP - ok
13:04:28.0643 3472 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:04:28.0674 3472 NDIS - ok
13:04:28.0690 3472 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:04:28.0690 3472 NdisCap - ok
13:04:28.0721 3472 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:04:28.0721 3472 NdisTapi - ok
13:04:28.0737 3472 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:04:28.0737 3472 Ndisuio - ok
13:04:28.0752 3472 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:04:28.0752 3472 NdisWan - ok
13:04:28.0768 3472 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:04:28.0768 3472 NDProxy - ok
13:04:28.0784 3472 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:04:28.0784 3472 NetBIOS - ok
13:04:28.0799 3472 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:04:28.0799 3472 NetBT - ok
13:04:28.0815 3472 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
13:04:28.0815 3472 Netlogon - ok
13:04:28.0862 3472 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:04:28.0877 3472 Netman - ok
13:04:28.0893 3472 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:04:28.0908 3472 netprofm - ok
13:04:28.0940 3472 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:04:28.0940 3472 NetTcpPortSharing - ok
13:04:28.0955 3472 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:04:28.0955 3472 nfrd960 - ok
13:04:29.0002 3472 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:04:29.0018 3472 NisDrv - ok
13:04:29.0049 3472 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:04:29.0064 3472 NisSrv - ok
13:04:29.0111 3472 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:04:29.0127 3472 NlaSvc - ok
13:04:29.0174 3472 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:04:29.0174 3472 Npfs - ok
13:04:29.0189 3472 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:04:29.0189 3472 nsi - ok
13:04:29.0205 3472 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:04:29.0205 3472 nsiproxy - ok
13:04:29.0283 3472 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:04:29.0314 3472 Ntfs - ok
13:04:29.0330 3472 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:04:29.0330 3472 Null - ok
13:04:29.0361 3472 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:04:29.0361 3472 nvraid - ok
13:04:29.0392 3472 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:04:29.0392 3472 nvstor - ok
13:04:29.0408 3472 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
13:04:29.0423 3472 nv_agp - ok
13:04:29.0439 3472 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:04:29.0439 3472 ohci1394 - ok
13:04:29.0501 3472 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:04:29.0517 3472 ose - ok
13:04:29.0688 3472 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:04:29.0798 3472 osppsvc - ok
13:04:29.0844 3472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:04:29.0860 3472 p2pimsvc - ok
13:04:29.0891 3472 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:04:29.0907 3472 p2psvc - ok
13:04:29.0922 3472 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:04:29.0938 3472 Parport - ok
13:04:29.0969 3472 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:04:29.0969 3472 partmgr - ok
13:04:29.0985 3472 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:04:29.0985 3472 PcaSvc - ok
13:04:30.0016 3472 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
13:04:30.0016 3472 pci - ok
13:04:30.0032 3472 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:04:30.0032 3472 pciide - ok
13:04:30.0047 3472 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:04:30.0047 3472 pcmcia - ok
13:04:30.0063 3472 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:04:30.0063 3472 pcw - ok
13:04:30.0094 3472 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:04:30.0110 3472 PEAUTH - ok
13:04:30.0156 3472 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:04:30.0188 3472 PeerDistSvc - ok
13:04:30.0250 3472 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:04:30.0250 3472 PerfHost - ok
13:04:30.0312 3472 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
13:04:30.0344 3472 pla - ok
13:04:30.0406 3472 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:04:30.0422 3472 PlugPlay - ok
13:04:30.0437 3472 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:04:30.0437 3472 PNRPAutoReg - ok
13:04:30.0453 3472 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:04:30.0453 3472 PNRPsvc - ok
13:04:30.0484 3472 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:04:30.0515 3472 PolicyAgent - ok
