Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, help please!


  • Please log in to reply
36 replies to this topic

#1 TwoSixSided

TwoSixSided

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 01:52 AM

Okay so I went away from my computer and came back and there's all these virus pop ups on AVG so I ran scans, it dealt with some ran some more scans and the thing that I can't get rid of says it's in C:/Windows/System32/services.exe and the detection name says Win64/patched.A, This stuff sounds like it's out of a horror story. there's another one found in uh.. appdata/local/google/chrome/application/chrome.exe (5848):/memory etc. I really need help, and when I go to google and click on links it redirects me to a random place such as a virus protection site. One last thing, an adobe download keeps coming up that I keep X'ing out. Please help me quickly I have to be on t he computer all day tomorrow.

BC AdBot (Login to Remove)

 


#2 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 02:47 AM

Okay well I restarted my computer and now I can use links on google, but did another avg scan and there's still 3 virus' that come up, one still says the win64/patched/A that's found in system32 (scary sounding) and the two others that are found in chrome still and say Luhe.Sirefef.A I wish someone was up to help me I really need it.

#3 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 05:06 AM

And my OS is windows 7.. I've been sitting here for 4 hours looking up everything while more and more virus's keep popping up.. using avast now... Someone please help me..

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:33 PM

Posted 17 November 2012 - 05:31 AM

Do not run any other scans unless instructed

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 05:42 AM

TDSS Log,

05:39:04.0779 4872 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
05:39:05.0134 4872 ============================================================
05:39:05.0134 4872 Current date / time: 2012/11/17 05:39:05.0134
05:39:05.0134 4872 SystemInfo:
05:39:05.0134 4872
05:39:05.0134 4872 OS Version: 6.1.7601 ServicePack: 1.0
05:39:05.0134 4872 Product type: Workstation
05:39:05.0134 4872 ComputerName: TRAVIS-PC
05:39:05.0134 4872 UserName: Travis
05:39:05.0134 4872 Windows directory: C:\Windows
05:39:05.0134 4872 System windows directory: C:\Windows
05:39:05.0134 4872 Running under WOW64
05:39:05.0134 4872 Processor architecture: Intel x64
05:39:05.0134 4872 Number of processors: 4
05:39:05.0134 4872 Page size: 0x1000
05:39:05.0134 4872 Boot type: Normal boot
05:39:05.0134 4872 ============================================================
05:39:05.0826 4872 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:39:05.0836 4872 ============================================================
05:39:05.0836 4872 \Device\Harddisk0\DR0:
05:39:05.0836 4872 MBR partitions:
05:39:05.0836 4872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:39:05.0836 4872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
05:39:05.0836 4872 ============================================================
05:39:05.0872 4872 C: <-> \Device\Harddisk0\DR0\Partition2
05:39:05.0872 4872 ============================================================
05:39:05.0872 4872 Initialize success
05:39:05.0872 4872 ============================================================
05:39:13.0754 4224 ============================================================
05:39:13.0754 4224 Scan started
05:39:13.0754 4224 Mode: Manual; TDLFS;
05:39:13.0754 4224 ============================================================
05:39:14.0281 4224 ================ Scan system memory ========================
05:39:14.0281 4224 System memory - ok
05:39:14.0281 4224 ================ Scan services =============================
05:39:14.0401 4224 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
05:39:14.0404 4224 1394ohci - ok
05:39:14.0427 4224 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
05:39:14.0432 4224 ACPI - ok
05:39:14.0443 4224 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
05:39:14.0445 4224 AcpiPmi - ok
05:39:14.0538 4224 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
05:39:14.0540 4224 AdobeARMservice - ok
05:39:14.0635 4224 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
05:39:14.0638 4224 AdobeFlashPlayerUpdateSvc - ok
05:39:14.0662 4224 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
05:39:14.0669 4224 adp94xx - ok
05:39:14.0689 4224 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
05:39:14.0695 4224 adpahci - ok
05:39:14.0708 4224 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
05:39:14.0712 4224 adpu320 - ok
05:39:14.0740 4224 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
05:39:14.0741 4224 AeLookupSvc - ok
05:39:14.0780 4224 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
05:39:14.0788 4224 AFD - ok
05:39:14.0802 4224 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
05:39:14.0804 4224 agp440 - ok
05:39:14.0818 4224 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
05:39:14.0820 4224 ALG - ok
05:39:14.0834 4224 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
05:39:14.0836 4224 aliide - ok
05:39:14.0846 4224 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
05:39:14.0848 4224 amdide - ok
05:39:14.0863 4224 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
05:39:14.0865 4224 AmdK8 - ok
05:39:14.0870 4224 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
05:39:14.0872 4224 AmdPPM - ok
05:39:14.0898 4224 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
05:39:14.0901 4224 amdsata - ok
05:39:14.0918 4224 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
05:39:14.0921 4224 amdsbs - ok
05:39:14.0938 4224 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
05:39:14.0940 4224 amdxata - ok
05:39:14.0952 4224 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
05:39:14.0954 4224 AppID - ok
05:39:14.0967 4224 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
05:39:14.0968 4224 AppIDSvc - ok
05:39:14.0984 4224 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
05:39:14.0986 4224 Appinfo - ok
05:39:15.0052 4224 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
05:39:15.0054 4224 Apple Mobile Device - ok
05:39:15.0068 4224 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
05:39:15.0071 4224 arc - ok
05:39:15.0081 4224 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
05:39:15.0083 4224 arcsas - ok
05:39:15.0110 4224 [ E1E75921E9EB025009696D4837F531FB ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
05:39:15.0113 4224 asmthub3 - ok
05:39:15.0130 4224 [ B0CF9AB16006B61634D4F955345CA5D2 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
05:39:15.0136 4224 asmtxhci - ok
05:39:15.0171 4224 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
05:39:15.0173 4224 aswFsBlk - ok
05:39:15.0215 4224 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
05:39:15.0217 4224 aswMonFlt - ok
05:39:15.0245 4224 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
05:39:15.0248 4224 aswRdr - ok
05:39:15.0271 4224 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
05:39:15.0284 4224 aswSnx - ok
05:39:15.0315 4224 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
05:39:15.0321 4224 aswSP - ok
05:39:15.0339 4224 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
05:39:15.0342 4224 aswTdi - ok
05:39:15.0364 4224 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
05:39:15.0366 4224 AsyncMac - ok
05:39:15.0370 4224 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
05:39:15.0371 4224 atapi - ok
05:39:15.0391 4224 [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
05:39:15.0393 4224 AthBTPort - ok
05:39:15.0405 4224 [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
05:39:15.0407 4224 ATHDFU - ok
05:39:15.0453 4224 [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
05:39:15.0456 4224 AtherosSvc - ok
05:39:15.0482 4224 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:39:15.0491 4224 AudioEndpointBuilder - ok
05:39:15.0502 4224 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
05:39:15.0509 4224 AudioSrv - ok
05:39:15.0590 4224 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
05:39:15.0592 4224 avast! Antivirus - ok
05:39:15.0733 4224 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
05:39:15.0772 4224 AVGIDSAgent - ok
