Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Trojan


  • This topic is locked This topic is locked
19 replies to this topic

#1 Boucheman

Boucheman

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 13 December 2012 - 01:13 AM

The issues my computer are experiencing are as follows: My McAfee real-time scanning and McAfee firewall keep being turned off and my comp is lagging a little. Here is a link to my first post -->HERE<--


Here is the dds logs you guys need:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.4.0
Run by Home at 0:08:33 on 2012-12-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.6368 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120701004616.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{52E96541-6429-4922-A7A8-C89169E3C11B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{661637C6-1229-4B1F-B0C2-19253A4C7D05} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120701004616.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Home\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Home\AppData\Roaming\E-centives\NPcolPM460.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-13 335784]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-2 55856]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-6 399432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-6-2 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-6-2 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-6-2 177144]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-2 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-6-2 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-6 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-13 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-13 513456]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2009-7-1 33448]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-6 676936]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-13 69672]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-28 196440]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-2 158976]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-6-2 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-13 106112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-27 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-27 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-27 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-9 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-23 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-11 18:51:18 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-12-08 10:39:01 -------- d-----w- C:\Users\Home\AppData\Roaming\SpeedyPC Software
2012-12-08 10:39:01 -------- d-----w- C:\Users\Home\AppData\Roaming\DriverCure
2012-12-08 10:37:59 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-12-06 21:38:52 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-12-06 21:38:37 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
2012-12-04 09:57:55 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6436BD5-0005-42AB-96A6-F677A9007CF4}\mpengine.dll
2012-11-28 05:01:58 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-28 05:01:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-28 05:01:58 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-28 05:01:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-28 05:01:57 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-28 05:01:57 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-28 05:01:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-28 05:01:57 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-28 05:01:57 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-26 04:09:34 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-20 09:48:12 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-11-14 09:12:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-14 09:12:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 09:12:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 09:12:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 09:03:54 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 09:03:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 09:03:54 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 09:03:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 09:03:53 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 09:03:53 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 09:03:53 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
.
==================== Find3M ====================
.
2012-12-12 07:27:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 07:27:13 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-27 03:07:08 99384 ----a-w- C:\Users\Home\AppData\Roaming\inst.exe
2012-09-27 03:07:08 82816 ----a-w- C:\Users\Home\AppData\Roaming\pcouffin.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 0:09:14.37 ===============

Just looking through the "Created Last 30" list, I can tell you that these problems started immediately after installing this:
2012-12-06 21:38:37 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack

Attached Files


Edited by Boucheman, 13 December 2012 - 01:34 AM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:03 PM

Posted 13 December 2012 - 05:06 AM

Hello Boucheman ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



STEP 1



Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


STEP 2


  • Please download RogueKiller and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.



Regards,
Georgi

cXfZ4wS.png


#3 Boucheman

Boucheman
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 14 December 2012 - 11:19 PM

Okay, I ran the TDSKiller scan 3 times. I will put the 1st scan in this reply and put the other 2 in another reply. I keep getting the "Your post was too long. please go back and shorten it a little" error. Sorry about multi-posting.

TDSKiller 1st Scan:



01:37:56.0192 1264 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:37:56.0566 1264 ============================================================
01:37:56.0566 1264 Current date / time: 2012/12/14 01:37:56.0566
01:37:56.0566 1264 SystemInfo:
01:37:56.0566 1264
01:37:56.0566 1264 OS Version: 6.1.7601 ServicePack: 1.0
01:37:56.0566 1264 Product type: Workstation
01:37:56.0566 1264 ComputerName: HOME-PC
01:37:56.0566 1264 UserName: Home
01:37:56.0566 1264 Windows directory: C:\Windows
01:37:56.0566 1264 System windows directory: C:\Windows
01:37:56.0566 1264 Running under WOW64
01:37:56.0566 1264 Processor architecture: Intel x64
01:37:56.0566 1264 Number of processors: 4
01:37:56.0566 1264 Page size: 0x1000
01:37:56.0566 1264 Boot type: Normal boot
01:37:56.0566 1264 ============================================================
01:37:57.0471 1264 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:37:57.0487 1264 Drive \Device\Harddisk5\DR5 - Size: 0x746F100000 (465.74 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:38:01.0418 1264 ============================================================
01:38:01.0418 1264 \Device\Harddisk0\DR0:
01:38:01.0418 1264 MBR partitions:
01:38:01.0418 1264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
01:38:01.0418 1264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
01:38:01.0418 1264 \Device\Harddisk5\DR5:
01:38:01.0418 1264 MBR partitions:
01:38:01.0418 1264 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A378000
01:38:01.0418 1264 ============================================================
01:38:01.0433 1264 C: <-> \Device\Harddisk0\DR0\Partition2
01:38:01.0480 1264 L: <-> \Device\Harddisk5\DR5\Partition1
01:38:01.0480 1264 ============================================================
01:38:01.0480 1264 Initialize success
01:38:01.0480 1264 ============================================================
01:38:20.0848 4784 ============================================================
01:38:20.0848 4784 Scan started
01:38:20.0848 4784 Mode: Manual;
01:38:20.0848 4784 ============================================================
01:38:21.0301 4784 ================ Scan system memory ========================
01:38:21.0301 4784 System memory - ok
01:38:21.0301 4784 ================ Scan services =============================
01:38:21.0410 4784 0024101355442177mcinstcleanup - ok
01:38:21.0488 4784 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:38:21.0535 4784 1394ohci - ok
01:38:21.0550 4784 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:38:21.0550 4784 ACPI - ok
01:38:21.0566 4784 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:38:21.0628 4784 AcpiPmi - ok
01:38:21.0706 4784 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:38:21.0706 4784 AdobeARMservice - ok
01:38:21.0831 4784 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:38:21.0831 4784 AdobeFlashPlayerUpdateSvc - ok
01:38:21.0847 4784 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:38:21.0862 4784 adp94xx - ok
01:38:21.0893 4784 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:38:21.0909 4784 adpahci - ok
01:38:21.0925 4784 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:38:21.0925 4784 adpu320 - ok
01:38:21.0956 4784 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:38:21.0956 4784 AeLookupSvc - ok
01:38:22.0003 4784 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:38:22.0049 4784 AFD - ok
01:38:22.0065 4784 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:38:22.0065 4784 agp440 - ok
01:38:22.0081 4784 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:38:22.0081 4784 ALG - ok
01:38:22.0081 4784 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:38:22.0081 4784 aliide - ok
01:38:22.0096 4784 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:38:22.0096 4784 amdide - ok
01:38:22.0096 4784 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:38:22.0096 4784 AmdK8 - ok
01:38:22.0096 4784 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
01:38:22.0112 4784 AmdPPM - ok
01:38:22.0127 4784 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:38:22.0190 4784 amdsata - ok
01:38:22.0205 4784 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:38:22.0205 4784 amdsbs - ok
01:38:22.0221 4784 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:38:22.0221 4784 amdxata - ok
01:38:22.0237 4784 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:38:22.0283 4784 AppID - ok
01:38:22.0299 4784 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:38:22.0299 4784 AppIDSvc - ok
01:38:22.0315 4784 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:38:22.0330 4784 Appinfo - ok
01:38:22.0408 4784 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:38:22.0408 4784 Apple Mobile Device - ok
01:38:22.0408 4784 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
01:38:22.0408 4784 arc - ok
01:38:22.0424 4784 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:38:22.0424 4784 arcsas - ok
01:38:22.0486 4784 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:38:22.0486 4784 aspnet_state - ok
01:38:22.0502 4784 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:38:22.0502 4784 AsyncMac - ok
01:38:22.0517 4784 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:38:22.0517 4784 atapi - ok
01:38:22.0580 4784 [ 195786ED7A26E1913A4F9799FDBC2C71 ] athr C:\Windows\system32\DRIVERS\athrx.sys
01:38:22.0611 4784 athr - ok
01:38:22.0627 4784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:38:22.0658 4784 AudioEndpointBuilder - ok
01:38:22.0673 4784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:38:22.0689 4784 AudioSrv - ok
01:38:22.0705 4784 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:38:22.0720 4784 AxInstSV - ok
01:38:22.0736 4784 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:38:22.0751 4784 b06bdrv - ok
01:38:22.0783 4784 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:38:22.0798 4784 b57nd60a - ok
01:38:22.0829 4784 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:38:22.0829 4784 BDESVC - ok
01:38:22.0845 4784 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:38:22.0845 4784 Beep - ok
01:38:22.0861 4784 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:38:22.0923 4784 BITS - ok
01:38:22.0939 4784 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:38:22.0939 4784 blbdrive - ok
01:38:23.0001 4784 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:38:23.0001 4784 Bonjour Service - ok
01:38:23.0032 4784 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:38:23.0032 4784 bowser - ok
01:38:23.0048 4784 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:38:23.0048 4784 BrFiltLo - ok
01:38:23.0048 4784 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:38:23.0063 4784 BrFiltUp - ok
01:38:23.0095 4784 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:38:23.0141 4784 Browser - ok
01:38:23.0157 4784 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:38:23.0157 4784 Brserid - ok
01:38:23.0173 4784 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:38:23.0173 4784 BrSerWdm - ok
01:38:23.0173 4784 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:38:23.0173 4784 BrUsbMdm - ok
01:38:23.0173 4784 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:38:23.0173 4784 BrUsbSer - ok
01:38:23.0188 4784 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:38:23.0188 4784 BTHMODEM - ok
01:38:23.0204 4784 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:38:23.0204 4784 bthserv - ok
01:38:23.0219 4784 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:38:23.0219 4784 cdfs - ok
01:38:23.0235 4784 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:38:23.0266 4784 cdrom - ok
01:38:23.0297 4784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:38:23.0313 4784 CertPropSvc - ok
01:38:23.0344 4784 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
01:38:23.0391 4784 cfwids - ok
01:38:23.0407 4784 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
01:38:23.0407 4784 circlass - ok
01:38:23.0422 4784 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:38:23.0422 4784 CLFS - ok
01:38:23.0469 4784 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:38:23.0469 4784 clr_optimization_v2.0.50727_32 - ok
01:38:23.0516 4784 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:38:23.0516 4784 clr_optimization_v2.0.50727_64 - ok
01:38:23.0547 4784 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:38:23.0547 4784 clr_optimization_v4.0.30319_32 - ok
01:38:23.0563 4784 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:38:23.0563 4784 clr_optimization_v4.0.30319_64 - ok
01:38:23.0594 4784 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
01:38:23.0594 4784 CmBatt - ok
01:38:23.0594 4784 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:38:23.0609 4784 cmdide - ok
01:38:23.0656 4784 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
01:38:23.0656 4784 CNG - ok
01:38:23.0656 4784 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:38:23.0672 4784 Compbatt - ok
01:38:23.0672 4784 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
01:38:23.0719 4784 CompositeBus - ok
01:38:23.0719 4784 COMSysApp - ok
01:38:23.0734 4784 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:38:23.0734 4784 crcdisk - ok
01:38:23.0781 4784 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:38:23.0828 4784 CryptSvc - ok
01:38:23.0843 4784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:38:23.0843 4784 DcomLaunch - ok
01:38:23.0859 4784 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:38:23.0859 4784 defragsvc - ok
01:38:23.0890 4784 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:38:23.0890 4784 DfsC - ok
01:38:23.0906 4784 dgderdrv - ok
01:38:23.0906 4784 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:38:23.0953 4784 Dhcp - ok
01:38:23.0968 4784 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:38:23.0968 4784 discache - ok
01:38:23.0984 4784 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
01:38:23.0984 4784 Disk - ok
01:38:24.0031 4784 [ 0B35CA50349AF8145850B4BD1782DBF5 ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
01:38:24.0093 4784 dleaCATSCustConnectService - ok
01:38:24.0093 4784 dlea_device - ok
01:38:24.0124 4784 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:38:24.0140 4784 Dnscache - ok
01:38:24.0155 4784 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:38:24.0187 4784 dot3svc - ok
01:38:24.0202 4784 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:38:24.0233 4784 DPS - ok
01:38:24.0249 4784 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:38:24.0249 4784 drmkaud - ok
01:38:24.0265 4784 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:38:24.0311 4784 DXGKrnl - ok
01:38:24.0327 4784 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:38:24.0327 4784 EapHost - ok
01:38:24.0405 4784 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:38:24.0421 4784 ebdrv - ok
01:38:24.0452 4784 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:38:24.0499 4784 EFS - ok
01:38:24.0545 4784 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:38:24.0608 4784 ehRecvr - ok
01:38:24.0623 4784 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:38:24.0623 4784 ehSched - ok
01:38:24.0670 4784 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
01:38:24.0717 4784 ElbyCDIO - ok
01:38:24.0733 4784 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:38:24.0748 4784 elxstor - ok
01:38:24.0748 4784 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:38:24.0764 4784 ErrDev - ok
01:38:24.0795 4784 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:38:24.0795 4784 EventSystem - ok
01:38:24.0811 4784 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:38:24.0811 4784 exfat - ok
01:38:24.0826 4784 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:38:24.0826 4784 fastfat - ok
01:38:24.0857 4784 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:38:24.0920 4784 Fax - ok
01:38:24.0935 4784 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
01:38:24.0935 4784 fdc - ok
01:38:24.0951 4784 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:38:24.0951 4784 fdPHost - ok
01:38:24.0951 4784 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:38:24.0967 4784 FDResPub - ok
01:38:24.0967 4784 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:38:24.0982 4784 FileInfo - ok
01:38:24.0982 4784 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:38:24.0982 4784 Filetrace - ok
01:38:25.0060 4784 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:38:25.0123 4784 FLEXnet Licensing Service - ok
01:38:25.0123 4784 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:38:25.0138 4784 flpydisk - ok
01:38:25.0154 4784 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:38:25.0154 4784 FltMgr - ok
01:38:25.0169 4784 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:38:25.0216 4784 FontCache - ok
01:38:25.0263 4784 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:38:25.0310 4784 FontCache3.0.0.0 - ok
01:38:25.0325 4784 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:38:25.0325 4784 FsDepends - ok
01:38:25.0357 4784 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:38:25.0403 4784 Fs_Rec - ok
01:38:25.0419 4784 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:38:25.0435 4784 fvevol - ok
01:38:25.0450 4784 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:38:25.0450 4784 gagp30kx - ok
01:38:25.0497 4784 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
01:38:25.0559 4784 GamesAppService - ok
01:38:25.0591 4784 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:38:25.0653 4784 GEARAspiWDM - ok
01:38:25.0700 4784 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
01:38:25.0700 4784 GoToAssist - ok
01:38:25.0731 4784 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:38:25.0778 4784 gpsvc - ok
01:38:25.0840 4784 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:38:25.0840 4784 gupdate - ok
01:38:25.0871 4784 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:38:25.0871 4784 gupdatem - ok
01:38:25.0887 4784 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:38:25.0887 4784 hcw85cir - ok
01:38:25.0918 4784 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:38:25.0965 4784 HDAudBus - ok
01:38:26.0012 4784 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
01:38:26.0059 4784 HECIx64 - ok
01:38:26.0074 4784 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:38:26.0074 4784 HidBatt - ok
01:38:26.0090 4784 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:38:26.0090 4784 HidBth - ok
01:38:26.0090 4784 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:38:26.0105 4784 HidIr - ok
01:38:26.0105 4784 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:38:26.0121 4784 hidserv - ok
01:38:26.0137 4784 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:38:26.0183 4784 HidUsb - ok
01:38:26.0215 4784 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
01:38:26.0277 4784 HipShieldK - ok
01:38:26.0293 4784 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:38:26.0324 4784 hkmsvc - ok
01:38:26.0324 4784 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:38:26.0355 4784 HomeGroupListener - ok
01:38:26.0371 4784 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:38:26.0402 4784 HomeGroupProvider - ok
01:38:26.0402 4784 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:38:26.0449 4784 HpSAMD - ok
01:38:26.0464 4784 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:38:26.0511 4784 HTTP - ok
01:38:26.0511 4784 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:38:26.0511 4784 hwpolicy - ok
01:38:26.0542 4784 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:38:26.0542 4784 i8042prt - ok
01:38:26.0573 4784 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:38:26.0620 4784 iaStorV - ok
01:38:26.0667 4784 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:38:26.0745 4784 IDriverT - ok
01:38:26.0776 4784 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:38:26.0839 4784 idsvc - ok
01:38:27.0026 4784 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:38:27.0197 4784 igfx - ok
01:38:27.0197 4784 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:38:27.0197 4784 iirsp - ok
01:38:27.0229 4784 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:38:27.0260 4784 IKEEXT - ok
01:38:27.0291 4784 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
01:38:27.0322 4784 Impcd - ok
01:38:27.0385 4784 [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:38:27.0447 4784 IntcAzAudAddService - ok
01:38:27.0494 4784 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
01:38:27.0541 4784 IntcDAud - ok
01:38:27.0556 4784 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:38:27.0556 4784 intelide - ok
01:38:27.0556 4784 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:38:27.0556 4784 intelppm - ok
01:38:27.0572 4784 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:38:27.0572 4784 IPBusEnum - ok
01:38:27.0587 4784 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:38:27.0619 4784 IpFilterDriver - ok
01:38:27.0619 4784 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:38:27.0650 4784 IPMIDRV - ok
01:38:27.0665 4784 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:38:27.0665 4784 IPNAT - ok
01:38:27.0697 4784 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:38:27.0697 4784 iPod Service - ok
01:38:27.0728 4784 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:38:27.0728 4784 IRENUM - ok
01:38:27.0743 4784 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:38:27.0743 4784 isapnp - ok
01:38:27.0759 4784 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:38:27.0790 4784 iScsiPrt - ok
01:38:27.0806 4784 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
01:38:27.0853 4784 k57nd60a - ok
01:38:27.0868 4784 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:38:27.0868 4784 kbdclass - ok
01:38:27.0899 4784 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:38:27.0931 4784 kbdhid - ok
01:38:27.0946 4784 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:38:27.0962 4784 KeyIso - ok
01:38:27.0993 4784 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:38:27.0993 4784 KSecDD - ok
01:38:28.0024 4784 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:38:28.0024 4784 KSecPkg - ok
01:38:28.0040 4784 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:38:28.0040 4784 ksthunk - ok
01:38:28.0071 4784 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:38:28.0071 4784 KtmRm - ok
01:38:28.0087 4784 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:38:28.0133 4784 LanmanServer - ok
01:38:28.0149 4784 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:38:28.0180 4784 LanmanWorkstation - ok
01:38:28.0211 4784 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:38:28.0211 4784 lltdio - ok
01:38:28.0227 4784 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:38:28.0243 4784 lltdsvc - ok
01:38:28.0258 4784 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:38:28.0258 4784 lmhosts - ok
01:38:28.0274 4784 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:38:28.0274 4784 LSI_FC - ok
01:38:28.0289 4784 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:38:28.0289 4784 LSI_SAS - ok
01:38:28.0289 4784 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:38:28.0289 4784 LSI_SAS2 - ok
01:38:28.0305 4784 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:38:28.0305 4784 LSI_SCSI - ok
01:38:28.0321 4784 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:38:28.0321 4784 luafv - ok
01:38:28.0383 4784 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:38:28.0383 4784 MBAMProtector - ok
01:38:28.0445 4784 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:38:28.0445 4784 MBAMScheduler - ok
01:38:28.0492 4784 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:38:28.0508 4784 MBAMService - ok
01:38:28.0601 4784 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:38:28.0648 4784 McAfee SiteAdvisor Service - ok
01:38:28.0695 4784 [ B6BD99C3E23507A732C474CAA620C0D7 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
01:38:28.0695 4784 McAWFwk - ok
01:38:28.0742 4784 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
01:38:28.0789 4784 mcdbus - ok
01:38:28.0804 4784 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:38:28.0804 4784 McMPFSvc - ok
01:38:28.0820 4784 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:38:28.0820 4784 mcmscsvc - ok
01:38:28.0820 4784 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:38:28.0820 4784 McNaiAnn - ok
01:38:28.0835 4784 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:38:28.0835 4784 McNASvc - ok
01:38:28.0882 4784 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
01:38:28.0882 4784 McODS - ok
01:38:28.0882 4784 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:38:28.0882 4784 McOobeSv - ok
01:38:28.0898 4784 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:38:28.0898 4784 McProxy - ok
01:38:28.0945 4784 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
01:38:29.0007 4784 McShield - ok
01:38:29.0023 4784 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:38:29.0054 4784 Mcx2Svc - ok
01:38:29.0054 4784 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
01:38:29.0069 4784 megasas - ok
01:38:29.0085 4784 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:38:29.0085 4784 MegaSR - ok
01:38:29.0116 4784 [ C73B93FED17829F11273459DA05E1976 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
01:38:29.0163 4784 mfeapfk - ok
01:38:29.0210 4784 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
01:38:29.0241 4784 mfeavfk - ok
01:38:29.0257 4784 mfeavfk01 - ok
01:38:29.0288 4784 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
01:38:29.0335 4784 mfefire - ok
01:38:29.0350 4784 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
01:38:29.0397 4784 mfefirek - ok
01:38:29.0413 4784 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
01:38:29.0413 4784 mfehidk - ok
01:38:29.0428 4784 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
01:38:29.0475 4784 mferkdet - ok
01:38:29.0506 4784 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
01:38:29.0553 4784 mfevtp - ok
01:38:29.0569 4784 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
01:38:29.0569 4784 mfewfpk - ok
01:38:29.0615 4784 Microsoft SharePoint Workspace Audit Service - ok
01:38:29.0647 4784 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:38:29.0647 4784 MMCSS - ok
01:38:29.0662 4784 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:38:29.0662 4784 Modem - ok
01:38:29.0693 4784 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:38:29.0709 4784 monitor - ok
01:38:29.0725 4784 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:38:29.0740 4784 mouclass - ok
01:38:29.0756 4784 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:38:29.0771 4784 mouhid - ok
01:38:29.0787 4784 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:38:29.0787 4784 mountmgr - ok
01:38:29.0865 4784 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:38:29.0865 4784 MozillaMaintenance - ok
01:38:29.0896 4784 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:38:29.0943 4784 mpio - ok
01:38:29.0974 4784 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:38:29.0974 4784 mpsdrv - ok
01:38:29.0990 4784 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:38:30.0021 4784 MRxDAV - ok
01:38:30.0052 4784 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:38:30.0052 4784 mrxsmb - ok
01:38:30.0099 4784 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:38:30.0099 4784 mrxsmb10 - ok
01:38:30.0115 4784 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:38:30.0115 4784 mrxsmb20 - ok
01:38:30.0146 4784 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:38:30.0177 4784 msahci - ok
01:38:30.0193 4784 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:38:30.0239 4784 msdsm - ok
01:38:30.0255 4784 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:38:30.0255 4784 MSDTC - ok
01:38:30.0271 4784 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:38:30.0271 4784 Msfs - ok
01:38:30.0286 4784 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:38:30.0286 4784 mshidkmdf - ok
01:38:30.0286 4784 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:38:30.0286 4784 msisadrv - ok
01:38:30.0317 4784 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:38:30.0317 4784 MSiSCSI - ok
01:38:30.0317 4784 msiserver - ok
01:38:30.0333 4784 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:38:30.0333 4784 MSK80Service - ok
01:38:30.0349 4784 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:38:30.0349 4784 MSKSSRV - ok
01:38:30.0364 4784 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:38:30.0364 4784 MSPCLOCK - ok
01:38:30.0364 4784 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:38:30.0364 4784 MSPQM - ok
01:38:30.0380 4784 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:38:30.0380 4784 MsRPC - ok
01:38:30.0395 4784 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:38:30.0395 4784 mssmbios - ok
01:38:30.0395 4784 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:38:30.0395 4784 MSTEE - ok
01:38:30.0395 4784 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:38:30.0411 4784 MTConfig - ok
01:38:30.0411 4784 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:38:30.0411 4784 Mup - ok