13:04:30.0546 3472 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:04:30.0562 3472 Power - ok
13:04:30.0593 3472 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:04:30.0593 3472 PptpMiniport - ok
13:04:30.0609 3472 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:04:30.0609 3472 Processor - ok
13:04:30.0640 3472 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
13:04:30.0656 3472 ProfSvc - ok
13:04:30.0671 3472 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:04:30.0671 3472 ProtectedStorage - ok
13:04:30.0687 3472 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:04:30.0687 3472 Psched - ok
13:04:30.0734 3472 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:04:30.0765 3472 ql2300 - ok
13:04:30.0780 3472 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:04:30.0780 3472 ql40xx - ok
13:04:30.0812 3472 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:04:30.0827 3472 QWAVE - ok
13:04:30.0843 3472 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:04:30.0843 3472 QWAVEdrv - ok
13:04:30.0858 3472 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:04:30.0858 3472 RasAcd - ok
13:04:30.0890 3472 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:04:30.0890 3472 RasAgileVpn - ok
13:04:30.0921 3472 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:04:30.0921 3472 RasAuto - ok
13:04:30.0936 3472 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:04:30.0936 3472 Rasl2tp - ok
13:04:30.0968 3472 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
13:04:30.0983 3472 RasMan - ok
13:04:31.0014 3472 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:04:31.0014 3472 RasPppoe - ok
13:04:31.0030 3472 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:04:31.0030 3472 RasSstp - ok
13:04:31.0061 3472 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:04:31.0061 3472 rdbss - ok
13:04:31.0077 3472 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:04:31.0077 3472 rdpbus - ok
13:04:31.0092 3472 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:04:31.0092 3472 RDPCDD - ok
13:04:31.0108 3472 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:04:31.0124 3472 RDPDR - ok
13:04:31.0124 3472 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:04:31.0139 3472 RDPENCDD - ok
13:04:31.0139 3472 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:04:31.0139 3472 RDPREFMP - ok
13:04:31.0186 3472 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:04:31.0186 3472 RDPWD - ok
13:04:31.0202 3472 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:04:31.0202 3472 rdyboost - ok
13:04:31.0233 3472 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:04:31.0233 3472 RemoteAccess - ok
13:04:31.0280 3472 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:04:31.0280 3472 RemoteRegistry - ok
13:04:31.0326 3472 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:04:31.0326 3472 RimUsb - ok
13:04:31.0342 3472 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:04:31.0342 3472 RpcEptMapper - ok
13:04:31.0358 3472 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:04:31.0358 3472 RpcLocator - ok
13:04:31.0389 3472 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
13:04:31.0389 3472 RpcSs - ok
13:04:31.0404 3472 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:04:31.0404 3472 rspndr - ok
13:04:31.0451 3472 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:04:31.0451 3472 RTL8167 - ok
13:04:31.0467 3472 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
13:04:31.0467 3472 s3cap - ok
13:04:31.0467 3472 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
13:04:31.0467 3472 SamSs - ok
13:04:31.0498 3472 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:04:31.0498 3472 sbp2port - ok
13:04:31.0514 3472 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:04:31.0514 3472 SCardSvr - ok
13:04:31.0529 3472 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:04:31.0529 3472 scfilter - ok
13:04:31.0576 3472 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
13:04:31.0623 3472 Schedule - ok
13:04:31.0638 3472 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:04:31.0654 3472 SCPolicySvc - ok
13:04:31.0670 3472 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:04:31.0685 3472 SDRSVC - ok
13:04:31.0701 3472 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:04:31.0701 3472 secdrv - ok
13:04:31.0732 3472 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
13:04:31.0732 3472 seclogon - ok
13:04:31.0748 3472 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:04:31.0748 3472 SENS - ok