05:39:15.0809 4224 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
05:39:15.0811 4224 AVGIDSDriver - ok
05:39:15.0817 4224 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
05:39:15.0818 4224 AVGIDSFilter - ok
05:39:15.0861 4224 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
05:39:15.0863 4224 AVGIDSHA - ok
05:39:15.0879 4224 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
05:39:15.0883 4224 Avgldx64 - ok
05:39:15.0918 4224 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
05:39:15.0920 4224 Avgmfx64 - ok
05:39:15.0949 4224 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
05:39:15.0952 4224 Avgrkx64 - ok
05:39:15.0968 4224 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
05:39:15.0974 4224 Avgtdia - ok
05:39:16.0004 4224 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
05:39:16.0008 4224 avgwd - ok
05:39:16.0031 4224 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
05:39:16.0033 4224 AxInstSV - ok
05:39:16.0063 4224 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
05:39:16.0070 4224 b06bdrv - ok
05:39:16.0099 4224 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
05:39:16.0104 4224 b57nd60a - ok
05:39:16.0150 4224 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
05:39:16.0152 4224 BCUService - ok
05:39:16.0167 4224 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
05:39:16.0170 4224 BDESVC - ok
05:39:16.0194 4224 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
05:39:16.0195 4224 Beep - ok
05:39:16.0215 4224 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
05:39:16.0217 4224 blbdrive - ok
05:39:16.0284 4224 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
05:39:16.0291 4224 Bonjour Service - ok
05:39:16.0319 4224 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
05:39:16.0322 4224 bowser - ok
05:39:16.0337 4224 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
05:39:16.0339 4224 BrFiltLo - ok
05:39:16.0342 4224 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
05:39:16.0344 4224 BrFiltUp - ok
05:39:16.0377 4224 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
05:39:16.0381 4224 Browser - ok
05:39:16.0399 4224 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
05:39:16.0404 4224 Brserid - ok
05:39:16.0425 4224 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
05:39:16.0427 4224 BrSerWdm - ok
05:39:16.0430 4224 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
05:39:16.0432 4224 BrUsbMdm - ok
05:39:16.0436 4224 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
05:39:16.0437 4224 BrUsbSer - ok
05:39:16.0465 4224 [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
05:39:16.0470 4224 BTATH_A2DP - ok
05:39:16.0498 4224 [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
05:39:16.0499 4224 BTATH_BUS - ok
05:39:16.0511 4224 [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
05:39:16.0515 4224 BTATH_HCRP - ok
05:39:16.0524 4224 [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
05:39:16.0527 4224 BTATH_LWFLT - ok
05:39:16.0540 4224 [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
05:39:16.0544 4224 BTATH_RCP - ok
05:39:16.0557 4224 [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
05:39:16.0561 4224 BtFilter - ok
05:39:16.0589 4224 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
05:39:16.0591 4224 BthEnum - ok
05:39:16.0595 4224 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
05:39:16.0598 4224 BTHMODEM - ok
05:39:16.0613 4224 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
05:39:16.0615 4224 BthPan - ok
05:39:16.0679 4224 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
05:39:16.0703 4224 BTHPORT - ok
05:39:16.0764 4224 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
05:39:16.0767 4224 bthserv - ok
05:39:16.0793 4224 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
05:39:16.0795 4224 BTHUSB - ok
05:39:16.0807 4224 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
05:39:16.0809 4224 cdfs - ok
05:39:16.0822 4224 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
05:39:16.0825 4224 cdrom - ok
05:39:16.0833 4224 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
05:39:16.0835 4224 CertPropSvc - ok
05:39:16.0839 4224 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
05:39:16.0841 4224 circlass - ok
05:39:16.0854 4224 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
05:39:16.0860 4224 CLFS - ok
05:39:16.0918 4224 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:39:16.0921 4224 clr_optimization_v2.0.50727_32 - ok
05:39:16.0962 4224 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:39:16.0965 4224 clr_optimization_v2.0.50727_64 - ok
05:39:17.0007 4224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:39:17.0010 4224 clr_optimization_v4.0.30319_32 - ok
05:39:17.0026 4224 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:39:17.0030 4224 clr_optimization_v4.0.30319_64 - ok
05:39:17.0043 4224 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
05:39:17.0045 4224 CmBatt - ok
05:39:17.0055 4224 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
05:39:17.0057 4224 cmdide - ok
05:39:17.0090 4224 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
05:39:17.0097 4224 CNG - ok
05:39:17.0120 4224 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
05:39:17.0122 4224 Compbatt - ok
05:39:17.0140 4224 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
05:39:17.0143 4224 CompositeBus - ok
05:39:17.0146 4224 COMSysApp - ok
05:39:17.0157 4224 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
05:39:17.0159 4224 crcdisk - ok
05:39:17.0200 4224 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
05:39:17.0204 4224 CryptSvc - ok
05:39:17.0260 4224 [ AF5F50B2F20438EC929418C9AD0F5D21 ] D-Vitec C:\Windows\system32\DRIVERS\dvitdcnt.sys
05:39:17.0265 4224 D-Vitec - ok
05:39:17.0298 4224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
05:39:17.0306 4224 DcomLaunch - ok
05:39:17.0341 4224 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
05:39:17.0346 4224 defragsvc - ok
05:39:17.0354 4224 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
05:39:17.0357 4224 DfsC - ok
05:39:17.0378 4224 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
05:39:17.0384 4224 Dhcp - ok
05:39:17.0395 4224 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
05:39:17.0397 4224 discache - ok
05:39:17.0422 4224 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
05:39:17.0425 4224 Disk - ok
05:39:17.0447 4224 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
05:39:17.0451 4224 Dnscache - ok
05:39:17.0461 4224 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
05:39:17.0467 4224 dot3svc - ok
05:39:17.0492 4224 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
05:39:17.0496 4224 DPS - ok
05:39:17.0520 4224 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
05:39:17.0522 4224 drmkaud - ok
05:39:17.0552 4224 [ 821BF177A24172F5F0EE9B322F58516C ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
05:39:17.0557 4224 dtsoftbus01 - ok
05:39:17.0581 4224 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
05:39:17.0594 4224 DXGKrnl - ok
05:39:17.0604 4224 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
05:39:17.0608 4224 EapHost - ok
05:39:17.0670 4224 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
05:39:17.0698 4224 ebdrv - ok
05:39:17.0716 4224 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
05:39:17.0718 4224 EFS - ok
05:39:17.0765 4224 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
05:39:17.0773 4224 ehRecvr - ok
05:39:17.0796 4224 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
05:39:17.0798 4224 ehSched - ok
05:39:17.0816 4224 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
05:39:17.0822 4224 elxstor - ok
05:39:17.0831 4224 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
05:39:17.0832 4224 ErrDev - ok
05:39:17.0881 4224 esgiguard - ok
05:39:17.0906 4224 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
05:39:17.0911 4224 EventSystem - ok
05:39:17.0943 4224 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
05:39:17.0947 4224 exfat - ok
05:39:17.0953 4224 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
05:39:17.0956 4224 fastfat - ok
05:39:17.0982 4224 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
05:39:17.0990 4224 Fax - ok
05:39:17.0996 4224 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
05:39:17.0997 4224 fdc - ok