01:38:30.0442 4784 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:38:30.0442 4784 napagent - ok
01:38:30.0473 4784 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:38:30.0489 4784 NativeWifiP - ok
01:38:30.0536 4784 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:38:30.0551 4784 NDIS - ok
01:38:30.0567 4784 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:38:30.0567 4784 NdisCap - ok
01:38:30.0583 4784 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:38:30.0583 4784 NdisTapi - ok
01:38:30.0598 4784 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:38:30.0629 4784 Ndisuio - ok
01:38:30.0645 4784 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:38:30.0676 4784 NdisWan - ok
01:38:30.0692 4784 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:38:30.0723 4784 NDProxy - ok
01:38:30.0723 4784 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:38:30.0723 4784 NetBIOS - ok
01:38:30.0739 4784 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:38:30.0770 4784 NetBT - ok
01:38:30.0770 4784 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:38:30.0770 4784 Netlogon - ok
01:38:30.0801 4784 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:38:30.0801 4784 Netman - ok
01:38:30.0817 4784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:38:30.0817 4784 NetMsmqActivator - ok
01:38:30.0832 4784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:38:30.0832 4784 NetPipeActivator - ok
01:38:30.0848 4784 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:38:30.0848 4784 netprofm - ok
01:38:30.0848 4784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:38:30.0848 4784 NetTcpActivator - ok
01:38:30.0863 4784 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:38:30.0863 4784 NetTcpPortSharing - ok
01:38:30.0879 4784 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:38:30.0879 4784 nfrd960 - ok
01:38:30.0926 4784 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:38:30.0957 4784 NlaSvc - ok
01:38:30.0957 4784 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:38:30.0957 4784 Npfs - ok
01:38:30.0988 4784 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:38:30.0988 4784 nsi - ok
01:38:30.0988 4784 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:38:31.0004 4784 nsiproxy - ok
01:38:31.0066 4784 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:38:31.0097 4784 Ntfs - ok
01:38:31.0113 4784 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:38:31.0113 4784 Null - ok
01:38:31.0144 4784 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:38:31.0191 4784 nvraid - ok
01:38:31.0207 4784 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:38:31.0253 4784 nvstor - ok
01:38:31.0253 4784 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:38:31.0269 4784 nv_agp - ok
01:38:31.0285 4784 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:38:31.0285 4784 ohci1394 - ok
01:38:31.0316 4784 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:38:31.0316 4784 ose64 - ok
01:38:31.0472 4784 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:38:31.0565 4784 osppsvc - ok
01:38:31.0597 4784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:38:31.0612 4784 p2pimsvc - ok
01:38:31.0628 4784 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:38:31.0643 4784 p2psvc - ok
01:38:31.0659 4784 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
01:38:31.0659 4784 Parport - ok
01:38:31.0690 4784 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:38:31.0690 4784 partmgr - ok
01:38:31.0706 4784 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:38:31.0721 4784 PcaSvc - ok
01:38:31.0753 4784 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:38:31.0753 4784 pci - ok
01:38:31.0753 4784 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:38:31.0753 4784 pciide - ok
01:38:31.0768 4784 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:38:31.0784 4784 pcmcia - ok
01:38:31.0784 4784 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:38:31.0799 4784 pcw - ok
01:38:31.0815 4784 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:38:31.0815 4784 PEAUTH - ok
01:38:31.0877 4784 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:38:31.0877 4784 PerfHost - ok
01:38:31.0909 4784 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:38:31.0987 4784 pla - ok
01:38:32.0065 4784 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:38:32.0111 4784 PlugPlay - ok
01:38:32.0127 4784 PnkBstrA - ok
01:38:32.0143 4784 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:38:32.0143 4784 PNRPAutoReg - ok
01:38:32.0158 4784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:38:32.0158 4784 PNRPsvc - ok
01:38:32.0174 4784 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:38:32.0221 4784 PolicyAgent - ok
01:38:32.0221 4784 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:38:32.0236 4784 Power - ok
01:38:32.0252 4784 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:38:32.0283 4784 PptpMiniport - ok
01:38:32.0299 4784 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
01:38:32.0299 4784 Processor - ok
01:38:32.0330 4784 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:38:32.0377 4784 ProfSvc - ok
01:38:32.0392 4784 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:38:32.0392 4784 ProtectedStorage - ok
01:38:32.0408 4784 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:38:32.0439 4784 Psched - ok
01:38:32.0470 4784 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
01:38:32.0470 4784 PxHlpa64 - ok
01:38:32.0517 4784 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:38:32.0548 4784 ql2300 - ok
01:38:32.0564 4784 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:38:32.0564 4784 ql40xx - ok
01:38:32.0579 4784 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:38:32.0579 4784 QWAVE - ok
01:38:32.0595 4784 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:38:32.0595 4784 QWAVEdrv - ok
01:38:32.0611 4784 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:38:32.0611 4784 RasAcd - ok
01:38:32.0642 4784 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:38:32.0642 4784 RasAgileVpn - ok
01:38:32.0657 4784 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:38:32.0657 4784 RasAuto - ok
01:38:32.0673 4784 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:38:32.0704 4784 Rasl2tp - ok
01:38:32.0720 4784 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:38:32.0782 4784 RasMan - ok
01:38:32.0782 4784 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:38:32.0798 4784 RasPppoe - ok
01:38:32.0798 4784 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:38:32.0813 4784 RasSstp - ok
01:38:32.0813 4784 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:38:32.0813 4784 rdbss - ok
01:38:32.0829 4784 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
01:38:32.0829 4784 rdpbus - ok
01:38:32.0845 4784 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:38:32.0845 4784 RDPCDD - ok
01:38:32.0860 4784 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:38:32.0860 4784 RDPENCDD - ok
01:38:32.0860 4784 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:38:32.0860 4784 RDPREFMP - ok
01:38:32.0907 4784 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:38:32.0969 4784 RdpVideoMiniport - ok
01:38:33.0001 4784 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:38:33.0063 4784 RDPWD - ok
01:38:33.0079 4784 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:38:33.0079 4784 rdyboost - ok
01:38:33.0079 4784 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:38:33.0094 4784 RemoteAccess - ok
01:38:33.0094 4784 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:38:33.0110 4784 RemoteRegistry - ok
01:38:33.0125 4784 RimUsb - ok
01:38:33.0157 4784 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:38:33.0203 4784 RimVSerPort - ok
01:38:33.0219 4784 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
01:38:33.0219 4784 ROOTMODEM - ok
01:38:33.0297 4784 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
01:38:33.0375 4784 RoxMediaDB12OEM - ok
01:38:33.0406 4784 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
01:38:33.0453 4784 RoxWatch12 - ok
01:38:33.0469 4784 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:38:33.0469 4784 RpcEptMapper - ok
01:38:33.0484 4784 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:38:33.0484 4784 RpcLocator - ok
01:38:33.0500 4784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:38:33.0500 4784 RpcSs - ok
01:38:33.0515 4784 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:38:33.0515 4784 rspndr - ok
01:38:33.0531 4784 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:38:33.0531 4784 SamSs - ok
01:38:33.0531 4784 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:38:33.0578 4784 sbp2port - ok
01:38:33.0593 4784 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:38:33.0593 4784 SCardSvr - ok
01:38:33.0609 4784 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:38:33.0640 4784 scfilter - ok
01:38:33.0671 4784 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:38:33.0718 4784 Schedule - ok
01:38:33.0734 4784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:38:33.0734 4784 SCPolicySvc - ok
01:38:33.0734 4784 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:38:33.0765 4784 SDRSVC - ok
01:38:33.0781 4784 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:38:33.0781 4784 secdrv - ok
01:38:33.0796 4784 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:38:33.0827 4784 seclogon - ok
01:38:33.0827 4784 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:38:33.0843 4784 SENS - ok
01:38:33.0843 4784 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:38:33.0843 4784 SensrSvc - ok
01:38:33.0859 4784 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
01:38:33.0859 4784 Serenum - ok
01:38:33.0874 4784 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
01:38:33.0874 4784 Serial - ok
01:38:33.0890 4784 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:38:33.0890 4784 sermouse - ok
01:38:33.0905 4784 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:38:33.0937 4784 SessionEnv - ok
01:38:33.0983 4784 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:38:33.0983 4784 sffdisk - ok
01:38:33.0983 4784 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:38:33.0983 4784 sffp_mmc - ok
01:38:33.0999 4784 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:38:34.0030 4784 sffp_sd - ok
01:38:34.0046 4784 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:38:34.0046 4784 sfloppy - ok
01:38:34.0061 4784 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:38:34.0093 4784 ShellHWDetection - ok
01:38:34.0093 4784 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:38:34.0108 4784 SiSRaid2 - ok
01:38:34.0108 4784 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:38:34.0108 4784 SiSRaid4 - ok
01:38:34.0155 4784 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:38:34.0155 4784 SkypeUpdate - ok
01:38:34.0186 4784 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:38:34.0186 4784 Smb - ok
01:38:34.0217 4784 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:38:34.0217 4784 SNMPTRAP - ok
01:38:34.0217 4784 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:38:34.0233 4784 spldr - ok
01:38:34.0264 4784 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:38:34.0311 4784 Spooler - ok
01:38:34.0389 4784 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:38:34.0451 4784 sppsvc - ok
01:38:34.0467 4784 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:38:34.0467 4784 sppuinotify - ok
01:38:34.0514 4784 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys
01:38:34.0514 4784 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
01:38:34.0514 4784 sptd ( LockedFile.Multi.Generic ) - warning
01:38:34.0514 4784 sptd - detected LockedFile.Multi.Generic (1)
01:38:34.0545 4784 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:38:34.0561 4784 srv - ok
01:38:34.0576 4784 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:38:34.0576 4784 srv2 - ok
01:38:34.0592 4784 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:38:34.0592 4784 srvnet - ok
01:38:34.0607 4784 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
01:38:34.0654 4784 sscdbus - ok
01:38:34.0685 4784 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
01:38:34.0732 4784 sscdmdfl - ok
01:38:34.0763 4784 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
01:38:34.0826 4784 sscdmdm - ok
01:38:34.0857 4784 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
01:38:34.0919 4784 sscdserd - ok
01:38:34.0919 4784 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:38:34.0919 4784 SSDPSRV - ok
01:38:34.0935 4784 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:38:34.0951 4784 SstpSvc - ok
01:38:35.0013 4784 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
01:38:35.0060 4784 StarWindServiceAE - ok
01:38:35.0075 4784 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:38:35.0075 4784 stexstor - ok
01:38:35.0091 4784 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:38:35.0122 4784 stisvc - ok
01:38:35.0153 4784 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
01:38:35.0216 4784 stllssvr - ok
01:38:35.0231 4784 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:38:35.0247 4784 swenum - ok
01:38:35.0263 4784 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:38:35.0263 4784 swprv - ok
01:38:35.0309 4784 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:38:35.0356 4784 SysMain - ok
01:38:35.0372 4784 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:38:35.0387 4784 TabletInputService - ok
01:38:35.0403 4784 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:38:35.0434 4784 TapiSrv - ok
01:38:35.0450 4784 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:38:35.0450 4784 TBS - ok
01:38:35.0512 4784 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:38:35.0543 4784 Tcpip - ok
01:38:35.0575 4784 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:38:35.0590 4784 TCPIP6 - ok
01:38:35.0621 4784 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:38:35.0668 4784 tcpipreg - ok
01:38:35.0684 4784 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:38:35.0684 4784 TDPIPE - ok
01:38:35.0715 4784 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:38:35.0762 4784 TDTCP - ok
01:38:35.0777 4784 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:38:35.0840 4784 tdx - ok
01:38:35.0840 4784 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:38:35.0871 4784 TermDD - ok
01:38:35.0887 4784 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:38:35.0918 4784 TermService - ok
01:38:35.0933 4784 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:38:35.0933 4784 Themes - ok
01:38:35.0965 4784 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:38:35.0965 4784 THREADORDER - ok
01:38:35.0965 4784 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:38:35.0980 4784 TrkWks - ok
01:38:36.0011 4784 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:38:36.0058 4784 TrustedInstaller - ok
01:38:36.0089 4784 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:38:36.0121 4784 tssecsrv - ok
01:38:36.0152 4784 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:38:36.0199 4784 TsUsbFlt - ok
01:38:36.0230 4784 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:38:36.0261 4784 TsUsbGD - ok
01:38:36.0292 4784 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:38:36.0339 4784 tunnel - ok
01:38:36.0355 4784 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:38:36.0370 4784 uagp35 - ok
01:38:36.0370 4784 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:38:36.0417 4784 udfs - ok
01:38:36.0433 4784 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:38:36.0433 4784 UI0Detect - ok
01:38:36.0448 4784 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:38:36.0448 4784 uliagpkx - ok
01:38:36.0464 4784 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:38:36.0495 4784 umbus - ok
01:38:36.0511 4784 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
01:38:36.0511 4784 UmPass - ok
01:38:36.0542 4784 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
01:38:36.0542 4784 UnlockerDriver5 - ok
01:38:36.0573 4784 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:38:36.0589 4784 upnphost - ok
01:38:36.0620 4784 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:38:36.0682 4784 USBAAPL64 - ok
01:38:36.0713 4784 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:38:36.0745 4784 usbaudio - ok
01:38:36.0760 4784 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:38:36.0791 4784 usbccgp - ok
01:38:36.0823 4784 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:38:36.0823 4784 usbcir - ok
01:38:36.0838 4784 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:38:36.0869 4784 usbehci - ok
01:38:36.0916 4784 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:38:36.0963 4784 usbhub - ok
01:38:36.0994 4784 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:38:37.0025 4784 usbohci - ok
01:38:37.0057 4784 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:38:37.0057 4784 usbprint - ok
01:38:37.0072 4784 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:38:37.0072 4784 usbscan - ok
01:38:37.0119 4784 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:38:37.0166 4784 USBSTOR - ok
01:38:37.0181 4784 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:38:37.0213 4784 usbuhci - ok
01:38:37.0213 4784 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:38:37.0213 4784 UxSms - ok
01:38:37.0228 4784 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:38:37.0228 4784 VaultSvc - ok
01:38:37.0259 4784 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
01:38:37.0322 4784 VClone - ok
01:38:37.0337 4784 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:38:37.0337 4784 vdrvroot - ok
01:38:37.0353 4784 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:38:37.0384 4784 vds - ok
01:38:37.0400 4784 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:38:37.0400 4784 vga - ok
01:38:37.0415 4784 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:38:37.0415 4784 VgaSave - ok
01:38:37.0415 4784 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:38:37.0462 4784 vhdmp - ok
01:38:37.0462 4784 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:38:37.0462 4784 viaide - ok
01:38:37.0462 4784 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:38:37.0462 4784 volmgr - ok
01:38:37.0493 4784 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:38:37.0493 4784 volmgrx - ok
01:38:37.0509 4784 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:38:37.0509 4784 volsnap - ok
01:38:37.0525 4784 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:38:37.0540 4784 vsmraid - ok
01:38:37.0556 4784 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:38:37.0571 4784 VSS - ok
01:38:37.0587 4784 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:38:37.0587 4784 vwifibus - ok
01:38:37.0603 4784 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:38:37.0603 4784 vwififlt - ok
01:38:37.0634 4784 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:38:37.0649 4784 W32Time - ok
01:38:37.0665 4784 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:38:37.0665 4784 WacomPen - ok
01:38:37.0681 4784 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:38:37.0743 4784 WANARP - ok
01:38:37.0743 4784 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:38:37.0743 4784 Wanarpv6 - ok
01:38:37.0790 4784 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:38:37.0883 4784 WatAdminSvc - ok
01:38:37.0915 4784 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:38:37.0977 4784 wbengine - ok
01:38:38.0008 4784 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:38:38.0008 4784 WbioSrvc - ok
01:38:38.0024 4784 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:38:38.0055 4784 wcncsvc - ok
01:38:38.0055 4784 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:38:38.0071 4784 WcsPlugInService - ok
01:38:38.0071 4784 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
01:38:38.0086 4784 Wd - ok
01:38:38.0102 4784 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
01:38:38.0133 4784 WDC_SAM - ok
01:38:38.0180 4784 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:38:38.0180 4784 Wdf01000 - ok
01:38:38.0195 4784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:38:38.0195 4784 WdiServiceHost - ok
01:38:38.0211 4784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:38:38.0211 4784 WdiSystemHost - ok
01:38:38.0211 4784 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:38:38.0242 4784 WebClient - ok
01:38:38.0258 4784 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:38:38.0273 4784 Wecsvc - ok
01:38:38.0289 4784 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:38:38.0289 4784 wercplsupport - ok
01:38:38.0305 4784 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:38:38.0305 4784 WerSvc - ok
01:38:38.0320 4784 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:38:38.0320 4784 WfpLwf - ok
01:38:38.0351 4784 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
01:38:38.0398 4784 WimFltr - ok
01:38:38.0414 4784 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:38:38.0414 4784 WIMMount - ok
01:38:38.0414 4784 WinHttpAutoProxySvc - ok
01:38:38.0461 4784 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:38:38.0476 4784 Winmgmt - ok
01:38:38.0539 4784 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:38:38.0617 4784 WinRM - ok
01:38:38.0679 4784 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:38:38.0726 4784 WinUsb - ok
01:38:38.0757 4784 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:38:38.0773 4784 Wlansvc - ok
01:38:38.0819 4784 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:38:38.0882 4784 wlcrasvc - ok
01:38:38.0960 4784 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:38:39.0038 4784 wlidsvc - ok
01:38:39.0053 4784 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:38:39.0053 4784 WmiAcpi - ok
01:38:39.0069 4784 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:38:39.0069 4784 wmiApSrv - ok
01:38:39.0100 4784 WMPNetworkSvc - ok
01:38:39.0116 4784 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:38:39.0131 4784 WPCSvc - ok
01:38:39.0131 4784 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:38:39.0163 4784 WPDBusEnum - ok
01:38:39.0178 4784 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:38:39.0178 4784 ws2ifsl - ok
01:38:39.0178 4784 WSearch - ok
01:38:39.0256 4784 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:38:39.0319 4784 wuauserv - ok
01:38:39.0365 4784 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:38:39.0412 4784 WudfPf - ok
01:38:39.0428 4784 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:38:39.0459 4784 WUDFRd - ok
01:38:39.0490 4784 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:38:39.0521 4784 wudfsvc - ok
01:38:39.0537 4784 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:38:39.0553 4784 WwanSvc - ok
01:38:39.0646 4784 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:38:39.0646 4784 YahooAUService - ok
01:38:39.0662 4784 ================ Scan global ===============================
01:38:39.0677 4784 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:38:39.0724 4784 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:38:39.0771 4784 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:38:39.0802 4784 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:38:39.0818 4784 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
01:38:39.0818 4784 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
01:38:39.0818 4784 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
01:38:39.0818 4784 ================ Scan MBR ==================================
01:38:39.0833 4784 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:38:40.0036 4784 \Device\Harddisk0\DR0 - ok
01:38:40.0052 4784 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
01:38:40.0052 4784 \Device\Harddisk5\DR5 - ok
01:38:40.0052 4784 ================ Scan VBR ==================================
01:38:40.0052 4784 [ 68550C0D544BDBB910816BEBBD4CC046 ] \Device\Harddisk0\DR0\Partition1
01:38:40.0052 4784 \Device\Harddisk0\DR0\Partition1 - ok
01:38:40.0083 4784 [ 2237814F8D249D430BC93903632E47DF ] \Device\Harddisk0\DR0\Partition2
01:38:40.0083 4784 \Device\Harddisk0\DR0\Partition2 - ok
01:38:40.0083 4784 [ 402173F3703B3DC139B93F18BB235A1C ] \Device\Harddisk5\DR5\Partition1
01:38:40.0099 4784 \Device\Harddisk5\DR5\Partition1 - ok
01:38:40.0099 4784 ============================================================
01:38:40.0099 4784 Scan finished
01:38:40.0099 4784 ============================================================
01:38:40.0099 4300 Detected object count: 2
01:38:40.0099 4300 Actual detected object count: 2
02:28:56.0462 4300 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:28:56.0462 4300 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:28:56.0485 4300 C:\Windows\system32\services.exe - copied to quarantine
02:29:27.0227 4300 Backup copy not found, trying to cure infected file..
02:29:27.0227 4300 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
02:29:27.0227 4300 C:\Windows\system32\services.exe - processing error
02:29:27.0227 4300 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
02:30:45.0884 5068 Deinitialize success