13:04:31.0763 3472 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:04:31.0763 3472 SensrSvc - ok
13:04:31.0779 3472 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:04:31.0779 3472 Serenum - ok
13:04:31.0779 3472 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:04:31.0794 3472 Serial - ok
13:04:31.0794 3472 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:04:31.0794 3472 sermouse - ok
13:04:31.0826 3472 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
13:04:31.0841 3472 SessionEnv - ok
13:04:31.0857 3472 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:04:31.0857 3472 sffdisk - ok
13:04:31.0872 3472 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:04:31.0872 3472 sffp_mmc - ok
13:04:31.0904 3472 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:04:31.0904 3472 sffp_sd - ok
13:04:31.0919 3472 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:04:31.0919 3472 sfloppy - ok
13:04:31.0950 3472 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:04:31.0966 3472 SharedAccess - ok
13:04:32.0013 3472 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:04:32.0028 3472 ShellHWDetection - ok
13:04:32.0044 3472 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:04:32.0044 3472 SiSRaid2 - ok
13:04:32.0075 3472 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:04:32.0091 3472 SiSRaid4 - ok
13:04:32.0106 3472 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:04:32.0106 3472 Smb - ok
13:04:32.0122 3472 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:04:32.0122 3472 SNMPTRAP - ok
13:04:32.0138 3472 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:04:32.0138 3472 spldr - ok
13:04:32.0169 3472 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
13:04:32.0200 3472 Spooler - ok
13:04:32.0278 3472 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
13:04:32.0372 3472 sppsvc - ok
13:04:32.0387 3472 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:04:32.0387 3472 sppuinotify - ok
13:04:32.0434 3472 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:04:32.0450 3472 srv - ok
13:04:32.0481 3472 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:04:32.0496 3472 srv2 - ok
13:04:32.0528 3472 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:04:32.0528 3472 srvnet - ok
13:04:32.0559 3472 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:04:32.0574 3472 SSDPSRV - ok
13:04:32.0574 3472 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:04:32.0574 3472 SstpSvc - ok
13:04:32.0590 3472 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:04:32.0606 3472 stexstor - ok
13:04:32.0668 3472 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
13:04:32.0699 3472 stisvc - ok
13:04:32.0730 3472 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
13:04:32.0762 3472 storflt - ok
13:04:32.0793 3472 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
13:04:32.0793 3472 storvsc - ok
13:04:32.0808 3472 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:04:32.0808 3472 swenum - ok
13:04:32.0840 3472 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:04:32.0855 3472 swprv - ok
13:04:32.0902 3472 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
13:04:32.0949 3472 SysMain - ok
13:04:32.0980 3472 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:04:32.0980 3472 TabletInputService - ok
13:04:33.0011 3472 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
13:04:33.0027 3472 TapiSrv - ok
13:04:33.0042 3472 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:04:33.0058 3472 TBS - ok
13:04:33.0120 3472 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:04:33.0167 3472 Tcpip - ok
13:04:33.0230 3472 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:04:33.0245 3472 TCPIP6 - ok
13:04:33.0261 3472 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:04:33.0261 3472 tcpipreg - ok
13:04:33.0276 3472 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:04:33.0292 3472 TDPIPE - ok
13:04:33.0323 3472 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:04:33.0323 3472 TDTCP - ok
13:04:33.0339 3472 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:04:33.0339 3472 tdx - ok
13:04:33.0354 3472 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:04:33.0354 3472 TermDD - ok
13:04:33.0401 3472 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
13:04:33.0417 3472 TermService - ok
13:04:33.0432 3472 [ 45B3E14C535C9CC862A969511464B352 ] Themes C:\Windows\system32\themeservice.dll
13:04:33.0432 3472 Themes - ok
13:04:33.0448 3472 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:04:33.0448 3472 THREADORDER - ok