05:39:18.0006 4224 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
05:39:18.0008 4224 fdPHost - ok
05:39:18.0012 4224 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
05:39:18.0014 4224 FDResPub - ok
05:39:18.0033 4224 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
05:39:18.0035 4224 FileInfo - ok
05:39:18.0047 4224 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
05:39:18.0048 4224 Filetrace - ok
05:39:18.0070 4224 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
05:39:18.0072 4224 flpydisk - ok
05:39:18.0089 4224 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
05:39:18.0094 4224 FltMgr - ok
05:39:18.0141 4224 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
05:39:18.0156 4224 FontCache - ok
05:39:18.0196 4224 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:39:18.0198 4224 FontCache3.0.0.0 - ok
05:39:18.0214 4224 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
05:39:18.0216 4224 FsDepends - ok
05:39:18.0231 4224 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
05:39:18.0232 4224 Fs_Rec - ok
05:39:18.0250 4224 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
05:39:18.0255 4224 fvevol - ok
05:39:18.0276 4224 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
05:39:18.0279 4224 gagp30kx - ok
05:39:18.0313 4224 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
05:39:18.0315 4224 GEARAspiWDM - ok
05:39:18.0347 4224 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
05:39:18.0359 4224 gpsvc - ok
05:39:18.0369 4224 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
05:39:18.0371 4224 hcw85cir - ok
05:39:18.0405 4224 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:39:18.0411 4224 HdAudAddService - ok
05:39:18.0432 4224 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
05:39:18.0434 4224 HDAudBus - ok
05:39:18.0443 4224 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
05:39:18.0445 4224 HidBatt - ok
05:39:18.0450 4224 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
05:39:18.0453 4224 HidBth - ok
05:39:18.0466 4224 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
05:39:18.0468 4224 HidIr - ok
05:39:18.0480 4224 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
05:39:18.0483 4224 hidserv - ok
05:39:18.0510 4224 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
05:39:18.0512 4224 HidUsb - ok
05:39:18.0533 4224 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
05:39:18.0537 4224 hkmsvc - ok
05:39:18.0555 4224 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:39:18.0561 4224 HomeGroupListener - ok
05:39:18.0581 4224 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:39:18.0585 4224 HomeGroupProvider - ok
05:39:18.0600 4224 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
05:39:18.0602 4224 HpSAMD - ok
05:39:18.0624 4224 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
05:39:18.0632 4224 HTTP - ok
05:39:18.0640 4224 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
05:39:18.0641 4224 hwpolicy - ok
05:39:18.0662 4224 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
05:39:18.0664 4224 i8042prt - ok
05:39:18.0706 4224 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
05:39:18.0712 4224 iaStorV - ok
05:39:18.0744 4224 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:39:18.0756 4224 idsvc - ok
05:39:18.0771 4224 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
05:39:18.0774 4224 iirsp - ok
05:39:18.0814 4224 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
05:39:18.0825 4224 IKEEXT - ok
05:39:18.0897 4224 [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
05:39:18.0919 4224 IntcAzAudAddService - ok
05:39:18.0930 4224 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
05:39:18.0931 4224 intelide - ok
05:39:18.0943 4224 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
05:39:18.0944 4224 intelppm - ok
05:39:18.0954 4224 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
05:39:18.0957 4224 IPBusEnum - ok
05:39:18.0968 4224 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:39:18.0969 4224 IpFilterDriver - ok
05:39:18.0972 4224 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
05:39:18.0974 4224 IPMIDRV - ok
05:39:18.0982 4224 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
05:39:18.0984 4224 IPNAT - ok
05:39:19.0036 4224 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
05:39:19.0048 4224 iPod Service - ok
05:39:19.0071 4224 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
05:39:19.0073 4224 IRENUM - ok
05:39:19.0092 4224 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
05:39:19.0094 4224 isapnp - ok
05:39:19.0118 4224 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
05:39:19.0123 4224 iScsiPrt - ok
05:39:19.0143 4224 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
05:39:19.0146 4224 kbdclass - ok
05:39:19.0150 4224 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
05:39:19.0152 4224 kbdhid - ok
05:39:19.0157 4224 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
05:39:19.0160 4224 KeyIso - ok
05:39:19.0185 4224 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
05:39:19.0188 4224 KSecDD - ok
05:39:19.0200 4224 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
05:39:19.0204 4224 KSecPkg - ok
05:39:19.0218 4224 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
05:39:19.0220 4224 ksthunk - ok
05:39:19.0248 4224 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
05:39:19.0256 4224 KtmRm - ok
05:39:19.0295 4224 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
05:39:19.0302 4224 LanmanServer - ok
05:39:19.0325 4224 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:39:19.0331 4224 LanmanWorkstation - ok
05:39:19.0356 4224 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
05:39:19.0358 4224 lltdio - ok
05:39:19.0377 4224 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
05:39:19.0384 4224 lltdsvc - ok
05:39:19.0403 4224 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
05:39:19.0406 4224 lmhosts - ok
05:39:19.0426 4224 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
05:39:19.0429 4224 LSI_FC - ok
05:39:19.0443 4224 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
05:39:19.0446 4224 LSI_SAS - ok
05:39:19.0459 4224 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
05:39:19.0462 4224 LSI_SAS2 - ok
05:39:19.0472 4224 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
05:39:19.0475 4224 LSI_SCSI - ok
05:39:19.0487 4224 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
05:39:19.0490 4224 luafv - ok
05:39:19.0523 4224 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
05:39:19.0526 4224 ManyCam - ok
05:39:19.0563 4224 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
05:39:19.0565 4224 MBAMProtector - ok
05:39:19.0585 4224 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
05:39:19.0589 4224 MBAMScheduler - ok
05:39:19.0614 4224 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
05:39:19.0620 4224 MBAMService - ok
05:39:19.0665 4224 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
05:39:19.0668 4224 mcaudrv_simple - ok
05:39:19.0698 4224 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
05:39:19.0702 4224 Mcx2Svc - ok
05:39:19.0711 4224 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
05:39:19.0714 4224 megasas - ok
05:39:19.0735 4224 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
05:39:19.0740 4224 MegaSR - ok
05:39:19.0763 4224 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
05:39:19.0765 4224 MEIx64 - ok
05:39:19.0789 4224 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
05:39:19.0792 4224 MMCSS - ok
05:39:19.0806 4224 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
05:39:19.0808 4224 Modem - ok
05:39:19.0823 4224 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
05:39:19.0824 4224 monitor - ok
05:39:19.0840 4224 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
05:39:19.0843 4224 mouclass - ok
05:39:19.0862 4224 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
05:39:19.0864 4224 mouhid - ok
05:39:19.0885 4224 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
05:39:19.0888 4224 mountmgr - ok
05:39:19.0941 4224 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
05:39:19.0944 4224 MozillaMaintenance - ok
05:39:19.0960 4224 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
05:39:19.0963 4224 mpio - ok
05:39:19.0980 4224 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
05:39:19.0983 4224 mpsdrv - ok