RogueKiller Report:

RogueKiller V8.4.0 [Dec 14 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home [Admin rights]
Mode : Scan -- Date : 12/14/2012 21:45:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤
[TASK][SUSP PATH] {07AA8958-74BB-4DC3-A724-E11C3AF178F0} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {30671BD0-084F-4D42-9452-19F02DFDA52F} : C:\Users\Home\Desktop\dllbatch.exe -> FOUND
[TASK][SUSP PATH] {75851CC9-4721-4946-91F7-72B3F709934D} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {804BF3C7-B9FC-4262-8C02-AA795961DAFE} : C:\Users\Home\Desktop\New folder\FSXAI Installer.exe -> FOUND
[TASK][SUSP PATH] {8FBE7B57-4A89-4776-89B2-833C1E491580} : C:\Users\Home\Desktop\New folder\FSXAI Installer.exe -> FOUND
[TASK][SUSP PATH] {AD25CEFA-AFA4-4045-928C-68FA203BAF50} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {C2781DD7-4A0E-42EF-8400-8667CD3994EA} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {DB897B46-B998-4314-AB67-E8ED70D6C3C4} : C:\Users\Home\Desktop\New folder\FSXAI Installer.exe -> FOUND
[TASK][SUSP PATH] {DBFCB2A6-FB4B-431B-823D-31BA3BCB3565} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {DEF662D5-4B94-4D32-B874-4385A5E0B719} : C:\Users\Home\Desktop\bootit\BOOTITNG.EXE -> FOUND
[TASK][SUSP PATH] {E84247F8-58EC-4F09-A071-915A71284368} : C:\Users\Home\Desktop\New folder\FSXAI Installer.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{ce31fb67-439b-2f10-a64e-c44c8c2e3cd7}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{ce31fb67-439b-2f10-a64e-c44c8c2e3cd7}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-759BA0 ATA Device +++++
--- User ---
[MBR] a627e905026c87cd2962439d1da45eac
[BSP] c55d2890637284912d9614aa20ba73e8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14142 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29044736 | Size: 939686 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12142012_02d2145.txt >>
RKreport[1]_S_12142012_02d2145.txt

#4 Boucheman

Boucheman
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 14 December 2012 - 11:28 PM

Ok, for some reason it wont let me attach the 2nd and 3rd posts. If you need to see them, please let me know and I will pm them or email them too you. They are just too long to paste in and too big to attach. Sorry about that.

#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:03 PM

Posted 15 December 2012 - 04:09 AM

Hi,


There is no need to give me the other 2 TDSSKiller logs for now. ;)

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "run as administrator".
Copy/paste the following text at the command prompt and press enter after each line:

sfc.exe /scanfile=c:\windows\system32\services.exe

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

A txt file named sfcdetails.txt should appear on the desktop.

Upload it here and post the link to the log in your next reply.

Reboot the computer in order the changes to take effect.



Please re-run RogueKiller.
Wait until Prescan has finished.
Click on Scan.
Now click on the Files tab

Place a checkmark each of these items:

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{ce31fb67-439b-2f10-a64e-c44c8c2e3cd7}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{ce31fb67-439b-2f10-a64e-c44c8c2e3cd7}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND



Now press the Delete button.
If asked to restart the computer, please do so immediately.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Post the log in your next reply.



Regards,
Georgi

cXfZ4wS.png


#6 Boucheman

Boucheman
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 December 2012 - 12:11 AM

2012-12-16 22:46:12, Info CSI 00000009 [SR] Verifying 1 components
2012-12-16 22:46:12, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-12-16 22:46:12, Info CSI 0000000c [SR] Verify complete


RogueKiller V8.4.0 [Dec 14 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home [Admin rights]
Mode : Scan -- Date : 12/16/2012 23:08:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[TASK][SUSP PATH] {07AA8958-74BB-4DC3-A724-E11C3AF178F0} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {75851CC9-4721-4946-91F7-72B3F709934D} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {804BF3C7-B9FC-4262-8C02-AA795961DAFE} : C:\Users\Home\Desktop\New folder\FSXAI Installer.exe -> FOUND
[TASK][SUSP PATH] {8FBE7B57-4A89-4776-89B2-833C1E491580} : C:\Users\Home\Desktop\New folder\FSXAI Installer.exe -> FOUND
[TASK][SUSP PATH] {AD25CEFA-AFA4-4045-928C-68FA203BAF50} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {C2781DD7-4A0E-42EF-8400-8667CD3994EA} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {DB897B46-B998-4314-AB67-E8ED70D6C3C4} : C:\Users\Home\Desktop\New folder\FSXAI Installer.exe -> FOUND
[TASK][SUSP PATH] {DBFCB2A6-FB4B-431B-823D-31BA3BCB3565} : C:\Users\Home\Desktop\New folder (3)\PMDG747-400X -8i Expansion Setup (OPTIONAL).exe -> FOUND
[TASK][SUSP PATH] {E84247F8-58EC-4F09-A071-915A71284368} : C:\Users\Home\Desktop\New folder\FSXAI Installer.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-759BA0 ATA Device +++++
--- User ---
[MBR] a627e905026c87cd2962439d1da45eac
[BSP] c55d2890637284912d9614aa20ba73e8 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 14142 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29044736 | Size: 939686 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_12162012_02d2308.txt >>
RKreport[2]_D_12142012_02d2247.txt ; RKreport[3]_S_12162012_02d2308.txt

Here is the post at paste bin "HERE" I still don't think it's gone, my firewall and stuff keeps getting randomly turned off..

Edited by Boucheman, 17 December 2012 - 12:16 AM.


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:03 PM

Posted 17 December 2012 - 04:25 AM

Hi,



Is this the full log from sfcdetails.txt? It should be longer...
And yes - I know we still have a lot of work to do. Please be patient.


Please follow the instructions below:


  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
  • Don't copy the word "quoted"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\temp\*.exe
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %Public%\Documents\Fonts\*.exe
    %Public%\Documents\Config\*.exe
    %Public%\Documents\*.*
    %ProgramData%\*.*
    %ProgramData%\*.
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.exe
    %commonprogramfiles(x86)%\*.*
    %ProgramFiles%\*.*
    %ProgramFiles%\*.
    %ProgramFiles(x86)%\*.*
    %ProgramFiles(x86)%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %windir%\temp\*.exe
    %windir%\minidump\*.*
    %windir%\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop

  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened


Regards,
Georgi

cXfZ4wS.png


#8 Boucheman

Boucheman
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 17 December 2012 - 07:46 PM

Yes, that was the report from sfcdetails.txt, that is all that came up. I could do it again if you think I need too?

Here is the report from OTL ~~>HERE<~~

Edited by Boucheman, 17 December 2012 - 07:47 PM.


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:03 PM

Posted 18 December 2012 - 08:38 PM

Hi Boucheman,



  • Please reopen Posted Image on your desktop.
  • Download http://file.bg/f204666ROUDq'>the following file and save it to your desktop.
  • Open the otl_fix.txt and press Ctrl + A to select all lines and then click Ctrl + C to copy them.
  • Now click Ctrl + V to paste them into the Posted Image textbox in OTL.
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.