13:04:33.0479 3472 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:04:33.0495 3472 TrkWks - ok
13:04:33.0542 3472 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:04:33.0542 3472 TrustedInstaller - ok
13:04:33.0573 3472 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:04:33.0573 3472 tssecsrv - ok
13:04:33.0604 3472 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:04:33.0604 3472 tunnel - ok
13:04:33.0620 3472 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:04:33.0620 3472 uagp35 - ok
13:04:33.0651 3472 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:04:33.0666 3472 udfs - ok
13:04:33.0682 3472 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:04:33.0682 3472 UI0Detect - ok
13:04:33.0698 3472 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
13:04:33.0698 3472 uliagpkx - ok
13:04:33.0729 3472 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:04:33.0729 3472 umbus - ok
13:04:33.0744 3472 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:04:33.0744 3472 UmPass - ok
13:04:33.0760 3472 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
13:04:33.0776 3472 UmRdpService - ok
13:04:33.0791 3472 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:04:33.0807 3472 upnphost - ok
13:04:33.0854 3472 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:04:33.0854 3472 USBAAPL64 - ok
13:04:33.0885 3472 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:04:33.0885 3472 usbccgp - ok
13:04:33.0900 3472 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
13:04:33.0916 3472 usbcir - ok
13:04:33.0947 3472 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:04:33.0947 3472 usbehci - ok
13:04:33.0978 3472 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:04:33.0994 3472 usbhub - ok
13:04:34.0010 3472 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:04:34.0010 3472 usbohci - ok
13:04:34.0025 3472 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:04:34.0025 3472 usbprint - ok
13:04:34.0056 3472 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:04:34.0056 3472 usbscan - ok
13:04:34.0088 3472 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:04:34.0103 3472 USBSTOR - ok
13:04:34.0119 3472 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:04:34.0119 3472 usbuhci - ok
13:04:34.0150 3472 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:04:34.0150 3472 UxSms - ok
13:04:34.0166 3472 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
13:04:34.0166 3472 VaultSvc - ok
13:04:34.0181 3472 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
13:04:34.0181 3472 vdrvroot - ok
13:04:34.0197 3472 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
13:04:34.0212 3472 vds - ok
13:04:34.0228 3472 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:04:34.0228 3472 vga - ok
13:04:34.0244 3472 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:04:34.0244 3472 VgaSave - ok
13:04:34.0275 3472 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
13:04:34.0275 3472 vhdmp - ok
13:04:34.0275 3472 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
13:04:34.0275 3472 viaide - ok
13:04:34.0306 3472 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
13:04:34.0306 3472 vmbus - ok
13:04:34.0322 3472 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
13:04:34.0322 3472 VMBusHID - ok
13:04:34.0337 3472 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
13:04:34.0337 3472 volmgr - ok
13:04:34.0368 3472 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:04:34.0384 3472 volmgrx - ok
13:04:34.0400 3472 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
13:04:34.0415 3472 volsnap - ok
13:04:34.0431 3472 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:04:34.0431 3472 vsmraid - ok
13:04:34.0478 3472 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
13:04:34.0524 3472 VSS - ok
13:04:34.0540 3472 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:04:34.0540 3472 vwifibus - ok
13:04:34.0571 3472 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:04:34.0587 3472 W32Time - ok
13:04:34.0602 3472 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:04:34.0602 3472 WacomPen - ok
13:04:34.0634 3472 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:04:34.0634 3472 WANARP - ok
13:04:34.0634 3472 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:04:34.0634 3472 Wanarpv6 - ok
13:04:34.0712 3472 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:04:34.0743 3472 WatAdminSvc - ok
13:04:34.0805 3472 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