05:39:20.0000 4224 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
05:39:20.0004 4224 MRxDAV - ok
05:39:20.0023 4224 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
05:39:20.0026 4224 mrxsmb - ok
05:39:20.0044 4224 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:39:20.0049 4224 mrxsmb10 - ok
05:39:20.0061 4224 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:39:20.0065 4224 mrxsmb20 - ok
05:39:20.0077 4224 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
05:39:20.0079 4224 msahci - ok
05:39:20.0097 4224 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
05:39:20.0101 4224 msdsm - ok
05:39:20.0118 4224 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
05:39:20.0123 4224 MSDTC - ok
05:39:20.0139 4224 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
05:39:20.0141 4224 Msfs - ok
05:39:20.0163 4224 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
05:39:20.0165 4224 mshidkmdf - ok
05:39:20.0174 4224 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
05:39:20.0176 4224 msisadrv - ok
05:39:20.0202 4224 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
05:39:20.0207 4224 MSiSCSI - ok
05:39:20.0210 4224 msiserver - ok
05:39:20.0230 4224 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
05:39:20.0232 4224 MSKSSRV - ok
05:39:20.0243 4224 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
05:39:20.0246 4224 MSPCLOCK - ok
05:39:20.0257 4224 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
05:39:20.0259 4224 MSPQM - ok
05:39:20.0276 4224 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
05:39:20.0282 4224 MsRPC - ok
05:39:20.0294 4224 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
05:39:20.0296 4224 mssmbios - ok
05:39:20.0308 4224 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
05:39:20.0309 4224 MSTEE - ok
05:39:20.0318 4224 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
05:39:20.0320 4224 MTConfig - ok
05:39:20.0329 4224 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
05:39:20.0331 4224 Mup - ok
05:39:20.0366 4224 [ 38B4C95E821528FB91DF16A78E04450F ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
05:39:20.0369 4224 mv91xx - ok
05:39:20.0392 4224 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
05:39:20.0399 4224 napagent - ok
05:39:20.0425 4224 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
05:39:20.0428 4224 NativeWifiP - ok
05:39:20.0480 4224 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
05:39:20.0489 4224 NDIS - ok
05:39:20.0503 4224 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
05:39:20.0504 4224 NdisCap - ok
05:39:20.0518 4224 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
05:39:20.0520 4224 NdisTapi - ok
05:39:20.0538 4224 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
05:39:20.0540 4224 Ndisuio - ok
05:39:20.0546 4224 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
05:39:20.0548 4224 NdisWan - ok
05:39:20.0571 4224 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
05:39:20.0573 4224 NDProxy - ok
05:39:20.0588 4224 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
05:39:20.0590 4224 NetBIOS - ok
05:39:20.0606 4224 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
05:39:20.0610 4224 NetBT - ok
05:39:20.0623 4224 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
05:39:20.0626 4224 Netlogon - ok
05:39:20.0661 4224 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
05:39:20.0667 4224 Netman - ok
05:39:20.0682 4224 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
05:39:20.0689 4224 netprofm - ok
05:39:20.0705 4224 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:39:20.0707 4224 NetTcpPortSharing - ok
05:39:20.0730 4224 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
05:39:20.0732 4224 nfrd960 - ok
05:39:20.0752 4224 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
05:39:20.0758 4224 NlaSvc - ok
05:39:20.0770 4224 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
05:39:20.0772 4224 Npfs - ok
05:39:20.0790 4224 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
05:39:20.0794 4224 nsi - ok
05:39:20.0806 4224 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
05:39:20.0808 4224 nsiproxy - ok
05:39:20.0855 4224 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
05:39:20.0873 4224 Ntfs - ok
05:39:20.0879 4224 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
05:39:20.0881 4224 Null - ok
05:39:20.0922 4224 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
05:39:20.0925 4224 NVHDA - ok
05:39:21.0118 4224 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:39:21.0248 4224 nvlddmkm - ok
05:39:21.0277 4224 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
05:39:21.0279 4224 nvraid - ok
05:39:21.0298 4224 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
05:39:21.0301 4224 nvstor - ok
05:39:21.0347 4224 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
05:39:21.0360 4224 nvsvc - ok
05:39:21.0421 4224 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
05:39:21.0436 4224 nvUpdatusService - ok
05:39:21.0456 4224 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
05:39:21.0459 4224 nv_agp - ok
05:39:21.0471 4224 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
05:39:21.0474 4224 ohci1394 - ok
05:39:21.0499 4224 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
05:39:21.0506 4224 p2pimsvc - ok
05:39:21.0526 4224 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
05:39:21.0534 4224 p2psvc - ok
05:39:21.0549 4224 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
05:39:21.0553 4224 Parport - ok
05:39:21.0581 4224 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
05:39:21.0584 4224 partmgr - ok
05:39:21.0600 4224 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
05:39:21.0606 4224 PcaSvc - ok
05:39:21.0616 4224 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
05:39:21.0620 4224 pci - ok
05:39:21.0633 4224 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
05:39:21.0635 4224 pciide - ok
05:39:21.0653 4224 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
05:39:21.0657 4224 pcmcia - ok
05:39:21.0667 4224 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
05:39:21.0669 4224 pcw - ok
05:39:21.0688 4224 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
05:39:21.0697 4224 PEAUTH - ok
05:39:21.0763 4224 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
05:39:21.0767 4224 PerfHost - ok
05:39:21.0807 4224 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
05:39:21.0827 4224 pla - ok
05:39:21.0867 4224 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
05:39:21.0876 4224 PlugPlay - ok
05:39:21.0885 4224 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
05:39:21.0890 4224 PNRPAutoReg - ok
05:39:21.0897 4224 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
05:39:21.0903 4224 PNRPsvc - ok
05:39:21.0927 4224 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
05:39:21.0936 4224 PolicyAgent - ok
05:39:21.0971 4224 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
05:39:21.0978 4224 Power - ok
05:39:22.0004 4224 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
05:39:22.0007 4224 PptpMiniport - ok
05:39:22.0021 4224 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
05:39:22.0024 4224 Processor - ok
05:39:22.0053 4224 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
05:39:22.0059 4224 ProfSvc - ok
05:39:22.0072 4224 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:39:22.0075 4224 ProtectedStorage - ok
05:39:22.0096 4224 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
05:39:22.0099 4224 Psched - ok
05:39:22.0130 4224 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
05:39:22.0149 4224 ql2300 - ok
05:39:22.0161 4224 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
05:39:22.0163 4224 ql40xx - ok
05:39:22.0177 4224 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
05:39:22.0181 4224 QWAVE - ok
05:39:22.0189 4224 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
05:39:22.0190 4224 QWAVEdrv - ok
05:39:22.0198 4224 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
05:39:22.0199 4224 RasAcd - ok
05:39:22.0220 4224 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
05:39:22.0221 4224 RasAgileVpn - ok
05:39:22.0242 4224 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
05:39:22.0246 4224 RasAuto - ok
05:39:22.0252 4224 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
05:39:22.0254 4224 Rasl2tp - ok