Regards,
Georgi

cXfZ4wS.png


#10 Boucheman

Boucheman
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 18 December 2012 - 11:09 PM

All processes killed
========== OTL ==========
HKU\S-1-5-21-1526968901-1929943128-198173789-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1526968901-1929943128-198173789-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Prefs.js: "http://my.daemon-search.com/" removed from browser.startup.homepage
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\Plugins folder moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\modules folder moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\nkvulwzx.default\searchplugins\daemon-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64bit: 11451974.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64bit: 44262458.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\11451974.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44262458.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64bit: 11451974.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64bit: 44262458.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\11451974.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44262458.sys\ deleted successfully.
C:\Users\Home\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\Home\AppData\Roaming\SpeedyPC Software folder moved successfully.
C:\Users\Home\AppData\Roaming\DriverCure folder moved successfully.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
C:\Users\Home\AppData\Roaming\inst.exe moved successfully.
C:\Windows\cnerolf.bin moved successfully.
C:\Users\Home\AppData\Local\{00254EC6-BB10-4E20-B8F9-E38B4D88F687} folder moved successfully.
C:\Users\Home\AppData\Local\{02ABE616-13FD-4992-A407-2700761D0FA7} folder moved successfully.
C:\Users\Home\AppData\Local\{03F87468-44D7-4E4C-B9F8-685AC38FA52A} folder moved successfully.
C:\Users\Home\AppData\Local\{055DFC7D-BCC8-4F9F-90B4-5C9726F4A740} folder moved successfully.
C:\Users\Home\AppData\Local\{06571AA0-CB67-4DCA-B894-2FEB56EB7221} folder moved successfully.
C:\Users\Home\AppData\Local\{0717961F-F1EE-4B50-9590-8DADD9D18CCD} folder moved successfully.
C:\Users\Home\AppData\Local\{077E8AED-0AA1-43EE-951B-40B98FA89F2C} folder moved successfully.
C:\Users\Home\AppData\Local\{08CBADC1-F701-4E21-B77D-3088929DCBD4} folder moved successfully.
C:\Users\Home\AppData\Local\{0B5EEF80-155C-4495-ACDE-FAE094F033A8} folder moved successfully.
C:\Users\Home\AppData\Local\{0D9FDA32-59D4-4A32-AD50-7438C8905352} folder moved successfully.
C:\Users\Home\AppData\Local\{0DAD774D-D9D2-4A14-8FC9-7D9C0F8944E2} folder moved successfully.
C:\Users\Home\AppData\Local\{0DB12720-5002-4F7A-A1E0-605581AB2C67} folder moved successfully.
C:\Users\Home\AppData\Local\{0F5AB677-8386-4F76-941C-939904A44A01} folder moved successfully.
C:\Users\Home\AppData\Local\{10698477-AB21-4E27-AF21-5471FC675812} folder moved successfully.
C:\Users\Home\AppData\Local\{107222F6-AF10-41C2-8EA1-2750FB8FD8EA} folder moved successfully.
C:\Users\Home\AppData\Local\{10D31D09-E267-4E07-9210-6C52341FF76F} folder moved successfully.
C:\Users\Home\AppData\Local\{10EB73A7-D042-4D1C-8087-7A436D89F17B} folder moved successfully.
C:\Users\Home\AppData\Local\{10F13FC5-78B2-40D8-8BC9-602FEC4D5F45} folder moved successfully.
C:\Users\Home\AppData\Local\{11026DE9-B6D2-40EA-93C9-270098E53B8C} folder moved successfully.
C:\Users\Home\AppData\Local\{11E721AF-C287-42D9-9C4D-B4708165095D} folder moved successfully.
C:\Users\Home\AppData\Local\{1351E8E3-AD16-4E61-99F9-A1A9472E42B2} folder moved successfully.
C:\Users\Home\AppData\Local\{135910A4-42B4-488B-82E6-22D18CBDEC1D} folder moved successfully.
C:\Users\Home\AppData\Local\{13799E6C-67E8-4395-8FAE-6D6D6EF2F3E7} folder moved successfully.
C:\Users\Home\AppData\Local\{1419FCF0-5302-444E-B7E5-A52AC9C11437} folder moved successfully.
C:\Users\Home\AppData\Local\{159214C0-2D6E-4D67-91EE-2852AEFEF3B7} folder moved successfully.
C:\Users\Home\AppData\Local\{15F11DAB-58F1-41A5-AE13-5BF5D47334DA} folder moved successfully.
C:\Users\Home\AppData\Local\{1612236A-E111-4189-9B39-2FCEE9D42EBB} folder moved successfully.
C:\Users\Home\AppData\Local\{16A2C3AD-6371-4808-B1AB-1240E2724921} folder moved successfully.
C:\Users\Home\AppData\Local\{172B0E54-0987-40D1-836E-84918E402A7E} folder moved successfully.
C:\Users\Home\AppData\Local\{174BA4EB-715B-4D3E-A93C-F56CFCD078CD} folder moved successfully.
C:\Users\Home\AppData\Local\{17C16909-CDE3-450E-BC77-A8E308AFE4AA} folder moved successfully.
C:\Users\Home\AppData\Local\{182A1C94-5047-4AD2-9B61-622897CA5554} folder moved successfully.
C:\Users\Home\AppData\Local\{18F87EAD-8D68-4032-A111-A2DD87907659} folder moved successfully.
C:\Users\Home\AppData\Local\{1A316B5E-B16E-4C70-AB8C-6353711A01AF} folder moved successfully.
C:\Users\Home\AppData\Local\{1A9E7041-2F3C-45CD-8E01-6D463B72E049} folder moved successfully.
C:\Users\Home\AppData\Local\{1AFC6D92-28EC-4DBB-B972-46DE37450A8A} folder moved successfully.
C:\Users\Home\AppData\Local\{1C3CF58F-6A1C-4C7B-83D9-22DA3D341BC2} folder moved successfully.
C:\Users\Home\AppData\Local\{1CCFBFD7-DD84-47B3-8E3E-87F60A8E5CDE} folder moved successfully.
C:\Users\Home\AppData\Local\{1CFFB558-793C-4EE9-B310-0C0DDD48EE18} folder moved successfully.
C:\Users\Home\AppData\Local\{1D6AA7BD-19E4-4C55-B893-3833A24D830B} folder moved successfully.
C:\Users\Home\AppData\Local\{1E8A4B74-2B33-4880-B83E-C500B8B41C14} folder moved successfully.
C:\Users\Home\AppData\Local\{1FC16712-5B55-4E1D-8130-786130BB6321} folder moved successfully.
C:\Users\Home\AppData\Local\{2018039B-369C-43DF-A4DE-9248E1CA136D} folder moved successfully.
C:\Users\Home\AppData\Local\{20775496-8380-4F0D-88BD-97396BD99CE0} folder moved successfully.
C:\Users\Home\AppData\Local\{21C4512D-2093-48C9-BABE-BCA23AC4CE88} folder moved successfully.
C:\Users\Home\AppData\Local\{22ECE038-C06B-468A-A72E-11AA6921FD47} folder moved successfully.
C:\Users\Home\AppData\Local\{2341E097-6163-4CD0-88D0-2783581F5DB5} folder moved successfully.
C:\Users\Home\AppData\Local\{23DCD01C-7C01-4048-A818-2BF2E9778CB7} folder moved successfully.
C:\Users\Home\AppData\Local\{2491D142-CAD9-413A-8402-DDEAD11B85E4} folder moved successfully.
C:\Users\Home\AppData\Local\{24CABC9A-CEF3-41C9-A915-02AE7DD8C156} folder moved successfully.
C:\Users\Home\AppData\Local\{26AC3FA8-F4E1-43C3-B651-29B98A2DB384} folder moved successfully.
C:\Users\Home\AppData\Local\{26E8504D-D009-4201-A37C-C12E4E70F125} folder moved successfully.
C:\Users\Home\AppData\Local\{286FAA7E-82E0-48CC-860F-7506CE578A2C} folder moved successfully.
C:\Users\Home\AppData\Local\{2AB5BEB1-A97D-4CD8-9D61-676262DF0D23} folder moved successfully.
C:\Users\Home\AppData\Local\{2BCEFFDF-7DFB-425E-80CC-E5DA05643C36} folder moved successfully.
C:\Users\Home\AppData\Local\{2C2DC474-25AA-4DBB-908B-72C6E2B601AF} folder moved successfully.
C:\Users\Home\AppData\Local\{2C525977-E5C5-4214-8F05-5DD5B9976EE4} folder moved successfully.
C:\Users\Home\AppData\Local\{2C949CDD-F1D3-4921-B0E2-100967A2B89A} folder moved successfully.
C:\Users\Home\AppData\Local\{2D3A0628-DC3F-470F-B622-A44C03E69C9F} folder moved successfully.
C:\Users\Home\AppData\Local\{2D9A9587-2F3E-46CF-8B8F-00921383CCD4} folder moved successfully.
C:\Users\Home\AppData\Local\{2EC6803F-7627-436B-B1B9-62DF11FC473C} folder moved successfully.
C:\Users\Home\AppData\Local\{2F8829B7-0675-4948-9F51-F62B4329B9C0} folder moved successfully.
C:\Users\Home\AppData\Local\{2FA6F8D3-8ADF-4B1A-BF7A-5B4DE5EEF882} folder moved successfully.
C:\Users\Home\AppData\Local\{2FEB1BE8-1938-46E6-A619-7217BB135EF6} folder moved successfully.
C:\Users\Home\AppData\Local\{30A79348-B7E6-44B7-931E-79622436D86A} folder moved successfully.
C:\Users\Home\AppData\Local\{31F411B4-0832-4A39-B9C1-C77A30BB476B} folder moved successfully.
C:\Users\Home\AppData\Local\{329FB463-64D3-4233-B748-CFC446A9C151} folder moved successfully.
C:\Users\Home\AppData\Local\{34AB7E51-F527-4129-B9D6-82F3C970F589} folder moved successfully.
C:\Users\Home\AppData\Local\{34C57EB9-4369-4BE5-A5D1-51FA9B94B990} folder moved successfully.
C:\Users\Home\AppData\Local\{35FF6E93-16FA-425B-A48A-F5B38CB69775} folder moved successfully.
C:\Users\Home\AppData\Local\{361A8BCA-4864-485D-B06F-B94EFEBF9FE1} folder moved successfully.
C:\Users\Home\AppData\Local\{369FF7E9-E216-4154-A3C8-A63F5203678D} folder moved successfully.
C:\Users\Home\AppData\Local\{36A768A7-5841-4719-8B26-95D81B0B2B68} folder moved successfully.
C:\Users\Home\AppData\Local\{37115BDC-BA89-4BB0-9FB8-8B8BDF2296BC} folder moved successfully.
C:\Users\Home\AppData\Local\{37F793BC-CA06-49CA-B9DC-5990E07D063F} folder moved successfully.
C:\Users\Home\AppData\Local\{38242412-6F35-427E-BD3C-1EC4E9E112B6} folder moved successfully.
C:\Users\Home\AppData\Local\{39BFBAC8-01D0-4E30-9F32-48D381F55C3B} folder moved successfully.
C:\Users\Home\AppData\Local\{39C5156D-F3A6-459D-8233-842223F701F6} folder moved successfully.
C:\Users\Home\AppData\Local\{3A83449D-91BD-4B17-9253-D2B73032F6CE} folder moved successfully.
C:\Users\Home\AppData\Local\{3AD3EC3D-9374-4FEB-AF11-3FF0F5A46897} folder moved successfully.
C:\Users\Home\AppData\Local\{3ADBE21E-1329-48BE-9D0E-987D31F0C4EC} folder moved successfully.
C:\Users\Home\AppData\Local\{3BB64AAB-EC2C-40F6-9478-F72AD01E4DCE} folder moved successfully.
C:\Users\Home\AppData\Local\{3C3304ED-528F-43A1-8898-70D05EC20850} folder moved successfully.
C:\Users\Home\AppData\Local\{3CD1EBCC-04D1-47C5-9424-BF6CE4799EAD} folder moved successfully.
C:\Users\Home\AppData\Local\{3D8021F3-DC3E-4C46-9DC7-F42A233DB56D} folder moved successfully.
C:\Users\Home\AppData\Local\{3D88E4E6-E1DC-4658-844F-848C833AFA95} folder moved successfully.
C:\Users\Home\AppData\Local\{3EB6C2A5-8DC9-4C83-BFCF-C2E532E30086} folder moved successfully.
C:\Users\Home\AppData\Local\{3F6BC872-0591-46E3-9A82-03295B6700CE} folder moved successfully.
C:\Users\Home\AppData\Local\{3FB74584-BE16-48B1-BF9E-39B2707DD7A6} folder moved successfully.
C:\Users\Home\AppData\Local\{4079BF85-E81D-4266-9969-18FEC46BD2D2} folder moved successfully.
C:\Users\Home\AppData\Local\{40A4F575-BB21-408A-8BBE-1BEBE901E607} folder moved successfully.
C:\Users\Home\AppData\Local\{40DA20B6-FAEB-483A-BCB9-20CC2168D871} folder moved successfully.
C:\Users\Home\AppData\Local\{40FA8109-BD33-4B1D-81F1-DCB37518D305} folder moved successfully.
C:\Users\Home\AppData\Local\{4192672A-C2C0-406E-8DD3-0CB1C2AB3E1B} folder moved successfully.
C:\Users\Home\AppData\Local\{41FE42FD-4EA6-4924-A0CE-937F90D8FA0D} folder moved successfully.
C:\Users\Home\AppData\Local\{420232C1-5249-4C59-AE38-D8E8C877E17A} folder moved successfully.
C:\Users\Home\AppData\Local\{4263D0F4-98F4-4D79-BAAC-1690AD2F32AA} folder moved successfully.
C:\Users\Home\AppData\Local\{44308867-6B20-4DD6-8EA9-60F74EF170B4} folder moved successfully.
C:\Users\Home\AppData\Local\{448D0F1B-A8AD-4250-BD8F-2994FBEF69E7} folder moved successfully.
C:\Users\Home\AppData\Local\{44CE003F-7D09-400A-B8AC-43DE91C8A4F3} folder moved successfully.
C:\Users\Home\AppData\Local\{44E57B3F-CAA8-4868-833D-7F42FF49EEDC} folder moved successfully.
C:\Users\Home\AppData\Local\{45231B04-142D-4F4E-A382-340118E6D6A3} folder moved successfully.
C:\Users\Home\AppData\Local\{459A947C-E60C-4193-A3B5-0C654EFA17FB} folder moved successfully.
C:\Users\Home\AppData\Local\{45CFE808-7BF0-4761-80B6-447734A673F9} folder moved successfully.
C:\Users\Home\AppData\Local\{4603971D-D88B-44E9-A941-48FA13929EAF} folder moved successfully.
C:\Users\Home\AppData\Local\{4677169D-D9EB-4822-A493-FA1FA6112A2E} folder moved successfully.
C:\Users\Home\AppData\Local\{46D6E6E0-9CD0-4294-AD93-4D37271D0964} folder moved successfully.
C:\Users\Home\AppData\Local\{47ABDFF4-23F2-4BC9-9EE5-4231BC0D93FB} folder moved successfully.
C:\Users\Home\AppData\Local\{4A2364DB-FCA2-411B-AA88-E77BFADC597F} folder moved successfully.
C:\Users\Home\AppData\Local\{4B4A13CC-F8E9-48CA-A25C-8282AABBD02D} folder moved successfully.
C:\Users\Home\AppData\Local\{4BB7C94B-5CE4-4E40-B0A8-8139054775B8} folder moved successfully.
C:\Users\Home\AppData\Local\{4CF4F76A-F802-4737-B9F6-192FDC0628E5} folder moved successfully.
C:\Users\Home\AppData\Local\{4DCA7DD0-F10C-4FB7-8840-3E85B7DE43EE} folder moved successfully.
C:\Users\Home\AppData\Local\{4DCD2805-CF89-44B9-BC78-2BDB40CFC1BD} folder moved successfully.
C:\Users\Home\AppData\Local\{4DEEE783-8AD3-46B4-8867-C2A2C5542969} folder moved successfully.
C:\Users\Home\AppData\Local\{4E52B079-C324-435D-9DA8-155547108D5B} folder moved successfully.
C:\Users\Home\AppData\Local\{4EBA9269-F200-4970-84D6-662580FDB7E4} folder moved successfully.
C:\Users\Home\AppData\Local\{507CDEBA-2EF7-4ED2-9FA4-EFB974DE9165} folder moved successfully.
C:\Users\Home\AppData\Local\{5095EBEB-01B3-4BFB-9328-1EDF31E5CFC8} folder moved successfully.
C:\Users\Home\AppData\Local\{512357BC-AB1D-4319-87B2-0C9ED15FACE8} folder moved successfully.
C:\Users\Home\AppData\Local\{51D06C13-B865-459A-ACDA-F4BEE93E132D} folder moved successfully.
C:\Users\Home\AppData\Local\{5203C95B-F8F1-4A9D-A0BC-6E71251E5C2A} folder moved successfully.
C:\Users\Home\AppData\Local\{5303B41F-C094-4EA2-8C2F-6623AD815E28} folder moved successfully.
C:\Users\Home\AppData\Local\{5316121B-A91A-4594-9BE1-5C09F573F80B} folder moved successfully.
C:\Users\Home\AppData\Local\{54FF7091-8133-46BC-8F1F-796F94198675} folder moved successfully.
C:\Users\Home\AppData\Local\{55FF81BB-E4AF-4DCF-838C-6EEF445E943E} folder moved successfully.
C:\Users\Home\AppData\Local\{5621B33D-3177-4600-AE11-450AEEB36161} folder moved successfully.
C:\Users\Home\AppData\Local\{577F60C8-F2C5-4B3D-AEBB-1F34741C8E2E} folder moved successfully.
C:\Users\Home\AppData\Local\{57B677FB-CDCA-4CFF-A73C-B54A754BA5FF} folder moved successfully.
C:\Users\Home\AppData\Local\{592F3F1F-285F-433E-BA24-7C152C386103} folder moved successfully.
C:\Users\Home\AppData\Local\{5976EDA2-8B92-4AF0-AA39-FF15A9A8217B} folder moved successfully.
C:\Users\Home\AppData\Local\{5AFFC417-E3EB-43BC-8A98-E17046A00F76} folder moved successfully.
C:\Users\Home\AppData\Local\{5AFFDC40-4EF9-4E70-9E48-7836AB59E0B9} folder moved successfully.
C:\Users\Home\AppData\Local\{5BCE573E-5A17-4B39-BF4D-5EB6D4798AF0} folder moved successfully.
C:\Users\Home\AppData\Local\{5BF8038C-344D-4C9B-8061-49A8C70DC66A} folder moved successfully.
C:\Users\Home\AppData\Local\{5C6992E6-2815-484C-BDAC-827002994231} folder moved successfully.
C:\Users\Home\AppData\Local\{5C7F2A85-7B65-4BBA-8E47-B788D58E6A33} folder moved successfully.
C:\Users\Home\AppData\Local\{5C85FEA4-9400-4DAF-B67F-11660B661C72} folder moved successfully.
C:\Users\Home\AppData\Local\{5D9F991A-8930-49F0-B121-6362B729CA13} folder moved successfully.
C:\Users\Home\AppData\Local\{5DEEFCB5-5FF8-4849-99A7-0AEBB8A02619} folder moved successfully.
C:\Users\Home\AppData\Local\{5E6DBBF0-4017-4547-A4DC-E4711E268F33} folder moved successfully.
C:\Users\Home\AppData\Local\{5F91CC24-3CA7-49E4-843D-8EC143911B40} folder moved successfully.
C:\Users\Home\AppData\Local\{601EA051-A953-496E-940D-AADEE66DD749} folder moved successfully.
C:\Users\Home\AppData\Local\{6078C76D-5768-4C05-BBF2-F2EEBB9515EC} folder moved successfully.
C:\Users\Home\AppData\Local\{616B853C-0D23-4CF9-A49F-05BF409F7113} folder moved successfully.
C:\Users\Home\AppData\Local\{6177FA68-117B-44D1-A6EB-D49493CCEB9A} folder moved successfully.
C:\Users\Home\AppData\Local\{61D0D600-9886-4339-8AD6-F8AD3CC6B04C} folder moved successfully.
C:\Users\Home\AppData\Local\{62DB9D8B-B6E4-4E01-A7CA-FF5869A3F547} folder moved successfully.
C:\Users\Home\AppData\Local\{62ECCB1E-9F9A-464F-8FF7-CE01E5B1DCAA} folder moved successfully.
C:\Users\Home\AppData\Local\{632D92BB-E71F-4B54-BB66-A8134DC7A75C} folder moved successfully.
C:\Users\Home\AppData\Local\{636742D6-1896-4528-AE60-183BA48A23AD} folder moved successfully.
C:\Users\Home\AppData\Local\{637D0F27-409E-471A-BA5D-290E50466A65} folder moved successfully.
C:\Users\Home\AppData\Local\{6388052A-8D23-431A-B0F9-6BEC58F54DBD} folder moved successfully.
C:\Users\Home\AppData\Local\{64624E83-504A-496E-B214-665F432E2B0D} folder moved successfully.
C:\Users\Home\AppData\Local\{64CB86EC-204A-4323-A214-CF9EF8622BE4} folder moved successfully.
C:\Users\Home\AppData\Local\{64DA367C-F545-4997-B15F-23D0F2274CA9} folder moved successfully.
C:\Users\Home\AppData\Local\{65884405-C564-413D-BD86-EC5139608319} folder moved successfully.
C:\Users\Home\AppData\Local\{65DBB866-BB8D-4BB8-BAEE-954E379DD6C6} folder moved successfully.
C:\Users\Home\AppData\Local\{665E409D-A4BA-4338-9CB1-57F7BD5B79B7} folder moved successfully.
C:\Users\Home\AppData\Local\{67045865-F7F6-492C-86B2-33F32D9DC1A9} folder moved successfully.
C:\Users\Home\AppData\Local\{67C12847-AAD2-4BC4-AD2C-784A1ED77F10} folder moved successfully.
C:\Users\Home\AppData\Local\{6835384C-7978-4B66-AA5D-A07372924C61} folder moved successfully.
C:\Users\Home\AppData\Local\{684B71D0-0A92-4265-9409-4882FD246A17} folder moved successfully.
C:\Users\Home\AppData\Local\{68EA50CC-A9FF-43B1-A75F-1265CEA22FF4} folder moved successfully.
C:\Users\Home\AppData\Local\{6BFEF9AB-13D3-4749-B384-C920D7E77FCD} folder moved successfully.
C:\Users\Home\AppData\Local\{6C6033A9-AB2E-4FCE-9123-0C91A128BA4E} folder moved successfully.
C:\Users\Home\AppData\Local\{6CDC1D09-57A6-410E-8349-D209EB64895E} folder moved successfully.
C:\Users\Home\AppData\Local\{6D32225B-5D75-4FAC-B246-DFEFE5F96791} folder moved successfully.
C:\Users\Home\AppData\Local\{6DC61276-6CB2-495A-B51E-8B5B9BDDCF23} folder moved successfully.
C:\Users\Home\AppData\Local\{6E0EE891-0146-49C6-9894-37211D86879B} folder moved successfully.
C:\Users\Home\AppData\Local\{6E7E0634-2FBF-4B74-8D8B-4B5B59927C5A} folder moved successfully.
C:\Users\Home\AppData\Local\{6FC9058C-D80C-4723-8D91-3CC9C637D5C2} folder moved successfully.
C:\Users\Home\AppData\Local\{71F7E85D-7574-4AA4-9193-8548DDD5724E} folder moved successfully.
C:\Users\Home\AppData\Local\{7252155B-7B50-45FC-A2C2-B98365F2304F} folder moved successfully.
C:\Users\Home\AppData\Local\{72C8ECAC-A6BB-4A2A-B44B-825EA162E39D} folder moved successfully.
C:\Users\Home\AppData\Local\{73FA610E-6CD1-47F5-A4A8-859EC499C53A} folder moved successfully.
C:\Users\Home\AppData\Local\{741A396C-7F3C-4C9C-BAF1-F2D04694EDD4} folder moved successfully.
C:\Users\Home\AppData\Local\{745995EE-2226-41BB-BB8A-F249A41CEEE5} folder moved successfully.
C:\Users\Home\AppData\Local\{7459D36E-2BB0-4E5A-901F-164938111871} folder moved successfully.
C:\Users\Home\AppData\Local\{7470E3A0-E022-4D5B-A42B-BFDC8A4B3085} folder moved successfully.
C:\Users\Home\AppData\Local\{750DCD2E-0F8B-4E9E-B883-71D2208C37E7} folder moved successfully.
C:\Users\Home\AppData\Local\{7629EAB4-1FC5-40D5-81A6-652B796ABB3C} folder moved successfully.