13:04:34.0836 3472 wbengine - ok
13:04:34.0868 3472 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:04:34.0883 3472 WbioSrvc - ok
13:04:34.0914 3472 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:04:34.0930 3472 wcncsvc - ok
13:04:34.0961 3472 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:04:34.0961 3472 WcsPlugInService - ok
13:04:34.0992 3472 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:04:34.0992 3472 Wd - ok
13:04:35.0024 3472 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:04:35.0039 3472 Wdf01000 - ok
13:04:35.0055 3472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:04:35.0070 3472 WdiServiceHost - ok
13:04:35.0070 3472 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:04:35.0070 3472 WdiSystemHost - ok
13:04:35.0086 3472 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
13:04:35.0102 3472 WebClient - ok
13:04:35.0133 3472 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:04:35.0148 3472 Wecsvc - ok
13:04:35.0164 3472 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:04:35.0164 3472 wercplsupport - ok
13:04:35.0180 3472 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:04:35.0180 3472 WerSvc - ok
13:04:35.0195 3472 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:04:35.0195 3472 WfpLwf - ok
13:04:35.0211 3472 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:04:35.0211 3472 WIMMount - ok
13:04:35.0226 3472 WinDefend - ok
13:04:35.0226 3472 WinHttpAutoProxySvc - ok
13:04:35.0289 3472 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:04:35.0289 3472 Winmgmt - ok
13:04:35.0351 3472 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
13:04:35.0414 3472 WinRM - ok
13:04:35.0476 3472 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:04:35.0476 3472 WinUsb - ok
13:04:35.0632 3472 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:04:35.0648 3472 Wlansvc - ok
13:04:35.0757 3472 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:04:35.0835 3472 wlidsvc - ok
13:04:35.0850 3472 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:04:35.0866 3472 WmiAcpi - ok
13:04:35.0882 3472 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:04:35.0897 3472 wmiApSrv - ok
13:04:35.0913 3472 WMPNetworkSvc - ok
13:04:35.0928 3472 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:04:35.0928 3472 WPCSvc - ok
13:04:35.0944 3472 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:04:35.0960 3472 WPDBusEnum - ok
13:04:35.0975 3472 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:04:35.0975 3472 ws2ifsl - ok
13:04:36.0006 3472 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
13:04:36.0006 3472 wscsvc - ok
13:04:36.0022 3472 WSearch - ok
13:04:36.0116 3472 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:04:36.0178 3472 wuauserv - ok
13:04:36.0194 3472 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:04:36.0194 3472 WudfPf - ok
13:04:36.0225 3472 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:04:36.0225 3472 WUDFRd - ok
13:04:36.0240 3472 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:04:36.0240 3472 wudfsvc - ok
13:04:36.0272 3472 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:04:36.0287 3472 WwanSvc - ok
13:04:36.0303 3472 ================ Scan global ===============================
13:04:36.0334 3472 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:04:36.0381 3472 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
13:04:36.0396 3472 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
13:04:36.0428 3472 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:04:36.0474 3472 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:04:36.0490 3472 [Global] - ok
13:04:36.0490 3472 ================ Scan MBR ==================================
13:04:36.0490 3472 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:04:36.0849 3472 \Device\Harddisk0\DR0 - ok
13:04:36.0849 3472 ================ Scan VBR ==================================
13:04:36.0849 3472 [ A56E0BCCBEE59E5CAC71B904010AF290 ] \Device\Harddisk0\DR0\Partition1
13:04:36.0849 3472 \Device\Harddisk0\DR0\Partition1 - ok
13:04:36.0880 3472 [ CC0DC00F50A86346C0674CB9728111FF ] \Device\Harddisk0\DR0\Partition2
13:04:36.0880 3472 \Device\Harddisk0\DR0\Partition2 - ok
13:04:36.0880 3472 ============================================================
13:04:36.0880 3472 Scan finished
13:04:36.0880 3472 ============================================================
13:04:36.0896 5792 Detected object count: 0
13:04:36.0896 5792 Actual detected object count: 0