05:39:22.0266 4224 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
05:39:22.0271 4224 RasMan - ok
05:39:22.0282 4224 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
05:39:22.0284 4224 RasPppoe - ok
05:39:22.0294 4224 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
05:39:22.0296 4224 RasSstp - ok
05:39:22.0306 4224 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
05:39:22.0310 4224 rdbss - ok
05:39:22.0317 4224 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
05:39:22.0318 4224 rdpbus - ok
05:39:22.0326 4224 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
05:39:22.0327 4224 RDPCDD - ok
05:39:22.0332 4224 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
05:39:22.0334 4224 RDPENCDD - ok
05:39:22.0345 4224 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
05:39:22.0347 4224 RDPREFMP - ok
05:39:22.0373 4224 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
05:39:22.0376 4224 RDPWD - ok
05:39:22.0394 4224 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
05:39:22.0398 4224 rdyboost - ok
05:39:22.0429 4224 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
05:39:22.0434 4224 RemoteAccess - ok
05:39:22.0446 4224 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
05:39:22.0452 4224 RemoteRegistry - ok
05:39:22.0479 4224 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
05:39:22.0483 4224 RFCOMM - ok
05:39:22.0492 4224 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
05:39:22.0497 4224 RpcEptMapper - ok
05:39:22.0508 4224 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
05:39:22.0512 4224 RpcLocator - ok
05:39:22.0531 4224 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
05:39:22.0539 4224 RpcSs - ok
05:39:22.0547 4224 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
05:39:22.0550 4224 rspndr - ok
05:39:22.0584 4224 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
05:39:22.0590 4224 RTL8167 - ok
05:39:22.0595 4224 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
05:39:22.0598 4224 SamSs - ok
05:39:22.0609 4224 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
05:39:22.0611 4224 sbp2port - ok
05:39:22.0616 4224 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
05:39:22.0621 4224 SCardSvr - ok
05:39:22.0624 4224 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
05:39:22.0626 4224 scfilter - ok
05:39:22.0653 4224 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
05:39:22.0665 4224 Schedule - ok
05:39:22.0687 4224 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
05:39:22.0688 4224 SCPolicySvc - ok
05:39:22.0703 4224 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
05:39:22.0708 4224 SDRSVC - ok
05:39:22.0715 4224 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
05:39:22.0716 4224 secdrv - ok
05:39:22.0722 4224 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
05:39:22.0725 4224 seclogon - ok
05:39:22.0731 4224 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
05:39:22.0734 4224 SENS - ok
05:39:22.0737 4224 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
05:39:22.0740 4224 SensrSvc - ok
05:39:22.0756 4224 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
05:39:22.0757 4224 Serenum - ok
05:39:22.0775 4224 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
05:39:22.0777 4224 Serial - ok
05:39:22.0797 4224 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
05:39:22.0800 4224 sermouse - ok
05:39:22.0824 4224 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
05:39:22.0830 4224 SessionEnv - ok
05:39:22.0844 4224 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
05:39:22.0846 4224 sffdisk - ok
05:39:22.0849 4224 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
05:39:22.0851 4224 sffp_mmc - ok
05:39:22.0866 4224 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
05:39:22.0869 4224 sffp_sd - ok
05:39:22.0872 4224 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
05:39:22.0874 4224 sfloppy - ok
05:39:22.0890 4224 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:39:22.0896 4224 ShellHWDetection - ok
05:39:22.0914 4224 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
05:39:22.0915 4224 SiSRaid2 - ok
05:39:22.0918 4224 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
05:39:22.0921 4224 SiSRaid4 - ok
05:39:22.0979 4224 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
05:39:22.0981 4224 SkypeUpdate - ok
05:39:23.0004 4224 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
05:39:23.0007 4224 Smb - ok
05:39:23.0030 4224 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
05:39:23.0035 4224 SNMPTRAP - ok
05:39:23.0048 4224 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
05:39:23.0050 4224 spldr - ok
05:39:23.0081 4224 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
05:39:23.0092 4224 Spooler - ok
05:39:23.0151 4224 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
05:39:23.0196 4224 sppsvc - ok
05:39:23.0208 4224 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
05:39:23.0211 4224 sppuinotify - ok
05:39:23.0235 4224 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
05:39:23.0242 4224 srv - ok
05:39:23.0262 4224 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
05:39:23.0268 4224 srv2 - ok
05:39:23.0280 4224 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
05:39:23.0283 4224 srvnet - ok
05:39:23.0305 4224 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
05:39:23.0310 4224 SSDPSRV - ok
05:39:23.0319 4224 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
05:39:23.0323 4224 SstpSvc - ok
05:39:23.0349 4224 Steam Client Service - ok
05:39:23.0417 4224 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
05:39:23.0421 4224 Stereo Service - ok
05:39:23.0440 4224 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
05:39:23.0443 4224 stexstor - ok
05:39:23.0475 4224 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
05:39:23.0487 4224 stisvc - ok
05:39:23.0491 4224 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
05:39:23.0493 4224 swenum - ok
05:39:23.0511 4224 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
05:39:23.0519 4224 swprv - ok
05:39:23.0547 4224 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
05:39:23.0564 4224 SysMain - ok
05:39:23.0574 4224 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:39:23.0578 4224 TabletInputService - ok
05:39:23.0600 4224 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
05:39:23.0605 4224 TapiSrv - ok
05:39:23.0612 4224 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
05:39:23.0615 4224 TBS - ok
05:39:23.0652 4224 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
05:39:23.0668 4224 Tcpip - ok
05:39:23.0693 4224 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
05:39:23.0700 4224 TCPIP6 - ok
05:39:23.0720 4224 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
05:39:23.0722 4224 tcpipreg - ok
05:39:23.0734 4224 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
05:39:23.0736 4224 TDPIPE - ok
05:39:23.0763 4224 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
05:39:23.0765 4224 TDTCP - ok
05:39:23.0781 4224 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
05:39:23.0785 4224 tdx - ok
05:39:23.0888 4224 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
05:39:23.0901 4224 TeamViewer7 - ok
05:39:23.0926 4224 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
05:39:23.0928 4224 TermDD - ok
05:39:23.0945 4224 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
05:39:23.0952 4224 TermService - ok
05:39:23.0955 4224 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
05:39:23.0958 4224 Themes - ok
05:39:23.0970 4224 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
05:39:23.0972 4224 THREADORDER - ok
05:39:23.0983 4224 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
05:39:23.0986 4224 TrkWks - ok
05:39:24.0027 4224 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:39:24.0031 4224 TrustedInstaller - ok
05:39:24.0042 4224 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
05:39:24.0044 4224 tssecsrv - ok
05:39:24.0056 4224 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
05:39:24.0059 4224 TsUsbFlt - ok
05:39:24.0075 4224 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
05:39:24.0078 4224 TsUsbGD - ok
05:39:24.0100 4224 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
05:39:24.0103 4224 tunnel - ok
05:39:24.0112 4224 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
05:39:24.0114 4224 uagp35 - ok