C:\Users\Home\AppData\Local\{7934A9F4-805F-4F4C-875F-82203881F6D6} folder moved successfully.
C:\Users\Home\AppData\Local\{794E1DFC-BE62-4040-8AF0-D97316F676B2} folder moved successfully.
C:\Users\Home\AppData\Local\{79BBAC44-8829-4A83-924C-27AD06A0D01F} folder moved successfully.
C:\Users\Home\AppData\Local\{7A55C3EC-4159-4AB4-AE21-57ED165BE821} folder moved successfully.
C:\Users\Home\AppData\Local\{7A57C1A7-73D4-4C1C-B18E-BA5B080D1964} folder moved successfully.
C:\Users\Home\AppData\Local\{7D04C2EE-71B3-4A98-94C3-3F14B449DB78} folder moved successfully.
C:\Users\Home\AppData\Local\{7DC8369B-1651-4D59-96B2-31215C5C5A14} folder moved successfully.
C:\Users\Home\AppData\Local\{7FA7155E-43BD-4DE5-99A2-9470C4628928} folder moved successfully.
C:\Users\Home\AppData\Local\{7FECD312-3383-4532-8E00-C76CB6D57E47} folder moved successfully.
C:\Users\Home\AppData\Local\{811B25F0-1288-4A34-AC94-E24A0096D399} folder moved successfully.
C:\Users\Home\AppData\Local\{82887F46-DD04-44A5-9DC7-52C74FEE25A0} folder moved successfully.
C:\Users\Home\AppData\Local\{82FC3350-A7B4-4C8A-9B22-C0F13C731C53} folder moved successfully.
C:\Users\Home\AppData\Local\{835B8805-912F-498C-8FAC-F77EBD8B1648} folder moved successfully.
C:\Users\Home\AppData\Local\{83971461-474D-47A4-B4BC-0A1F90449D61} folder moved successfully.
C:\Users\Home\AppData\Local\{839ECA3A-7464-4AF9-8D0F-965DDD97C0BE} folder moved successfully.
C:\Users\Home\AppData\Local\{83A69353-141A-495D-896A-68C7622280CC} folder moved successfully.
C:\Users\Home\AppData\Local\{83B47CAB-D811-4F83-BA9C-DC76E0830731} folder moved successfully.
C:\Users\Home\AppData\Local\{83BF72F8-80D6-4B01-9BE2-7FB23D867197} folder moved successfully.
C:\Users\Home\AppData\Local\{844859AE-4565-41A4-A271-8BDD3D560461} folder moved successfully.
C:\Users\Home\AppData\Local\{8493DD5D-1DA3-440F-94BD-DF76CCB5991E} folder moved successfully.
C:\Users\Home\AppData\Local\{850FCC49-6B44-43B5-B174-7021D3AD8F6B} folder moved successfully.
C:\Users\Home\AppData\Local\{856ABC32-8540-4DED-97A3-AB9E492099B0} folder moved successfully.
C:\Users\Home\AppData\Local\{865559E6-1436-451C-8ED6-2025766CD425} folder moved successfully.
C:\Users\Home\AppData\Local\{86E2E2FF-ADF9-4339-8D8F-C32DF41D1280} folder moved successfully.
C:\Users\Home\AppData\Local\{86FD9F65-7B1B-48A7-A062-A3356FF27C60} folder moved successfully.
C:\Users\Home\AppData\Local\{8713BD9B-0567-4FB0-A383-30A04C489883} folder moved successfully.
C:\Users\Home\AppData\Local\{879FE557-C887-4228-B4F7-FE8F5128BB45} folder moved successfully.
C:\Users\Home\AppData\Local\{883FB9D5-B6FA-41AD-A28D-DF9976E8F755} folder moved successfully.
C:\Users\Home\AppData\Local\{88AB621B-82AB-40BC-A98E-C58E6484C808} folder moved successfully.
C:\Users\Home\AppData\Local\{88E2E66C-C639-4F07-96DB-D64E3E2D20E6} folder moved successfully.
C:\Users\Home\AppData\Local\{89156C4A-EEBF-4D9F-8F17-43D007D5681C} folder moved successfully.
C:\Users\Home\AppData\Local\{899EE7C9-710F-4A7A-9692-340A4101BAA8} folder moved successfully.
C:\Users\Home\AppData\Local\{8A2AFD93-323F-4BC3-B182-D5FF97CF26C5} folder moved successfully.
C:\Users\Home\AppData\Local\{8A625CDC-0C4D-4083-B68B-A481A850C002} folder moved successfully.
C:\Users\Home\AppData\Local\{8A8A55D4-765B-456A-8847-15FB60C96A88} folder moved successfully.
C:\Users\Home\AppData\Local\{8BBA73BD-002E-4F7D-AC81-96A326B915E5} folder moved successfully.
C:\Users\Home\AppData\Local\{8C4CADD9-3035-4510-8E36-6720ABCB3B84} folder moved successfully.
C:\Users\Home\AppData\Local\{8D1749A2-5E81-4850-B93E-6B087D11E0A7} folder moved successfully.
C:\Users\Home\AppData\Local\{8D35C758-4DE7-44CF-AF2E-A966D20C6F0A} folder moved successfully.
C:\Users\Home\AppData\Local\{8D3A2B11-DC71-4C91-9A25-948F978BA38A} folder moved successfully.
C:\Users\Home\AppData\Local\{8DCF7466-1542-4611-80C6-D4FA3B0A1D75} folder moved successfully.
C:\Users\Home\AppData\Local\{8DD1B60C-5099-47DE-A536-8B21AC27D78A} folder moved successfully.
C:\Users\Home\AppData\Local\{8E4634D5-973D-47EF-BDC3-7BC8BC661358} folder moved successfully.
C:\Users\Home\AppData\Local\{8E4E114B-C77B-4609-B7AF-3E91FE333D25} folder moved successfully.
C:\Users\Home\AppData\Local\{8F4F5CB0-FA51-4606-A077-130E689A5E3B} folder moved successfully.
C:\Users\Home\AppData\Local\{8F896057-7A2B-44A8-8E2A-72F29848174A} folder moved successfully.
C:\Users\Home\AppData\Local\{91EEE653-793F-4ED8-B65A-0B260DA52CC6} folder moved successfully.
C:\Users\Home\AppData\Local\{92AA2478-552A-4FDA-BEDD-9E6BAAD1EAE0} folder moved successfully.
C:\Users\Home\AppData\Local\{9322356A-CB69-4ADD-B58F-E76BD46F255A} folder moved successfully.
C:\Users\Home\AppData\Local\{9388AF42-3E19-4977-912B-E5D3CBB98319} folder moved successfully.
C:\Users\Home\AppData\Local\{94E7C97F-431C-4ACC-A3F6-8AE266E77E7A} folder moved successfully.
C:\Users\Home\AppData\Local\{9904D412-30F8-4FDE-AA63-4B45F79856E3} folder moved successfully.
C:\Users\Home\AppData\Local\{990C5817-A82B-44A8-A933-2C798ED02DAF} folder moved successfully.
C:\Users\Home\AppData\Local\{99364F9F-8F4D-4853-947E-253DA0854FF0} folder moved successfully.
C:\Users\Home\AppData\Local\{9AC34DF9-0047-4135-8C41-7DFBADA0011F} folder moved successfully.
C:\Users\Home\AppData\Local\{9B968622-574C-4B0F-998D-EC33433D2536} folder moved successfully.
C:\Users\Home\AppData\Local\{9BD7A1DF-5845-4640-94EC-86C06E0E01EB} folder moved successfully.
C:\Users\Home\AppData\Local\{9BE05E3A-6BFD-49FD-92CE-FD6D2EA697B8} folder moved successfully.
C:\Users\Home\AppData\Local\{9C854BD5-239A-4688-B168-E078270FF0BD} folder moved successfully.
C:\Users\Home\AppData\Local\{9CC1A719-9F0D-4966-8359-147F5C659799} folder moved successfully.
C:\Users\Home\AppData\Local\{9D2E6FC4-022A-4F84-A49D-CD17B521F292} folder moved successfully.
C:\Users\Home\AppData\Local\{9D69BFBD-4F98-4565-A370-92FA73960192} folder moved successfully.
C:\Users\Home\AppData\Local\{9D7145DF-107C-47F7-BBCB-4944B5461727} folder moved successfully.
C:\Users\Home\AppData\Local\{A0521EE0-A33F-454A-9990-51BB8D8D7424} folder moved successfully.
C:\Users\Home\AppData\Local\{A1285CA4-50EE-4590-B88C-A6CDE04D4BA0} folder moved successfully.
C:\Users\Home\AppData\Local\{A1665F6B-B506-423C-82D1-AB90608DF8EC} folder moved successfully.
C:\Users\Home\AppData\Local\{A1C7ACEB-E61A-4D78-943A-76688647E417} folder moved successfully.
C:\Users\Home\AppData\Local\{A2B18F96-8EED-4DCE-B353-7CF335CF1257} folder moved successfully.
C:\Users\Home\AppData\Local\{A330A261-F342-46BA-933A-2BF98FDB3782} folder moved successfully.
C:\Users\Home\AppData\Local\{A41E2BC1-3BC8-4F5B-B7A5-10E395F04F9F} folder moved successfully.
C:\Users\Home\AppData\Local\{A53AC53E-4A6B-4AA6-AF22-775384874459} folder moved successfully.
C:\Users\Home\AppData\Local\{A5A5905A-94D5-41AC-A019-3DB765BAEFFD} folder moved successfully.
C:\Users\Home\AppData\Local\{A653A5C2-E0FE-45E3-BBD2-2B22462BC18F} folder moved successfully.
C:\Users\Home\AppData\Local\{A6E04378-10D3-4567-BDEC-807102A843E1} folder moved successfully.
C:\Users\Home\AppData\Local\{A6F5F501-D458-4208-9B86-0EED0F7794EA} folder moved successfully.
C:\Users\Home\AppData\Local\{A76C592D-FAB9-4561-A923-2C4B0E88001E} folder moved successfully.
C:\Users\Home\AppData\Local\{A95D1094-23A7-4B07-AD52-BB5FB87666F4} folder moved successfully.
C:\Users\Home\AppData\Local\{AB2C3E9A-E279-45AB-BF8E-FCD590C1BB42} folder moved successfully.
C:\Users\Home\AppData\Local\{ABB93FE1-A279-4131-9654-34579325FFD0} folder moved successfully.
C:\Users\Home\AppData\Local\{AC512D99-7847-40B6-B475-73B5366B347D} folder moved successfully.
C:\Users\Home\AppData\Local\{ADBE5C23-94E5-4965-A820-5903AB8B3966} folder moved successfully.
C:\Users\Home\AppData\Local\{AE7E599F-D702-4C29-B66F-79BDB3E4C526} folder moved successfully.
C:\Users\Home\AppData\Local\{B1C6647B-5672-435C-857D-81910FF8D120} folder moved successfully.
C:\Users\Home\AppData\Local\{B2458A9E-3E2F-436B-8204-2DF389FCDF23} folder moved successfully.
C:\Users\Home\AppData\Local\{B2B9F5BA-8024-4EBA-9518-BB9FC513702B} folder moved successfully.
C:\Users\Home\AppData\Local\{B2E0C86F-1455-433C-834E-DB45F8F1E103} folder moved successfully.
C:\Users\Home\AppData\Local\{B3041F16-769C-4D5D-8CAB-B6519931CACA} folder moved successfully.
C:\Users\Home\AppData\Local\{B418C97B-C639-43D1-B3EA-129D00BFC4F9} folder moved successfully.
C:\Users\Home\AppData\Local\{B50F4A86-5F9D-43B7-986E-1E211A1A9C49} folder moved successfully.
C:\Users\Home\AppData\Local\{B5C19C78-1192-4D04-BE02-C393EA5E3963} folder moved successfully.
C:\Users\Home\AppData\Local\{B69025EE-52DA-43DF-99B8-DAB61C12A301} folder moved successfully.
C:\Users\Home\AppData\Local\{B6C4D457-6E9D-47FB-8E4E-434ED38F190B} folder moved successfully.
C:\Users\Home\AppData\Local\{B72F6CAD-31F3-48B1-ADE9-2EB334DF0577} folder moved successfully.
C:\Users\Home\AppData\Local\{B7C08FA2-93D4-4501-9D15-3AEAF415D117} folder moved successfully.
C:\Users\Home\AppData\Local\{B7E5B0A3-C894-48A5-BE42-7590C8CA6CC8} folder moved successfully.
C:\Users\Home\AppData\Local\{B9730B17-115C-4D2F-A0CD-CE3C5876389E} folder moved successfully.
C:\Users\Home\AppData\Local\{BA08BC89-A6E2-4986-821B-82178E516491} folder moved successfully.
C:\Users\Home\AppData\Local\{BA162ECD-8A8D-4462-9777-DF6F9E20D2B1} folder moved successfully.
C:\Users\Home\AppData\Local\{BA192EB0-437D-43ED-9656-ED22FD652960} folder moved successfully.
C:\Users\Home\AppData\Local\{BAFB44C7-8036-4007-8E7F-4A5445ECB8F1} folder moved successfully.
C:\Users\Home\AppData\Local\{BE29158D-D9DD-4443-B2C8-83739377DF7D} folder moved successfully.
C:\Users\Home\AppData\Local\{BE457759-8D8F-4DBD-B046-EECD143C6E3A} folder moved successfully.
C:\Users\Home\AppData\Local\{BE97152B-B2A8-4AED-89D0-0A78F765FCB4} folder moved successfully.
C:\Users\Home\AppData\Local\{BEE92143-85BC-4B4D-9DF0-2A8792C1222E} folder moved successfully.
C:\Users\Home\AppData\Local\{BF03763E-75B3-48A3-9CAF-0EE080DD4380} folder moved successfully.
C:\Users\Home\AppData\Local\{BFA361FF-B9DA-4513-B317-11BEC996A529} folder moved successfully.
C:\Users\Home\AppData\Local\{C11A51D3-13A9-4C91-A3FA-393B78E684B1} folder moved successfully.
C:\Users\Home\AppData\Local\{C11B1592-CF46-4ECD-A269-2E6C3FF4B1D3} folder moved successfully.
C:\Users\Home\AppData\Local\{C1801F86-C920-4983-982A-7B0003262AD5} folder moved successfully.
C:\Users\Home\AppData\Local\{C1855BCA-5378-4017-9253-950EC4A57A1A} folder moved successfully.
C:\Users\Home\AppData\Local\{C198675A-6641-4C3C-B89C-31BB5ED9B567} folder moved successfully.
C:\Users\Home\AppData\Local\{C1D5AB97-8C4E-479D-AB14-2045F76B0C7B} folder moved successfully.
C:\Users\Home\AppData\Local\{C2298CA2-80AA-4A26-B6B1-AD79AEFF0A4A} folder moved successfully.
C:\Users\Home\AppData\Local\{C29591BF-65D6-43FA-8DC6-B1F999D4768B} folder moved successfully.
C:\Users\Home\AppData\Local\{C32E47D6-ED7F-4FD0-9112-93FB7692D741} folder moved successfully.
C:\Users\Home\AppData\Local\{C3C8293B-01AF-4A93-9B99-55BE3B23B679} folder moved successfully.
C:\Users\Home\AppData\Local\{C694588D-9E28-4C72-B7F5-12ABB5029CCC} folder moved successfully.
C:\Users\Home\AppData\Local\{C6F42E62-A8C1-4B20-AF91-3668D186894B} folder moved successfully.
C:\Users\Home\AppData\Local\{C78C05BC-9411-4583-B477-57AB377F223F} folder moved successfully.
C:\Users\Home\AppData\Local\{C91D5353-4980-4BCF-840D-15DC22ECC5B4} folder moved successfully.
C:\Users\Home\AppData\Local\{C939EB26-3455-4D72-8973-882333C9C63A} folder moved successfully.
C:\Users\Home\AppData\Local\{CA52741D-BA40-4D85-AE30-7CF93E901E27} folder moved successfully.
C:\Users\Home\AppData\Local\{CB54EBE3-AB82-4E98-AFC2-74F24CBA0F34} folder moved successfully.
C:\Users\Home\AppData\Local\{CB91388F-A48C-4A32-85D9-E4FB37966F22} folder moved successfully.
C:\Users\Home\AppData\Local\{CBDAAD67-796D-4EFA-B3E0-FEF9AAEA265A} folder moved successfully.
C:\Users\Home\AppData\Local\{CC9C3F5F-FBAF-4580-A634-1DD131F78F85} folder moved successfully.
C:\Users\Home\AppData\Local\{CD822744-3D3C-452E-B110-B5D882A61A6A} folder moved successfully.
C:\Users\Home\AppData\Local\{CF3D11F1-1E65-4E0C-B4B3-F1A404A3FFC8} folder moved successfully.
C:\Users\Home\AppData\Local\{CF8F16DF-7455-41A2-A2FE-5CF64B8D3F35} folder moved successfully.
C:\Users\Home\AppData\Local\{D1028DD1-9AFB-4573-9C5F-8A32325CCF2B} folder moved successfully.
C:\Users\Home\AppData\Local\{D11B6B5C-EBDB-4141-8843-1BEEA7D174CA} folder moved successfully.
C:\Users\Home\AppData\Local\{D2D72F76-ADD7-481D-A670-3EAF239513B3} folder moved successfully.
C:\Users\Home\AppData\Local\{D3C9362D-2E47-4F62-B684-2906B86B9EB8} folder moved successfully.
C:\Users\Home\AppData\Local\{D3CA9815-44CA-49E3-9CEC-4EE17C6112B4} folder moved successfully.
C:\Users\Home\AppData\Local\{D45C6F15-D5E8-406A-AACB-655409186370} folder moved successfully.
C:\Users\Home\AppData\Local\{D68988E6-3F5C-4F05-A2D7-4D8946E06DAB} folder moved successfully.
C:\Users\Home\AppData\Local\{D73CFEA2-E66F-4E2F-BAD8-16F53BB5BD20} folder moved successfully.
C:\Users\Home\AppData\Local\{D92AB8FA-0000-48E8-9A15-CCC5068B19A7} folder moved successfully.
C:\Users\Home\AppData\Local\{D9D4257C-DDB9-4DB4-82EF-C08F4A2871BA} folder moved successfully.
C:\Users\Home\AppData\Local\{DA163274-01AC-4550-8F43-A47E6D8788D4} folder moved successfully.
C:\Users\Home\AppData\Local\{DACA11EA-85E1-41FA-A11A-A901A215E4AB} folder moved successfully.
C:\Users\Home\AppData\Local\{DB0488DC-996D-4F1F-9AE4-CBF373A4430A} folder moved successfully.
C:\Users\Home\AppData\Local\{DBE7CE1C-16A7-4804-9607-FFACEEAB6F51} folder moved successfully.
C:\Users\Home\AppData\Local\{DDF72E8D-70AC-4D32-A797-7702762A3041} folder moved successfully.
C:\Users\Home\AppData\Local\{E0382250-6A4F-4038-B4C0-CCC2CD2E62DD} folder moved successfully.
C:\Users\Home\AppData\Local\{E08C6E2A-084E-43AF-845E-DC93D06ADE73} folder moved successfully.
C:\Users\Home\AppData\Local\{E2815C05-F4D6-49C9-94C3-C14A94BC28D6} folder moved successfully.
C:\Users\Home\AppData\Local\{E2888CA5-A297-48DD-A9C1-2964DE54291A} folder moved successfully.
C:\Users\Home\AppData\Local\{E2A4CC05-AD83-4614-B4EF-3F6C02EA9500} folder moved successfully.
C:\Users\Home\AppData\Local\{E40E3B21-95F6-41D9-B86D-0B8E84A6EBD1} folder moved successfully.
C:\Users\Home\AppData\Local\{E4B8DE72-B6E8-4368-B2E3-467E2463F786} folder moved successfully.
C:\Users\Home\AppData\Local\{E4E261A8-FF53-40AB-A6A6-943420E3297C} folder moved successfully.
C:\Users\Home\AppData\Local\{E50A3E21-09DF-48CE-8FB7-B271D36701B1} folder moved successfully.
C:\Users\Home\AppData\Local\{E60DF966-6E40-402F-8AE9-D62FA2384098} folder moved successfully.
C:\Users\Home\AppData\Local\{E65AA326-880E-411C-8E55-D94CE92E2CA2} folder moved successfully.
C:\Users\Home\AppData\Local\{E7FEF964-2209-4438-B17F-3F7D125BAA53} folder moved successfully.
C:\Users\Home\AppData\Local\{E845BFB6-B224-45B5-AD79-C29E73303DF4} folder moved successfully.
C:\Users\Home\AppData\Local\{E9E18768-346C-4D27-A485-F0F703F7432E} folder moved successfully.
C:\Users\Home\AppData\Local\{EA29AEC6-CD1E-458E-BC88-1F8B4C5A2864} folder moved successfully.
C:\Users\Home\AppData\Local\{EA6E3CA0-BFBE-4F34-B254-7DC8B4109CED} folder moved successfully.
C:\Users\Home\AppData\Local\{EB33DF5E-1C39-4D29-B25F-FCBB5B3F34FA} folder moved successfully.
C:\Users\Home\AppData\Local\{EB5960F1-A931-4195-B575-04E9E4A409B6} folder moved successfully.
C:\Users\Home\AppData\Local\{EBD09799-0E4F-4D36-8E54-847200642554} folder moved successfully.
C:\Users\Home\AppData\Local\{EC00DAF6-88A6-4AA7-B504-1E5FF71DB251} folder moved successfully.
C:\Users\Home\AppData\Local\{ED37A0F9-D6F2-44C3-BA91-7CF645470EB0} folder moved successfully.
C:\Users\Home\AppData\Local\{EF7B0A64-1DE1-4F0C-A767-7DED1699B8F1} folder moved successfully.
C:\Users\Home\AppData\Local\{F10464EE-31F4-4D68-813F-2D80DA1C7411} folder moved successfully.
C:\Users\Home\AppData\Local\{F2C0459E-B417-4A6B-B4C9-B8B03DB3CCF7} folder moved successfully.
C:\Users\Home\AppData\Local\{F35DBA54-68DF-4BEE-B48F-8CB92BCA78C2} folder moved successfully.
C:\Users\Home\AppData\Local\{F4376746-7BFD-414D-86E0-6D72B1A3108D} folder moved successfully.
C:\Users\Home\AppData\Local\{F4A1DC0F-A8E8-4717-9299-A7A568D18D04} folder moved successfully.
C:\Users\Home\AppData\Local\{F4A62553-2D3D-4A00-AD2E-296B6AFAD281} folder moved successfully.
C:\Users\Home\AppData\Local\{F4B8E5F2-76BC-4E18-9D1B-F2E9F950531F} folder moved successfully.
C:\Users\Home\AppData\Local\{F53471BC-4BE4-4F44-8EC4-725E7BEC0100} folder moved successfully.
C:\Users\Home\AppData\Local\{F5D9FE75-38D8-48C2-BF6A-EA28F225A1B3} folder moved successfully.
C:\Users\Home\AppData\Local\{F6B3BDB5-D05F-48E4-80ED-59E7356D30FA} folder moved successfully.
C:\Users\Home\AppData\Local\{F6BB7953-F6F4-425B-907D-9C1D6413A511} folder moved successfully.
C:\Users\Home\AppData\Local\{F6C0D6D0-9796-41A7-BDEA-5C3FB84C6646} folder moved successfully.
C:\Users\Home\AppData\Local\{F6EF35F2-8F6A-4086-AD1E-5B0845C71CB3} folder moved successfully.
C:\Users\Home\AppData\Local\{F75935AA-A648-419D-8D9A-AFAE1518F8FC} folder moved successfully.
C:\Users\Home\AppData\Local\{F7A334C6-2746-4A52-9FF4-912C18FA42DE} folder moved successfully.
C:\Users\Home\AppData\Local\{F80887D1-B03E-43F5-92AC-1B8F8D5441C2} folder moved successfully.
C:\Users\Home\AppData\Local\{F8EFC25E-C701-44A4-80B2-4560366D70B3} folder moved successfully.
C:\Users\Home\AppData\Local\{F922C9F5-F8D1-4889-AB79-76B9B390A714} folder moved successfully.
C:\Users\Home\AppData\Local\{F9929175-F971-41D8-8AB3-2E069597B6C2} folder moved successfully.
C:\Users\Home\AppData\Local\{FAEE3DD2-034B-4C7F-81B3-A284AA12BC2C} folder moved successfully.
C:\Users\Home\AppData\Local\{FB18181C-AF55-4D09-8DDD-64DE8AE5C137} folder moved successfully.
C:\Users\Home\AppData\Local\{FB6B1BF4-8C4A-4D89-BF39-FD59C3403E15} folder moved successfully.
C:\Users\Home\AppData\Local\{FBA2D37F-E4CB-4FF9-9D59-151CFF4FF958} folder moved successfully.
C:\Users\Home\AppData\Local\{FBD6A687-B44D-421B-A365-9140D547EF12} folder moved successfully.
C:\Users\Home\AppData\Local\{FC199136-6457-402D-9FB4-A7536F40B9D1} folder moved successfully.
C:\Users\Home\AppData\Local\{FDA7191D-FE6E-4EA2-A821-E2153983B057} folder moved successfully.
ADS C:\ProgramData\Temp:1E17A249 deleted successfully.
ADS C:\ProgramData\Temp:EFBD4447 deleted successfully.
ADS C:\ProgramData\Temp:C9CDDE5E deleted successfully.
ADS C:\ProgramData\Temp:DFC3B090 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 3547821 bytes
->Temporary Internet Files folder emptied: 5627794 bytes
->Java cache emptied: 30708487 bytes
->FireFox cache emptied: 73606476 bytes
->Google Chrome cache emptied: 375125739 bytes
->Flash cache emptied: 1059 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 918949 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101889 bytes
RecycleBin emptied: 4819962 bytes