Edited by AdamP123, 10 November 2012 - 08:35 AM.


#6 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 08:24 AM

Here is the log report from aswMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-10 13:05:22
-----------------------------
13:05:22.761 OS Version: Windows x64 6.1.7600
13:05:22.761 Number of processors: 4 586 0x170A
13:05:22.761 ComputerName: ADAM-PC UserName: Adam
13:05:24.602 Initialize success
13:05:29.812 AVAST engine defs: 12110900
13:05:45.428 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:05:45.428 Disk 0 Vendor: WDC_WD1600YD-01NVB1 10.02E01 Size: 157066MB BusType: 3
13:05:45.459 Disk 0 MBR read successfully
13:05:45.459 Disk 0 MBR scan
13:05:45.459 Disk 0 Windows 7 default MBR code
13:05:45.475 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:05:45.475 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 156950 MB offset 206848
13:05:45.521 Disk 0 scanning C:\Windows\system32\drivers
13:05:56.161 Service scanning
13:06:11.714 Modules scanning
13:06:11.714 Disk 0 trace - called modules:
13:06:11.729 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
13:06:11.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80028e5060]
13:06:11.745 3 CLASSPNP.SYS[fffff8800195b43f] -> nt!IofCallDriver -> [0xfffffa8002304520]
13:06:11.745 5 ACPI.sys[fffff88000f8c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800234b060]
13:06:12.057 AVAST engine scan C:\Windows
13:06:13.711 AVAST engine scan C:\Windows\system32
13:08:39.399 AVAST engine scan C:\Windows\system32\drivers
13:08:49.992 AVAST engine scan C:\Users\Adam
13:13:43.808 AVAST engine scan C:\ProgramData
13:15:06.165 Scan finished successfully
13:15:38.905 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
13:15:38.968 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"

#7 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 09:05 AM

Finally here is the ESET report

C:\TDSSKiller_Quarantine\09.11.2012_14.51.17\mbr0000\tdlfs0000\tsk0013.dta Win64/Olmasco.AB trojan cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:46 AM

Posted 10 November 2012 - 09:08 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 09:55 AM

Here is the Mbam log
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.10.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

10/11/2012 14:11:48
mbam-log-2012-11-10 (14-11-48).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 333826
Time elapsed: 36 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 09:56 AM

Minitool box report

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Adam (administrator) on 10-11-2012 at 14:54:12
Windows Seven Black Edition (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Adam-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 48-5B-39-B2-E5-CB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dce9:73dd:49f1:eded%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 10 November 2012 10:47:52
Lease Expires . . . . . . . . . . : 11 November 2012 10:47:52
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 239622969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-86-8F-8F-48-5B-39-B2-E5-CB
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:34b2:18a0:a527:423(Preferred)
Link-local IPv6 Address . . . . . : fe80::34b2:18a0:a527:423%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: myrouter.home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:808::1002
173.194.41.129
173.194.41.130
173.194.41.131
173.194.41.132
173.194.41.133
173.194.41.134
173.194.41.135
173.194.41.136
173.194.41.137
173.194.41.142
173.194.41.128


Pinging google.com [173.194.41.128] with 32 bytes of data:
Reply from 173.194.41.128: bytes=32 time=32ms TTL=57
Reply from 173.194.41.128: bytes=32 time=31ms TTL=57

Ping statistics for 173.194.41.128:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server: myrouter.home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=299ms TTL=54
Reply from 72.30.38.140: bytes=32 time=247ms TTL=54

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 247ms, Maximum = 299ms, Average = 273ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=8ms TTL=128
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 8ms, Average = 6ms
===========================================================================
Interface List
11...48 5b 39 b2 e5 cb ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.6 276
192.168.0.6 255.255.255.255 On-link 192.168.0.6 276
192.168.0.255 255.255.255.255 On-link 192.168.0.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.6 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:34b2:18a0:a527:423/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::34b2:18a0:a527:423/128
On-link
11 276 fe80::dce9:73dd:49f1:eded/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/10/2012 01:16:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (11/10/2012 01:16:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (11/09/2012 02:37:41 PM) (Source: RasClient) (User: )
Description: CoId={26DACD70-18C0-46BE-B46A-D0186BCC0EF6}: The user Adam-PC\Adam dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (11/09/2012 02:37:16 PM) (Source: RasClient) (User: )
Description: CoId={2045FD3F-6813-4FE8-84A8-B3ABC5D51A7E}: The user Adam-PC\Adam dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (11/09/2012 02:36:47 PM) (Source: RasClient) (User: )
Description: CoId={570BE9BF-1F69-47DA-A6A5-8B119D99A6CA}: The user Adam-PC\Adam dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (11/09/2012 02:36:42 PM) (Source: RasClient) (User: )
Description: CoId={B1B50FE8-2CF3-4AB7-9E11-4789BD02CC7B}: The user Adam-PC\Adam dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (11/09/2012 02:29:53 PM) (Source: SignInAssistant) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (11/09/2012 02:29:53 PM) (Source: SignInAssistant) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (11/09/2012 02:29:53 PM) (Source: SignInAssistant) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (11/09/2012 02:29:53 PM) (Source: SignInAssistant) (User: )
Description: StartService failed with hr = 0x8007043c