05:39:24.0126 4224 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
05:39:24.0130 4224 udfs - ok
05:39:24.0149 4224 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
05:39:24.0153 4224 UI0Detect - ok
05:39:24.0174 4224 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
05:39:24.0176 4224 uliagpkx - ok
05:39:24.0194 4224 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
05:39:24.0196 4224 umbus - ok
05:39:24.0209 4224 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
05:39:24.0212 4224 UmPass - ok
05:39:24.0230 4224 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
05:39:24.0239 4224 upnphost - ok
05:39:24.0282 4224 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
05:39:24.0285 4224 USBAAPL64 - ok
05:39:24.0320 4224 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
05:39:24.0323 4224 usbccgp - ok
05:39:24.0337 4224 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
05:39:24.0340 4224 usbcir - ok
05:39:24.0368 4224 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
05:39:24.0371 4224 usbehci - ok
05:39:24.0391 4224 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
05:39:24.0396 4224 usbhub - ok
05:39:24.0407 4224 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
05:39:24.0409 4224 usbohci - ok
05:39:24.0429 4224 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
05:39:24.0432 4224 usbprint - ok
05:39:24.0461 4224 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
05:39:24.0463 4224 usbscan - ok
05:39:24.0497 4224 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:39:24.0501 4224 USBSTOR - ok
05:39:24.0511 4224 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
05:39:24.0514 4224 usbuhci - ok
05:39:24.0533 4224 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
05:39:24.0538 4224 UxSms - ok
05:39:24.0547 4224 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
05:39:24.0550 4224 VaultSvc - ok
05:39:24.0562 4224 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
05:39:24.0565 4224 vdrvroot - ok
05:39:24.0585 4224 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
05:39:24.0596 4224 vds - ok
05:39:24.0613 4224 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
05:39:24.0615 4224 vga - ok
05:39:24.0624 4224 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
05:39:24.0626 4224 VgaSave - ok
05:39:24.0643 4224 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
05:39:24.0647 4224 vhdmp - ok
05:39:24.0662 4224 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
05:39:24.0664 4224 viaide - ok
05:39:24.0676 4224 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
05:39:24.0679 4224 volmgr - ok
05:39:24.0691 4224 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
05:39:24.0697 4224 volmgrx - ok
05:39:24.0714 4224 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
05:39:24.0720 4224 volsnap - ok
05:39:24.0739 4224 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
05:39:24.0743 4224 vsmraid - ok
05:39:24.0778 4224 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
05:39:24.0802 4224 VSS - ok
05:39:24.0806 4224 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
05:39:24.0809 4224 vwifibus - ok
05:39:24.0832 4224 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
05:39:24.0837 4224 W32Time - ok
05:39:24.0853 4224 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
05:39:24.0855 4224 WacomPen - ok
05:39:24.0864 4224 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
05:39:24.0866 4224 WANARP - ok
05:39:24.0869 4224 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
05:39:24.0870 4224 Wanarpv6 - ok
05:39:24.0921 4224 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
05:39:24.0936 4224 WatAdminSvc - ok
05:39:24.0966 4224 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
05:39:24.0980 4224 wbengine - ok
05:39:25.0017 4224 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
05:39:25.0021 4224 WbioSrvc - ok
05:39:25.0040 4224 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
05:39:25.0049 4224 wcncsvc - ok
05:39:25.0057 4224 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:39:25.0062 4224 WcsPlugInService - ok
05:39:25.0064 4224 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
05:39:25.0066 4224 Wd - ok
05:39:25.0097 4224 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
05:39:25.0105 4224 Wdf01000 - ok
05:39:25.0115 4224 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
05:39:25.0118 4224 WdiServiceHost - ok
05:39:25.0121 4224 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
05:39:25.0124 4224 WdiSystemHost - ok
05:39:25.0138 4224 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
05:39:25.0143 4224 WebClient - ok
05:39:25.0151 4224 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
05:39:25.0156 4224 Wecsvc - ok
05:39:25.0164 4224 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
05:39:25.0167 4224 wercplsupport - ok
05:39:25.0182 4224 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
05:39:25.0185 4224 WerSvc - ok
05:39:25.0198 4224 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
05:39:25.0199 4224 WfpLwf - ok
05:39:25.0214 4224 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
05:39:25.0216 4224 WIMMount - ok
05:39:25.0218 4224 WinHttpAutoProxySvc - ok
05:39:25.0260 4224 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
05:39:25.0263 4224 Winmgmt - ok
05:39:25.0304 4224 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
05:39:25.0323 4224 WinRM - ok
05:39:25.0368 4224 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
05:39:25.0371 4224 WinUsb - ok
05:39:25.0409 4224 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
05:39:25.0423 4224 Wlansvc - ok
05:39:25.0508 4224 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:39:25.0531 4224 wlidsvc - ok
05:39:25.0559 4224 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
05:39:25.0560 4224 WmiAcpi - ok
05:39:25.0572 4224 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
05:39:25.0575 4224 wmiApSrv - ok
05:39:25.0595 4224 WMPNetworkSvc - ok
05:39:25.0618 4224 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
05:39:25.0622 4224 WPCSvc - ok
05:39:25.0632 4224 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
05:39:25.0637 4224 WPDBusEnum - ok
05:39:25.0652 4224 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
05:39:25.0654 4224 ws2ifsl - ok
05:39:25.0657 4224 WSearch - ok
05:39:25.0684 4224 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
05:39:25.0686 4224 WudfPf - ok
05:39:25.0700 4224 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
05:39:25.0703 4224 WUDFRd - ok
05:39:25.0719 4224 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
05:39:25.0724 4224 wudfsvc - ok
05:39:25.0734 4224 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
05:39:25.0740 4224 WwanSvc - ok
05:39:25.0753 4224 ================ Scan global ===============================
05:39:25.0782 4224 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
05:39:25.0807 4224 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
05:39:25.0815 4224 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
05:39:25.0839 4224 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
05:39:25.0877 4224 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
05:39:25.0899 4224 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
05:39:25.0899 4224 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
05:39:25.0899 4224 ================ Scan MBR ==================================
05:39:25.0912 4224 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
05:39:26.0095 4224 \Device\Harddisk0\DR0 - ok
05:39:26.0095 4224 ================ Scan VBR ==================================
05:39:26.0098 4224 [ 685628FED5EADD49B1BE5BF47237BC8C ] \Device\Harddisk0\DR0\Partition1
05:39:26.0100 4224 \Device\Harddisk0\DR0\Partition1 - ok
05:39:26.0102 4224 [ 0F734ABA3D487E0DC9F66062D95FFF40 ] \Device\Harddisk0\DR0\Partition2
05:39:26.0104 4224 \Device\Harddisk0\DR0\Partition2 - ok
05:39:26.0104 4224 ============================================================
05:39:26.0104 4224 Scan finished
05:39:26.0104 4224 ============================================================
05:39:26.0112 4200 Detected object count: 1
05:39:26.0112 4200 Actual detected object count: 1
05:39:32.0986 4200 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
05:39:32.0986 4200 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip

#6 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 05:53 AM

aswMBR save log.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-17 05:43:44
-----------------------------
05:43:44.089 OS Version: Windows x64 6.1.7601 Service Pack 1
05:43:44.090 Number of processors: 4 586 0x2A07
05:43:44.091 ComputerName: TRAVIS-PC UserName: Travis
05:43:46.222 Initialize success
05:43:47.206 AVAST engine defs: 12111601
05:44:29.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
05:44:29.739 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11
05:44:29.757 Disk 0 MBR read successfully
05:44:29.759 Disk 0 MBR scan
05:44:29.763 Disk 0 Windows 7 default MBR code
05:44:29.772 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
05:44:29.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
05:44:29.793 Disk 0 scanning C:\Windows\system32\drivers
05:44:35.022 Service scanning
05:44:44.517 Modules scanning
05:44:44.525 Disk 0 trace - called modules:
05:44:44.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
05:44:44.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c9b060]
05:44:44.548 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007163060]
05:44:45.414 AVAST engine scan C:\Windows
05:44:47.109 AVAST engine scan C:\Windows\system32
05:45:18.950 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
05:45:31.961 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
05:45:33.129 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
05:46:00.391 AVAST engine scan C:\Windows\system32\drivers
05:46:07.312 AVAST engine scan C:\Users\Travis
05:47:22.700 File: C:\Users\Travis\AppData\Local\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
05:50:54.046 AVAST engine scan C:\ProgramData
05:51:51.276 Scan finished successfully
05:52:09.198 Disk 0 MBR has been saved successfully to "C:\Users\Travis\Desktop\MBR.dat"
05:52:09.202 The log file has been saved successfully to "C:\Users\Travis\Desktop\aswMBR.txt"

#7 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 06:40 AM

And lastly the ESET scan, Please come back and tell me what to do next soon, thank you for all the help so far.

C:\Program Files (x86)\DealBulldog Toolbar\UninstallToolbar.exe Win32/Somoto application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.11.2012_05.35.52\zasubsys0000\zafs0000\tsk0004.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Users\Travis\AppData\Local\TempDIR\BetterInstaller.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Travis\Downloads\cnet2_wax20e_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Windows\Installer\{7997fff0-e17b-bf77-74b1-2b944b8c78e4}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{7997fff0-e17b-bf77-74b1-2b944b8c78e4}\U\trzD652.tmp Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Windows\Installer\{7997fff0-e17b-bf77-74b1-2b944b8c78e4}\U\trzD653.tmp Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Windows\Installer\{7997fff0-e17b-bf77-74b1-2b944b8c78e4}\U\trzF99E.tmp probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N753GRG\kittyflix_com[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.AOWP trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:33 PM

Posted 17 November 2012 - 08:08 AM

05:39:32.0986 4200 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user


Launch TDSSkiller again and select CURE.Do not skip it,post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 02:30 PM

Not able to post 2nd TDSS log, Woke up unable to log on to my computer so went into safe mode, it says Cure failed and I can't seem to copy paste the log. virus/win64.Zaccess.A

#10 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 02:59 PM

The malwarebytes savelog

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Travis :: TRAVIS-PC [administrator]

Protection: Disabled

11/17/2012 2:32:01 PM
mbam-log-2012-11-17 (14-58-23).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 420856
Time elapsed: 25 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\TDSSKiller_Quarantine\17.11.2012_14.25.06\zasubsys0000\file0000\tsk0000.dta (Rootkit.0Access) -> No action taken.
C:\TDSSKiller_Quarantine\17.11.2012_14.25.06\zasubsys0000\zafs0000\tsk0007.dta (Trojan.Dropper.BCMiner) -> No action taken.
C:\TDSSKiller_Quarantine\17.11.2012_14.25.06\zasubsys0000\zafs0000\tsk0008.dta (Rootkit.0Access) -> No action taken.
C:\TDSSKiller_Quarantine\17.11.2012_14.25.06\zasubsys0000\zafs0000\tsk0010.dta (Rootkit.0Access) -> No action taken.
C:\TDSSKiller_Quarantine\17.11.2012_14.25.06\zasubsys0001\file0000\tsk0000.dta (Rootkit.0Access) -> No action taken.
C:\TDSSKiller_Quarantine\17.11.2012_14.25.06\zasubsys0001\zafs0000\tsk0007.dta (Trojan.Dropper.BCMiner) -> No action taken.
C:\TDSSKiller_Quarantine\17.11.2012_14.25.06\zasubsys0001\zafs0000\tsk0008.dta (Rootkit.0Access) -> No action taken.
C:\TDSSKiller_Quarantine\17.11.2012_14.25.06\zasubsys0001\zafs0000\tsk0010.dta (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{7997fff0-e17b-bf77-74b1-2b944b8c78e4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\Windows\Installer\{7997fff0-e17b-bf77-74b1-2b944b8c78e4}\U\000000cb.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{7997fff0-e17b-bf77-74b1-2b944b8c78e4}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)

#11 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 03:01 PM

Mini Toolbox log

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Travis (administrator) on 17-11-2012 at 15:00:25
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Travis-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F4-6D-04-E5-08-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a557:375:12a1:1adc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, November 17, 2012 2:22:56 PM
Lease Expires . . . . . . . . . . : Sunday, November 18, 2012 2:22:56 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 250899716
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A9-2C-3F-F4-6D-04-E5-08-3B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{47F8A4AB-56D4-4412-B624-E2015F7B8989}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BF225E89-9B15-4C84-8305-292A5650D8EA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [173.194.37.129] with 32 bytes of data:
Reply from 173.194.37.129: bytes=32 time=21ms TTL=52
Reply from 173.194.37.129: bytes=32 time=50ms TTL=52

Ping statistics for 173.194.37.129:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 50ms, Average = 35ms

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=82ms TTL=44
Reply from 98.138.253.109: bytes=32 time=89ms TTL=44

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 82ms, Maximum = 89ms, Average = 85ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...f4 6d 04 e5 08 3b ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::a557:375:12a1:1adc/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/17/2012 02:24:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 05:53:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/17/2012 05:53:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/17/2012 04:25:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 04:25:09 AM) (Source: Bonjour Service) (User: )
Description: Local Hostname Travis-PC.local already in use; will try Travis-PC-2.local instead

Error: (11/17/2012 04:25:09 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Travis-PC.local. Addr 192.168.1.2

Error: (11/17/2012 04:25:09 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 4 Travis-PC.local. Addr 192.168.1.4

Error: (11/17/2012 02:34:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 01:11:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2012 03:07:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/17/2012 02:23:27 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/17/2012 02:23:22 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/17/2012 02:23:22 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/17/2012 02:23:20 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/17/2012 02:23:13 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/17/2012 02:23:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswSnx
aswSP
aswTdi
Avgldx64
Avgmfx64
discache
spldr
Wanarpv6

Error: (11/17/2012 02:22:57 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (11/17/2012 02:22:57 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (11/17/2012 02:22:56 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/17/2012 02:22:55 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:21:14 PM on ?11/?17/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (11/17/2012 02:24:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 05:53:47 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Travis\Downloads\esetsmartinstaller_enu.exe

Error: (11/17/2012 05:53:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Travis\Downloads\esetsmartinstaller_enu.exe