Total Files Cleaned = 472.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12182012_220534

Files\Folders moved on Reboot...
C:\Users\Home\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:03 PM

Posted 19 December 2012 - 07:28 PM

Hi Boucheman,



Let's check for leftovers.
The most of them should take no more than 5 minutes each.
Eset could take up to an hour or two depending on the size of your hard drive and the speed of your computer.
You can run these scans at night when you are not there and the computer is idle.
Also we need to repair some of the Windows services like Windows Update, Windows Firewall, Security Center etc. which are probably broken by the rootkit.
And then I'll give you my final recommendations.



STEP 1


  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.



STEP 2


  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.



STEP 3



I'd like us to scan your machine with ESET OnlineScan


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


STEP 4



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


STEP 5



Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


STEP 6



Please download MiniToolBox.exe by Farbar save it to your desktop and run it.
Checkmark all checkboxes.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed !



STEP 7



Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Regards,
Georgi

cXfZ4wS.png


#12 Boucheman

Boucheman
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 21 December 2012 - 12:38 AM

RKILL REPORT:
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/19/2012 11:48:52 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\dleacoms.exe (PID: 1988) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Home\Desktop\rkill\rkill-12-19-2012-11-48-58.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/19/2012 11:49:05 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

AntiMalware Bytes Report:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Home :: HOME-PC [administrator]

12/19/2012 11:51:03 PM
mbam-log-2012-12-19 (23-51-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211971
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET SCAN REPORT:
C:\Users\Home\Downloads\cbsidlm-tr1_7-Free_ISO_Creator-SEO2-10902634.exe Win32/DownloadAdmin.D application
C:\Users\Home\Downloads\cbsidlm-tr1_8-Power_Tab_Editor-ORG2-10502034.exe Win32/DownloadAdmin.E application
C:\Users\Home\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application
L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-03 030005\Backup files 31.zip multiple threats
L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-03 030005\Backup files 32.zip Win32/Adware.ADON application
L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-10 030000\Backup files 25.zip multiple threats
L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-10 030000\Backup files 26.zip Win32/Adware.ADON application
L:\HOME-PC\Backup Set 2012-12-17 030000\Backup Files 2012-12-17 030000\Backup files 26.zip multiple threats

FARBAR REPORT:
Farbar Service Scanner Version: 10-12-2012
Ran by Home (administrator) on 20-12-2012 at 22:35:18
Running from "C:\Users\Home\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