System errors:
=============
Error: (11/10/2012 10:52:41 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (11/10/2012 10:52:41 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (11/10/2012 10:51:45 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%5

Error: (11/10/2012 10:51:45 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%5

Error: (11/10/2012 10:51:45 AM) (Source: PNRPSvc) (User: )
Description: 0x80070005

Error: (11/10/2012 10:51:44 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070420

Error: (11/10/2012 10:51:34 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%5

Error: (11/10/2012 10:51:34 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%5

Error: (11/10/2012 10:51:34 AM) (Source: PNRPSvc) (User: )
Description: 0x80070005

Error: (11/10/2012 10:51:23 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (11/10/2012 01:16:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Adam\Downloads\esetsmartinstaller_enu.exe

Error: (11/10/2012 01:16:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Adam\Downloads\esetsmartinstaller_enu.exe

Error: (11/09/2012 02:37:41 PM) (Source: RasClient)(User: )
Description: {26DACD70-18C0-46BE-B46A-D0186BCC0EF6}Adam-PC\AdamBroadband Connection651

Error: (11/09/2012 02:37:16 PM) (Source: RasClient)(User: )
Description: {2045FD3F-6813-4FE8-84A8-B3ABC5D51A7E}Adam-PC\AdamBroadband Connection651

Error: (11/09/2012 02:36:47 PM) (Source: RasClient)(User: )
Description: {570BE9BF-1F69-47DA-A6A5-8B119D99A6CA}Adam-PC\AdamBroadband Connection651

Error: (11/09/2012 02:36:42 PM) (Source: RasClient)(User: )
Description: {B1B50FE8-2CF3-4AB7-9E11-4789BD02CC7B}Adam-PC\AdamBroadband Connection651

Error: (11/09/2012 02:29:53 PM) (Source: SignInAssistant)(User: )
Description: StartService failed with hr = 0x8007043c

Error: (11/09/2012 02:29:53 PM) (Source: SignInAssistant)(User: )
Description: StartService failed with hr = 0x8007043c

Error: (11/09/2012 02:29:53 PM) (Source: SignInAssistant)(User: )
Description: StartService failed with hr = 0x8007043c

Error: (11/09/2012 02:29:53 PM) (Source: SignInAssistant)(User: )
Description: StartService failed with hr = 0x8007043c


CodeIntegrity Errors:
===================================
Date: 2012-11-09 17:04:40.061
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-09 17:04:39.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