Error: (11/17/2012 04:25:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 04:25:09 AM) (Source: Bonjour Service)(User: )
Description: Local Hostname Travis-PC.local already in use; will try Travis-PC-2.local instead

Error: (11/17/2012 04:25:09 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Travis-PC.local. Addr 192.168.1.2

Error: (11/17/2012 04:25:09 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 4 Travis-PC.local. Addr 192.168.1.4

Error: (11/17/2012 02:34:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2012 01:11:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2012 03:07:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
Absolute Nature for S.T.A.L.K.E.R - Shadow of Chernobyl
Absolute Structures for S.T.A.L.K.E.R - Shadow of Chernobyl
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Amnesia: The Dark Descent version 1.0 (Version: 1.0)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ARMA 2
ARMA 2: Operation Arrowhead
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.4.5.0)
avast! Free Antivirus (Version: 7.0.1474.0)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2629)
AVG 2012 (Version: 2012.0.2221)
BattlEye for OA Uninstall
Bluetooth Win7 Suite (64) (Version: 7.2.0.40)
Bonjour (Version: 3.0.0.10)
Brothers in Arms - Hells Highway (Version: 1.0)
Browser Configuration Utility (Version: 1.0.10.0)
CCleaner (Version: 3.24)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Pro (Version: 4.41.0315.0262)
DayZ Commander (Version: 1.09.71)
DealBulldog Toolbar
DebugMode Wax 2.0
ESET Online Scanner v3
Fraps (remove only)
GameFly (Version: 1.0.1843)
Google Chrome (Version: 23.0.1271.64)
Gyazo 1.0
HyperCam 2 (Version: 2.25.01)
Intel® Management Engine Components (Version: 7.0.0.1144)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (Version: 6.0.310)
League of Legends (Version: 1.3)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
ManyCam 3.0.80 (remove only) (Version: 3.0.80)
marvell 91xx driver (Version: 1.0.0.1051)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIRC (Version: 7.25)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
NavNet (Version: 4.0)
Nexus Mod Manager (Version: 0.33.1)
Notepad++ (Version: 5.9.8)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Pando Media Booster (Version: 2.6.0.2)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6235)
ROBLOX Player for Travis
S.T.A.L.K.E.R.: Shadow of Chernobyl
ShortKeys Lite (Version: 2.3.2.1)
Six Updater (Version: 2.09.7016)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.10 (Version: 5.10.116)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
SwiftKit
TeamSpeak 3 Client (Version: 3.0.9.2)
TeamViewer 7 (Version: 7.0.12541)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Vegas Pro 11.0 (Version: 11.0.594)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 8168.86 MB
Available physical RAM: 6407.44 MB
Total Pagefile: 16335.92 MB
Available Pagefile: 14754.48 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:674.91 GB) NTFS

========================= Users: ========================================

User accounts for \\TRAVIS-PC

Administrator Brenda Guest
Travis UpdatusUser

========================= Restore Points ==================================

16-11-2012 05:13:43 Scheduled Checkpoint
17-11-2012 07:06:11 Installed SpyHunter
17-11-2012 07:21:19 Removed SpyHunter
17-11-2012 07:23:32 Removed SpyHunter
17-11-2012 07:39:13 Removed Camtasia Studio 8
17-11-2012 08:00:40 avast! Free Antivirus Setup

**** End of log ****

#12 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 03:04 PM

Farbar log

Farbar Service Scanner Version: 09-11-2012
Ran by Travis (administrator) on 17-11-2012 at 15:03:49
Running from "C:\Users\Travis\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-11-13 14:20] - [2012-10-03 12:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

#13 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 03:09 PM

Adware cleaner log,

# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Travis - TRAVIS-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Travis\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealBulldog Toolbar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Brenda\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Travis\AppData\Local\Conduit
Folder Deleted : C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Travis\AppData\Local\TempDir
Folder Deleted : C:\Users\Travis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Travis\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\f2yht1ow.default\ConduitCommon
Folder Deleted : C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\f2yht1ow.default\CT3072253
Folder Deleted : C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\f2yht1ow.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\SMTTB2009
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\f2yht1ow.default\prefs.js

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT3072253.CurrentServerDate", "10-11-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Fri Nov 09 2012 21:57:12 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.EnableSearchHistory", false);
Deleted : user_pref("CT3072253.EnableSearchSuggest", false);
Deleted : user_pref("CT3072253.FirstServerDate", "27-6-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingInvalidateCache", false);
Deleted : user_pref("CT3072253.GroupingLastCheckTime", "0");
Deleted : user_pref("CT3072253.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.smokinelite.com/");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft3AEC.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Wed Jun 27 2012 01:20:49 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3072253.InvalidateCache", false);
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Fri Nov 09 2012 21:57:12 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Sun Sep 16 2012 00:05:51 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Fri Nov 09 2012 21:57:12 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipShow", false);
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT3072253.RadioLastCheckTime", "0");
Deleted : user_pref("CT3072253.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT3072253.RadioLastUpdateServer", "0");
Deleted : user_pref("CT3072253.RadioShrinked", "expanded");
Deleted : user_pref("CT3072253.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3072253.SearchBoxWidth", 100);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Fri Nov 09 2012 21:57:12 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Fri Nov 09 2012 21:57:12 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Fri Nov 09 2012 21:57:12 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1352140971");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Jun 27 2012 01:20:49 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN15209186019717646");
Deleted : user_pref("CT3072253.ValidationData_Search", 1);
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.approveUntrustedApps", true);
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "576564204A756E20323720323031322030313A32303A35312[...]
Deleted : user_pref("CT3072253.components.129573915102477663", false);
Deleted : user_pref("CT3072253.components.129593762370823811", false);
Deleted : user_pref("CT3072253.components.129749445881800338", false);
Deleted : user_pref("CT3072253.components.129805375651312503", false);
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Wed Jun 27 2012 01:20:49 GMT-0400 (Eastern [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.isFirstRadioInstallation", false);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Fri Nov 09 2012 21:57:12 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Wed Jun 27 2012 01:20:50 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT3072253.usageEnabled", false);
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5cd[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Travis\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "5ccad915-7633-4bfc-a561-222130448120");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jun 27 2012 01:20:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jun 27 2012 01:20:50 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "e67dc018-2155-45ca-bd8c-b5081c6e3b82");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.smokinelite.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

Profile name : default
File : C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\rwggtyz0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [22514 octets] - [17/11/2012 15:04:51]

########## EOF - C:\AdwCleaner[S1].txt - [22575 octets] ##########

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:33 PM

Posted 17 November 2012 - 03:19 PM

Reboot the PC into normal mode

Run malwarebytes scan in normal mode and post the clean log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#15 TwoSixSided

TwoSixSided
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 17 November 2012 - 03:21 PM

JRT log,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.1.7 (11.17.2012)
OS: Windows 7 Home Premium x64
Ran by Travis on Sat 11/17/2012 at 15:10:26.19
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/17/2012 at 15:14:59.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Still getting avast pop ups for viruses.. Ugh please come back soon I have an hour and a half until I need to do something with my computer it looks like I won't be able to..

Oh I didn't see your reply thank you so much, doing that stuff now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users