JunkRemoval Tool REPORT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.1 (12.20.2012:1)
OS: Windows 7 Home Premium x64
Ran by Home on Thu 12/20/2012 at 23:26:32.64
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"



~~~ FireFox

Successfully deleted: [File] C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\nkvulwzx.default\user.js
Successfully deleted: [Folder] C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\nkvulwzx.default\conduitcommon
Successfully deleted the following from C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\nkvulwzx.default\prefs.js

user_pref("CT2438727..clientLogIsEnabled", true);
user_pref("CT2438727..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2438727..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2438727.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true);
user_pref("CT2438727.CT2438727", "CT2438727");
user_pref("CT2438727.CurrentServerDate", "23-9-2011");
user_pref("CT2438727.DialogsAlignMode", "LTR");
user_pref("CT2438727.DialogsGetterLastCheckTime", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"9/23/2011 6:07:03 PM\",\"SourceId\":0,\
user_pref("CT2438727.EMailNotifierPollDate", "Fri Sep 23 2011 13:21:13 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.FirstServerDate", "23-9-2011");
user_pref("CT2438727.FirstTime", true);
user_pref("CT2438727.FirstTimeFF3", true);
user_pref("CT2438727.FixPageNotFoundErrors", true);
user_pref("CT2438727.GroupingServerCheckInterval", 1440);
user_pref("CT2438727.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2438727.HasUserGlobalKeys", true);
user_pref("CT2438727.HomePageProtectorEnabled", false);
user_pref("CT2438727.Initialize", true);
user_pref("CT2438727.InitializeCommonPrefs", true);
user_pref("CT2438727.InstallationAndCookieDataSentCount", 1);
user_pref("CT2438727.InstallationType", "DirectDownload");
user_pref("CT2438727.InstalledDate", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.InvalidateCache", false);
user_pref("CT2438727.IsAlertDBUpdated", true);
user_pref("CT2438727.IsGrouping", false);
user_pref("CT2438727.IsInitSetupIni", true);
user_pref("CT2438727.IsMulticommunity", false);
user_pref("CT2438727.IsOpenThankYouPage", true);
user_pref("CT2438727.IsOpenUninstallPage", true);
user_pref("CT2438727.IsProtectorsInit", true);
user_pref("CT2438727.LanguagePackLastCheckTime", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2438727.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2438727.LastLogin_3.6.0.10", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.LatestVersion", "3.6.0.10");
user_pref("CT2438727.Locale", "en");
user_pref("CT2438727.MCDetectTooltipHeight", "83");
user_pref("CT2438727.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2438727.MCDetectTooltipWidth", "295");
user_pref("CT2438727.MyStuffEnabledAtInstallation", false);
user_pref("CT2438727.OriginalFirstVersion", "3.6.0.10");
user_pref("CT2438727.RadioIsPodcast", false);
user_pref("CT2438727.RadioLastCheckTime", "Fri Sep 23 2011 10:02:00 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.RadioLastUpdateIPServer", "3");
user_pref("CT2438727.RadioLastUpdateServer", "0");
user_pref("CT2438727.RadioMediaID", "9909");
user_pref("CT2438727.RadioMediaType", "Media Player");
user_pref("CT2438727.RadioMenuSelectedID", "EBRadioMenu_CT24387279909");
user_pref("CT2438727.RadioShrinkedFromSetup", false);
user_pref("CT2438727.RadioStationName", "WQXR-FM%20NYC%20(Classical)");
user_pref("CT2438727.RadioStationURL", "http://htc-01.media.globix.net/COMP005996MOD1/meta/wqxr_live_high.asx");
user_pref("CT2438727.SHRINK_TOOLBAR", 1);
user_pref("CT2438727.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
user_pref("CT2438727.SearchFromAddressBarIsInit", true);
user_pref("CT2438727.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=2&q=");
user_pref("CT2438727.SearchInNewTabEnabled", true);
user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
user_pref("CT2438727.SearchInNewTabLastCheckTime", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2438727.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2438727.SearchProtectorEnabled", false);
user_pref("CT2438727.SearchProtectorToolbarDisabled", false);
user_pref("CT2438727.ServiceMapLastCheckTime", "Fri Sep 23 2011 10:01:53 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.SettingsLastCheckTime", "Fri Sep 23 2011 13:21:13 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.SettingsLastUpdate", "1314929172");
user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Fri Sep 23 2011 10:01:53 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2438727.ToolbarShrinkedFromSetup", false);
user_pref("CT2438727.TrusteLinkUrl", "http://trust.conduit.com/CT2438727");
user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2438727.UserID", "UN14872705056261304");
user_pref("CT2438727.ValidationData_Toolbar", 2);
user_pref("CT2438727.WeatherNetwork", "");
user_pref("CT2438727.WeatherPollDate", "Fri Sep 23 2011 13:21:15 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.WeatherUnit", "F");
user_pref("CT2438727.alertChannelId", "832836");
user_pref("CT2438727.components.1000034", true);
user_pref("CT2438727.components.1000082", true);
user_pref("CT2438727.components.1000234", true);
user_pref("CT2438727.components.1000515", true);
user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.homepageProtectorEnableByLogin", true);
user_pref("CT2438727.initDone", true);
user_pref("CT2438727.isAppTrackingManagerOn", true);
user_pref("CT2438727.isFirstRadioInstallation", false);
user_pref("CT2438727.myStuffEnabled", true);
user_pref("CT2438727.myStuffPublihserMinWidth", 400);
user_pref("CT2438727.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
user_pref("CT2438727.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
user_pref("CT2438727.searchProtectorEnableByLogin", true);
user_pref("CT2438727.testingCtid", "");
user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Fri Sep 23 2011 10:01:56 GMT-0500 (Central Daylight Time)");
user_pref("CT2438727.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/832836/828639/US", "\"0\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"634515122457000000\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2438727&octid=CT2438727", "\"1314929172\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"27f9ceb6f365cb1:0\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"634515953213470000\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Home\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\nkvulwzx.default\\conduitCommon\\modules\\3.6.0.10");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
user_pref("CommunityToolbar.ToolbarsList4", "CT2438727");
user_pref("CommunityToolbar.globalUserId", "8b02bddc-2903-4bd9-b710-b8d4555fd313");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.alertEnabled", false);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Sep 23 2011 10:02:04 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Sep 23 2011 10:01:55 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "0b851630-a285-49dc-b002-e886856c5909");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/20/2012 at 23:31:45.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MiniToolBox REPORT:
MiniToolBox by Farbar Version: 25-11-2012
Ran by Home (administrator) on 20-12-2012 at 23:34:22
Running from "C:\Users\Home\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
DW1525 (802.11n) WLAN PCIe Card = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Home-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 78-2B-CB-92-B4-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fd40:d4a3:77b2:27c7%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 20, 2012 5:13:19 AM
Lease Expires . . . . . . . . . . : Friday, December 21, 2012 5:13:19 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242756555
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-7A-05-87-78-2B-CB-92-B4-26
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{661637C6-1229-4B1F-B0C2-19253A4C7D05}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:400f:801::1002
74.125.225.200
74.125.225.193
74.125.225.198
74.125.225.197
74.125.225.201
74.125.225.199
74.125.225.194
74.125.225.206
74.125.225.196
74.125.225.192
74.125.225.195


Pinging google.com [74.125.225.192] with 32 bytes of data:
Reply from 74.125.225.192: bytes=32 time=74ms TTL=43
Reply from 74.125.225.192: bytes=32 time=74ms TTL=43

Ping statistics for 74.125.225.192:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 74ms, Average = 74ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=68ms TTL=49
Reply from 72.30.38.140: bytes=32 time=69ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 69ms, Average = 68ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...78 2b cb 92 b4 26 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::fd40:d4a3:77b2:27c7/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/20/2012 11:33:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (12/20/2012 11:33:46 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Home\Downloads\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
Date: 2012-12-06 20:10:29.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 20:10:29.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 20:10:29.044
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-03-25 18:41:31.702
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-25 18:41:31.686
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-25 18:41:31.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-25 18:41:31.655
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

A380v2 (FSX)
Active Sky 2012 (Version: 13.1.4387.37836)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Alchemy
Any Video Converter 3.3.3
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.10)
Battlefield 2 (Version: 1.5.0.0)
Battlefield 2 Server (Version: 1.00.001)
Battlefield 2142 Deluxe Edition (Version: 1.5.1.0)
Battlefield: Bad Company™ 2 (Version: 1.0.0.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Big Fish Games: Game Manager (Version: 3.0.1.60)
BitLord 2.0
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
CCleaner (Version: 3.19)
Chuzzle Deluxe (Version: 2.2.0.95)
Consumer In-Home Service Agreement (Version: 2.0.0)
ConvertHelper 2.2
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Marketplace Webslice IE8 (Version: 8.0)
Dell MusicStage (Version: 1.4.162.0)
Dell PhotoStage (Version: 1.5.0.30)
Dell Stage (Version: 1.7.209.0)
Dell Support Center (Version: 3.2.6032.102)
Dell V310-V510 Series
Dell VideoStage (Version: 1.1.1.1408)
Descent Manager Tools
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DirectX 9 Runtime (Version: 1.00.0000)
Dora's World Adventure (Version: 2.2.0.95)
Escape Whisper Valley
Escape Whisper Valley ™ (Version: 2.2.0.95)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Fury (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
FL Studio 10
Flight Sim Nation Carrier (Version: 1.0)
Flight Simulator X Service Pack 1
FS Global 2010
FS2Crew: Default 747 FSX Edition
FS2Crew: iFly737NG Button Control Edition
FS2Crew: iFly737NG Voice Control Edition
FS2Crew: PMDG 747 Voice Commander Edition
Google Chrome (Version: 23.0.1271.97)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
iFly 747-400 for Microsoft Flight Simulator X (Version: 1.0.0.0)
iFly Jets - The 737NG for FSX
IL Download Manager
IL Shared Libraries
Intel® Processor Graphics (Version: 8.15.10.2622)
Internet Explorer (Version: 8)
Internet TV for Windows Media Center (Version: 4.2.2.0)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 31 (Version: 6.0.310)
Jewel Quest (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
KLAX v1.1.2 for FSX (Version: 1.1.2)
Luxor (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee SecurityCenter (Version: 11.6.443)
Media Player Codec Pack 4.1.4 (Version: 4.1.4)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Flight Simulator X (Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 1 (Version: 10.0.61355.0)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Multimedia Card Reader (Version: 1.6.915.87)
Mystery P.I.: Stolen in San Francisco
Mystery P.I.: The Curious Case of Counterfeit Cove
Mystery P.I.: The London Caper
Mystery P.I.: The Vegas Heist
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
Origin (Version: 8.2.4.465)
Penguins! (Version: 2.2.0.95)
PhotoShowExpress (Version: 2.0.063)
Plants vs. Zombies
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PMDG 747-400/400F for FSX (Version: 2.10.0040)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power Tab Editor 1.7 (Version: 1.7.0)
PunkBuster Services (Version: 0.988)
QuickTime (Version: 7.71.80.42)
Radar Contact Version 4.0 (Version: 4.0)
Radar Contact Version 4.01 (Version: 4.01)
RBVirtualFolder64Inst (Version: 1.00.0000)
Real Environment Xtreme (Version: 1.0.2008.1128)
Realtek High Definition Audio Driver (Version: 6.0.1.6043)
Red Faction
Remote Play with PlayStation 3 (Version: 1.0.0.15090)
Remote Play with PlayStation®3 (Version: 1.0.0.15090)
RfServerBrowser 5.0
Rosetta Stone Version 3 (Version: 3.4.5.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Samantha Swift (Version: 2.2.0.95)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.0 (Version: 6.0.126)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Switch Sound File Converter
System Requirements Lab for Intel (Version: 4.5.5.0)
TeamSpeak 3 Client
TrustedID (Version: 5.0)
TSS A380 GP7000 Sound FSX
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update Installer for WildTangent Games App
Vegas Pro 11.0 (64-bit) (Version: 11.0.521)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VirtualCloneDrive
WavePad Sound Editor
Wedding Dash - Ready, Aim, Love! (Version: 2.2.0.95)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Dell Games) (Version: 4.0.5.14)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
WinSCP 4.3.7 (Version: 4.3.7)
Yahoo! Messenger
Yahoo! Software Update
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

Name: DW1525 (802.11n) WLAN PCIe Card
Description: DW1525 (802.11n) WLAN PCIe Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 7991.12 MB
Available physical RAM: 6213.1 MB
Total Pagefile: 15980.43 MB
Available Pagefile: 13932.65 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.03 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:698.61 GB) NTFS
8 Drive l: (My Passport) (Fixed) (Total:465.73 GB) (Free:68.28 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-PC

Administrator Guest Home

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

08-12-2012 10:54:18 SpeedyPC Pro Backup
10-12-2012 09:00:15 Windows Backup
17-12-2012 09:00:15 Windows Backup
19-12-2012 06:29:12 Removed Java 7 Update 7

**** End of log ****

SecurityCheck REPORT:
UNSUPPORTED OPERATING SYSTEM! ABORTED!

#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:03 PM

Posted 21 December 2012 - 11:23 AM

Hi Boucheman,



We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :files
    C:\Users\Home\Downloads\cbsidlm-tr1_7-Free_ISO_Creator-SEO2-10902634.exe
    C:\Users\Home\Downloads\cbsidlm-tr1_8-Power_Tab_Editor-ORG2-10502034.exe
    C:\Users\Home\Downloads\Unlocker1.9.1.exe
    L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-03 030005\Backup files 31.zip
    L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-03 030005\Backup files 32.zip
    L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-10 030000\Backup files 25.zip
    L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-10 030000\Backup files 26.zip
    L:\HOME-PC\Backup Set 2012-12-17 030000\Backup Files 2012-12-17 030000\Backup files 26.zip
    :commands
    [emptytemp]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.





Next let's try to fix the broken services.


Backup Your Registry




Now please download BFERestore.exe and save it to your desktop.

Double click on the downloaded file. It should only take a few seconds to run.

When complete, it will say "Done! Please check if BFE service is running now"

A reboot may be necessary.



Now download the following files and save them to your desktop:

mpsdrv.reg

MpsSvc.reg

BFE.reg

wscsvc.reg

wuauserv.reg

iphlpsvc.reg

WinDefend.reg

SharedAccess.reg

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Now reboot the computer.

Post new log from Farbar Service Scanner (FSS).





We Need to Run a Registry Script

  • Press the Windows Logo in the lower left corner of your screen.
  • In the Posted Image box, enter notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into notepad.
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
    "LibraryPath"="%SystemRoot%\\system32\\NLAapi.dll"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
    "LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
    "LibraryPath"="%SystemRoot%\\system32\\NLAapi.dll"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
    "LibraryPath"="%SystemRoot%\\System32\\mswsock.dll"
    
  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.reg.
  • Press Posted Image.
  • Close Notepad.
  • Double click Posted Image on your desktop.
  • Press Yes if prompted by User Account Control.
  • Press Yes, and then Ok, when prompted.
  • Right click on Posted Image and choose Delete.
  • Press Yes.




Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "Run as administrator".
Copy/paste the following text at the command prompt and press enter after each line:

netsh winsock reset

sfc /scannow

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

A txt file named sfcdetails.txt should appear on the desktop.

Attach it to your next reply.

Reboot the computer in order the changes to take effect



Regards,
Georgi

cXfZ4wS.png


#14 Boucheman

Boucheman
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 23 December 2012 - 12:48 AM

OTL REPORT:

All processes killed
========== FILES ==========
C:\Users\Home\Downloads\cbsidlm-tr1_7-Free_ISO_Creator-SEO2-10902634.exe moved successfully.
C:\Users\Home\Downloads\cbsidlm-tr1_8-Power_Tab_Editor-ORG2-10502034.exe moved successfully.
C:\Users\Home\Downloads\Unlocker1.9.1.exe moved successfully.
L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-03 030005\Backup files 31.zip moved successfully.
L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-03 030005\Backup files 32.zip moved successfully.
L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-10 030000\Backup files 25.zip moved successfully.
L:\HOME-PC\Backup Set 2012-12-03 030005\Backup Files 2012-12-10 030000\Backup files 26.zip moved successfully.
L:\HOME-PC\Backup Set 2012-12-17 030000\Backup Files 2012-12-17 030000\Backup files 26.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 321003 bytes
->Temporary Internet Files folder emptied: 2834092 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28797787 bytes
->Google Chrome cache emptied: 314333977 bytes
->Flash cache emptied: 826 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 917003 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 331.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12222012_231446

Files\Folders moved on Reboot...
C:\Users\Home\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

FARBAR REPORT:

Farbar Service Scanner Version: 10-12-2012
Ran by Home (administrator) on 22-12-2012 at 23:44:44
Running from "C:\Users\Home\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Sfcdetails.txt REPORT:

2012-12-16 22:46:12, Info CSI 00000009 [SR] Verifying 1 components
2012-12-16 22:46:12, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-12-16 22:46:12, Info CSI 0000000c [SR] Verify complete
2012-12-17 18:07:14, Info CSI 00000009 [SR] Verifying 1 components
2012-12-17 18:07:14, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-12-17 18:07:14, Info CSI 0000000c [SR] Verify complete
2012-12-22 23:33:27, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:27, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-12-22 23:33:29, Info CSI 0000000c [SR] Verify complete
2012-12-22 23:33:29, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:29, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-12-22 23:33:31, Info CSI 00000010 [SR] Verify complete
2012-12-22 23:33:32, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:32, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-12-22 23:33:34, Info CSI 00000014 [SR] Verify complete
2012-12-22 23:33:34, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:34, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-12-22 23:33:38, Info CSI 00000018 [SR] Verify complete
2012-12-22 23:33:38, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:38, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-12-22 23:33:45, Info CSI 0000001c [SR] Verify complete
2012-12-22 23:33:45, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:45, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-12-22 23:33:50, Info CSI 00000020 [SR] Verify complete
2012-12-22 23:33:50, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:50, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-12-22 23:33:54, Info CSI 00000024 [SR] Verify complete
2012-12-22 23:33:54, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:54, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-12-22 23:33:58, Info CSI 00000028 [SR] Verify complete
2012-12-22 23:33:58, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:33:58, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:02, Info CSI 0000002c [SR] Verify complete
2012-12-22 23:34:03, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:03, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:05, Info CSI 00000030 [SR] Verify complete
2012-12-22 23:34:06, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:06, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:07, Info CSI 00000034 [SR] Verify complete
2012-12-22 23:34:08, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:08, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:13, Info CSI 00000038 [SR] Verify complete
2012-12-22 23:34:14, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:14, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:22, Info CSI 0000003d [SR] Verify complete
2012-12-22 23:34:22, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:22, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:29, Info CSI 00000046 [SR] Verify complete
2012-12-22 23:34:30, Info CSI 00000047 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:30, Info CSI 00000048 [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:42, Info CSI 0000004b [SR] Verify complete
2012-12-22 23:34:42, Info CSI 0000004c [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:42, Info CSI 0000004d [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:50, Info CSI 00000059 [SR] Verify complete
2012-12-22 23:34:51, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:51, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-12-22 23:34:57, Info CSI 0000007d [SR] Verify complete
2012-12-22 23:34:58, Info CSI 0000007e [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:34:58, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:09, Info CSI 00000084 [SR] Verify complete
2012-12-22 23:35:09, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:09, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:13, Info CSI 00000088 [SR] Verify complete
2012-12-22 23:35:13, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:13, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:16, Info CSI 0000008c [SR] Verify complete
2012-12-22 23:35:16, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:16, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:19, Info CSI 00000090 [SR] Verify complete
2012-12-22 23:35:19, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:19, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:23, Info CSI 00000094 [SR] Verify complete
2012-12-22 23:35:23, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:23, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:29, Info CSI 000000b9 [SR] Verify complete
2012-12-22 23:35:29, Info CSI 000000ba [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:29, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:34, Info CSI 000000bd [SR] Verify complete
2012-12-22 23:35:34, Info CSI 000000be [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:34, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:43, Info CSI 000000c1 [SR] Verify complete
2012-12-22 23:35:43, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:43, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:48, Info CSI 000000c7 [SR] Verify complete
2012-12-22 23:35:48, Info CSI 000000c8 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:48, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:50, Info CSI 000000cb [SR] Verify complete
2012-12-22 23:35:50, Info CSI 000000cc [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:50, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:50, Info CSI 000000cf [SR] Verify complete
2012-12-22 23:35:51, Info CSI 000000d0 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:51, Info CSI 000000d1 [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:54, Info CSI 000000d3 [SR] Verify complete
2012-12-22 23:35:54, Info CSI 000000d4 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:54, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:58, Info CSI 000000e8 [SR] Verify complete
2012-12-22 23:35:58, Info CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:58, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2012-12-22 23:35:59, Info CSI 000000ec [SR] Verify complete
2012-12-22 23:35:59, Info CSI 000000ed [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:35:59, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:01, Info CSI 000000f0 [SR] Verify complete
2012-12-22 23:36:01, Info CSI 000000f1 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:01, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:03, Info CSI 000000f4 [SR] Verify complete
2012-12-22 23:36:03, Info CSI 000000f5 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:03, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:08, Info CSI 000000f9 [SR] Verify complete
2012-12-22 23:36:08, Info CSI 000000fa [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:08, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:13, Info CSI 000000fe [SR] Verify complete
2012-12-22 23:36:13, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:13, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:14, Info CSI 00000102 [SR] Verify complete
2012-12-22 23:36:14, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:14, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:15, Info CSI 00000106 [SR] Verify complete
2012-12-22 23:36:15, Info CSI 00000107 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:15, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:20, Info CSI 0000010a [SR] Verify complete
2012-12-22 23:36:20, Info CSI 0000010b [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:20, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:23, Info CSI 0000010e [SR] Verify complete
2012-12-22 23:36:23, Info CSI 0000010f [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:23, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:29, Info CSI 00000112 [SR] Verify complete
2012-12-22 23:36:29, Info CSI 00000113 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:29, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:35, Info CSI 0000012c [SR] Verify complete
2012-12-22 23:36:35, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:35, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:39, Info CSI 00000130 [SR] Verify complete
2012-12-22 23:36:39, Info CSI 00000131 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:39, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2012-12-22 23:36:50, Info CSI 00000134 [SR] Verify complete
2012-12-22 23:36:51, Info CSI 00000135 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:36:51, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2012-12-22 23:37:00, Info CSI 00000139 [SR] Verify complete
2012-12-22 23:37:01, Info CSI 0000013a [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:37:01, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2012-12-22 23:37:09, Info CSI 0000013d [SR] Verify complete
2012-12-22 23:37:10, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:37:10, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2012-12-22 23:37:14, Info CSI 00000141 [SR] Verify complete
2012-12-22 23:37:14, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:37:14, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2012-12-22 23:37:19, Info CSI 00000145 [SR] Verify complete
2012-12-22 23:37:19, Info CSI 00000146 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:37:19, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2012-12-22 23:37:32, Info CSI 0000014b [SR] Verify complete
2012-12-22 23:37:33, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:37:33, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2012-12-22 23:37:52, Info CSI 0000014f [SR] Verify complete
2012-12-22 23:37:53, Info CSI 00000150 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:37:53, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:13, Info CSI 00000154 [SR] Verify complete
2012-12-22 23:38:13, Info CSI 00000155 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:13, Info CSI 00000156 [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:17, Info CSI 00000158 [SR] Verify complete
2012-12-22 23:38:17, Info CSI 00000159 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:17, Info CSI 0000015a [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:20, Info CSI 0000015d [SR] Verify complete
2012-12-22 23:38:20, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:20, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:25, Info CSI 00000162 [SR] Verify complete
2012-12-22 23:38:25, Info CSI 00000163 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:25, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:30, Info CSI 00000166 [SR] Verify complete
2012-12-22 23:38:30, Info CSI 00000167 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:30, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:34, Info CSI 0000016a [SR] Verify complete
2012-12-22 23:38:34, Info CSI 0000016b [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:34, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:38, Info CSI 0000016e [SR] Verify complete
2012-12-22 23:38:38, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:38, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:42, Info CSI 00000173 [SR] Verify complete
2012-12-22 23:38:42, Info CSI 00000174 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:42, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:46, Info CSI 00000177 [SR] Verify complete
2012-12-22 23:38:46, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:46, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:49, Info CSI 0000017b [SR] Verify complete
2012-12-22 23:38:49, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:49, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:53, Info CSI 00000180 [SR] Verify complete
2012-12-22 23:38:53, Info CSI 00000181 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:53, Info CSI 00000182 [SR] Beginning Verify and Repair transaction
2012-12-22 23:38:57, Info CSI 00000186 [SR] Verify complete
2012-12-22 23:38:57, Info CSI 00000187 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:38:57, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:02, Info CSI 0000018a [SR] Verify complete
2012-12-22 23:39:02, Info CSI 0000018b [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:02, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:06, Info CSI 0000018f [SR] Verify complete
2012-12-22 23:39:07, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:07, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:10, Info CSI 00000193 [SR] Verify complete
2012-12-22 23:39:10, Info CSI 00000194 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:10, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:11, Info CSI 00000197 [SR] Verify complete
2012-12-22 23:39:11, Info CSI 00000198 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:11, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:15, Info CSI 0000019b [SR] Verify complete
2012-12-22 23:39:15, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:15, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:18, Info CSI 0000019f [SR] Verify complete
2012-12-22 23:39:19, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:19, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:23, Info CSI 000001a3 [SR] Verify complete
2012-12-22 23:39:23, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:23, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:26, Info CSI 000001a7 [SR] Verify complete
2012-12-22 23:39:26, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:26, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:29, Info CSI 000001ab [SR] Verify complete
2012-12-22 23:39:29, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:29, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:37, Info CSI 000001af [SR] Verify complete
2012-12-22 23:39:37, Info CSI 000001b0 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:37, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:45, Info CSI 000001b3 [SR] Verify complete
2012-12-22 23:39:45, Info CSI 000001b4 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:45, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:47, Info CSI 000001b7 [SR] Verify complete
2012-12-22 23:39:47, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:47, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:49, Info CSI 000001bb [SR] Verify complete
2012-12-22 23:39:49, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:49, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:50, Info CSI 000001bf [SR] Verify complete
2012-12-22 23:39:51, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:51, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:53, Info CSI 000001c3 [SR] Verify complete
2012-12-22 23:39:53, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:53, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:55, Info CSI 000001c7 [SR] Verify complete
2012-12-22 23:39:55, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:55, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2012-12-22 23:39:59, Info CSI 000001d1 [SR] Verify complete
2012-12-22 23:39:59, Info CSI 000001d2 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:39:59, Info CSI 000001d3 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:01, Info CSI 000001d5 [SR] Verify complete
2012-12-22 23:40:02, Info CSI 000001d6 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:02, Info CSI 000001d7 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:04, Info CSI 000001d9 [SR] Verify complete
2012-12-22 23:40:04, Info CSI 000001da [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:04, Info CSI 000001db [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:06, Info CSI 000001dd [SR] Verify complete
2012-12-22 23:40:06, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:06, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:10, Info CSI 000001e1 [SR] Verify complete
2012-12-22 23:40:10, Info CSI 000001e2 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:10, Info CSI 000001e3 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:14, Info CSI 000001e6 [SR] Verify complete
2012-12-22 23:40:14, Info CSI 000001e7 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:14, Info CSI 000001e8 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:15, Info CSI 000001ea [SR] Verify complete
2012-12-22 23:40:15, Info CSI 000001eb [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:15, Info CSI 000001ec [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:17, Info CSI 000001ee [SR] Verify complete
2012-12-22 23:40:17, Info CSI 000001ef [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:17, Info CSI 000001f0 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:25, Info CSI 000001f5 [SR] Verify complete
2012-12-22 23:40:25, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:25, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:29, Info CSI 000001fc [SR] Verify complete
2012-12-22 23:40:29, Info CSI 000001fd [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:29, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:33, Info CSI 00000201 [SR] Verify complete
2012-12-22 23:40:34, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:34, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:38, Info CSI 0000020e [SR] Verify complete
2012-12-22 23:40:39, Info CSI 0000020f [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:39, Info CSI 00000210 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:43, Info CSI 00000216 [SR] Verify complete
2012-12-22 23:40:43, Info CSI 00000217 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:43, Info CSI 00000218 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:46, Info CSI 0000021a [SR] Verify complete
2012-12-22 23:40:46, Info CSI 0000021b [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:46, Info CSI 0000021c [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:48, Info CSI 00000220 [SR] Verify complete
2012-12-22 23:40:48, Info CSI 00000221 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:48, Info CSI 00000222 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:51, Info CSI 00000227 [SR] Verify complete
2012-12-22 23:40:51, Info CSI 00000228 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:51, Info CSI 00000229 [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:54, Info CSI 0000024b [SR] Verify complete
2012-12-22 23:40:54, Info CSI 0000024c [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:54, Info CSI 0000024d [SR] Beginning Verify and Repair transaction
2012-12-22 23:40:57, Info CSI 0000024f [SR] Verify complete
2012-12-22 23:40:57, Info CSI 00000250 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:40:57, Info CSI 00000251 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:00, Info CSI 00000253 [SR] Verify complete
2012-12-22 23:41:00, Info CSI 00000254 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:00, Info CSI 00000255 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:02, Info CSI 00000263 [SR] Verify complete
2012-12-22 23:41:02, Info CSI 00000264 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:02, Info CSI 00000265 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:08, Info CSI 00000267 [SR] Verify complete
2012-12-22 23:41:08, Info CSI 00000268 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:08, Info CSI 00000269 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:12, Info CSI 00000277 [SR] Verify complete
2012-12-22 23:41:12, Info CSI 00000278 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:12, Info CSI 00000279 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:14, Info CSI 0000027b [SR] Verify complete
2012-12-22 23:41:14, Info CSI 0000027c [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:14, Info CSI 0000027d [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:16, Info CSI 0000027f [SR] Verify complete
2012-12-22 23:41:16, Info CSI 00000280 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:16, Info CSI 00000281 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:19, Info CSI 00000284 [SR] Verify complete
2012-12-22 23:41:19, Info CSI 00000285 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:19, Info CSI 00000286 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:20, Info CSI 00000288 [SR] Verify complete
2012-12-22 23:41:20, Info CSI 00000289 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:20, Info CSI 0000028a [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:23, Info CSI 0000028c [SR] Verify complete
2012-12-22 23:41:24, Info CSI 0000028d [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:24, Info CSI 0000028e [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:27, Info CSI 00000290 [SR] Verify complete
2012-12-22 23:41:28, Info CSI 00000291 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:28, Info CSI 00000292 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:30, Info CSI 00000294 [SR] Verify complete
2012-12-22 23:41:31, Info CSI 00000295 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:31, Info CSI 00000296 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:36, Info CSI 000002b0 [SR] Verify complete
2012-12-22 23:41:36, Info CSI 000002b1 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:36, Info CSI 000002b2 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:46, Info CSI 000002b4 [SR] Verify complete
2012-12-22 23:41:46, Info CSI 000002b5 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:46, Info CSI 000002b6 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:48, Info CSI 000002b8 [SR] Verify complete
2012-12-22 23:41:49, Info CSI 000002b9 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:49, Info CSI 000002ba [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:51, Info CSI 000002bc [SR] Verify complete
2012-12-22 23:41:51, Info CSI 000002bd [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:51, Info CSI 000002be [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:52, Info CSI 000002c2 [SR] Verify complete
2012-12-22 23:41:53, Info CSI 000002c3 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:53, Info CSI 000002c4 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:55, Info CSI 000002c6 [SR] Verify complete
2012-12-22 23:41:55, Info CSI 000002c7 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:55, Info CSI 000002c8 [SR] Beginning Verify and Repair transaction
2012-12-22 23:41:58, Info CSI 000002ca [SR] Verify complete
2012-12-22 23:41:58, Info CSI 000002cb [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:41:58, Info CSI 000002cc [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:00, Info CSI 000002ce [SR] Verify complete
2012-12-22 23:42:01, Info CSI 000002cf [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:42:01, Info CSI 000002d0 [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:03, Info CSI 000002d3 [SR] Verify complete
2012-12-22 23:42:03, Info CSI 000002d4 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:42:03, Info CSI 000002d5 [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:05, Info CSI 000002d7 [SR] Verify complete
2012-12-22 23:42:06, Info CSI 000002d8 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:42:06, Info CSI 000002d9 [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:09, Info CSI 000002db [SR] Verify complete
2012-12-22 23:42:09, Info CSI 000002dc [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:42:09, Info CSI 000002dd [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:12, Info CSI 000002e0 [SR] Verify complete
2012-12-22 23:42:12, Info CSI 000002e1 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:42:12, Info CSI 000002e2 [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:16, Info CSI 000002e4 [SR] Verify complete
2012-12-22 23:42:16, Info CSI 000002e5 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:42:16, Info CSI 000002e6 [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:20, Info CSI 000002e8 [SR] Verify complete
2012-12-22 23:42:20, Info CSI 000002e9 [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:42:20, Info CSI 000002ea [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:22, Info CSI 000002ec [SR] Verify complete
2012-12-22 23:42:23, Info CSI 000002ed [SR] Verifying 100 (0x0000000000000064) components
2012-12-22 23:42:23, Info CSI 000002ee [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:26, Info CSI 000002f0 [SR] Verify complete
2012-12-22 23:42:26, Info CSI 000002f1 [SR] Verifying 64 (0x0000000000000040) components
2012-12-22 23:42:26, Info CSI 000002f2 [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:27, Info CSI 000002f4 [SR] Verify complete
2012-12-22 23:42:27, Info CSI 000002f5 [SR] Repairing 0 components
2012-12-22 23:42:27, Info CSI 000002f6 [SR] Beginning Verify and Repair transaction
2012-12-22 23:42:27, Info CSI 000002f8 [SR] Repair complete

Edited by Boucheman, 23 December 2012 - 12:53 AM.


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:03 PM

Posted 23 December 2012 - 03:50 AM

Hi Boucheman,



Please download Windows Repair (all in one) from here

Install the program then go to step 4 and create a new system restore point and new registry backup

Posted Image

On the the Start Repairs tab => Click the Start

Posted Image

Click on the Repair Windows Firewall and then click on Start

Posted Image

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Post new Farbar Service Scanner log.



Regards,
Georgi

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users