7-Zip 4.65
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70727.2220)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 10.10.0.41001)
ATI Problem Report Wizard (Version: 3.0.745.0)
avast! Free Antivirus (Version: 7.0.1474.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0806.1213.19931)
Catalyst Control Center Graphics Previews Common (Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (Version: 2012.0806.1213.19931)
ccc-utility64 (Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (Version: 2012.0806.1212.19931)
CCC Help Czech (Version: 2012.0806.1212.19931)
CCC Help Danish (Version: 2012.0806.1212.19931)
CCC Help Dutch (Version: 2012.0806.1212.19931)
CCC Help English (Version: 2012.0806.1212.19931)
CCC Help Finnish (Version: 2012.0806.1212.19931)
CCC Help French (Version: 2012.0806.1212.19931)
CCC Help German (Version: 2012.0806.1212.19931)
CCC Help Greek (Version: 2012.0806.1212.19931)
CCC Help Hungarian (Version: 2012.0806.1212.19931)
CCC Help Italian (Version: 2012.0806.1212.19931)
CCC Help Japanese (Version: 2012.0806.1212.19931)
CCC Help Korean (Version: 2012.0806.1212.19931)
CCC Help Norwegian (Version: 2012.0806.1212.19931)
CCC Help Polish (Version: 2012.0806.1212.19931)
CCC Help Portuguese (Version: 2012.0806.1212.19931)
CCC Help Russian (Version: 2012.0806.1212.19931)
CCC Help Spanish (Version: 2012.0806.1212.19931)
CCC Help Swedish (Version: 2012.0806.1212.19931)
CCC Help Thai (Version: 2012.0806.1212.19931)
CCC Help Turkish (Version: 2012.0806.1212.19931)
CCleaner 2.13.720
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III (Version: 1.0.4.11327)
Epson Easy Photo Print 2 (Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
EPSON Printer Software
EPSON Scan
EPSON SX125 Series Printer Uninstall
EPSON SX130 Series Printer Uninstall
ESET Online Scanner v3
HydraVision (Version: 4.2.114.0)
ImgBurn (Version: 2.4.1.0)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
K-Lite Mega Codec Pack 4.1.4 (Version: 4.1.4)
League of Legends (Version: 1.3)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
Notepad++
Pando Media Booster (Version: 2.6.0.8)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5859)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Vistaprint Photo Books
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 2047.18 MB
Available physical RAM: 627.59 MB
Total Pagefile: 4094.36 MB
Available Pagefile: 2035.55 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.9 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:153.27 GB) (Free:88.54 GB) NTFS

========================= Users: ========================================

User accounts for \\ADAM-PC

Adam Administrator Guest

========================= Restore Points ==================================

10-10-2012 22:07:43 Windows Update
18-10-2012 07:50:37 Scheduled Checkpoint
25-10-2012 10:41:14 Scheduled Checkpoint
02-11-2012 13:06:07 Scheduled Checkpoint
09-11-2012 16:56:21 ComboFix created restore point
10-11-2012 09:36:55 Windows Update

**** End of log ****

#11 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 10:01 AM

FarBar Log

Farbar Service Scanner Version: 09-11-2012
Ran by Adam (administrator) on 10-11-2012 at 14:57:32
Running from "C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6PZVZNQ"
Windows Seven Black Edition (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-17 09:57] - [2011-12-28 03:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-15 07:45] - [2012-03-30 11:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 12:41] - [2012-06-02 05:25] - 0182272 ____A (Microsoft Corporation) BAF19B633933A9FB4883D27D66C39E9A


ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 10:11 AM

i was unable to get adwear clearner to work

Here is the report from Junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.9.4 (11.10.2012)
OS: Windows Seven Black Edition x64
Ran by Adam on 10/11/2012 at 15:02:04.23
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/11/2012 at 15:09:42.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#13 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 10:18 AM

was able to get adw Cleaner working here is it report

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 15:13:39
# Updated 06/11/2012 by Xplode
# Operating system : Windows Seven Black Edition (64 bits)
# User : Adam - ADAM-PC
# Boot Mode : Normal
# Running from : C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMGHQ2SM\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\48lpe2cx.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1765 octets] - [09/11/2012 16:48:41]
AdwCleaner[S1].txt - [1845 octets] - [09/11/2012 16:49:06]
AdwCleaner[S2].txt - [871 octets] - [10/11/2012 15:13:39]

########## EOF - C:\AdwCleaner[S2].txt - [930 octets] ##########

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:46 AM

Posted 10 November 2012 - 12:18 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#15 AdamP123

AdamP123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 November 2012 - 12:31 PM

Here is the Rkill Log

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/10/2012 05:29:27 PM in x64 mode.
Windows Version: Windows Seven Black Edition

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\UxTheme.dll [NoSig]
+-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/14/2009 00:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 08/03/2009 11:12 PM : 0486b811c6f42fdfb5e544a6ca25d16a [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/14/2009 11:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/10/2012 05:31:15 PM
Execution time: 0 hours(s), 1 minute(s), and 48 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users