Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan virus won't go.... Please Help!


  • Please log in to reply
7 replies to this topic

#1 JayCoops

JayCoops

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 28 August 2013 - 08:11 AM

Hi all,
 
I have a Trojan Horse virus that just won't go away. I have Norton 360 ver.5.0 which is eventually going to be the anti-virus software I'll be using. However as I have lost my product key, and I move house in two days. I downloaded the free AVG one month trial to help clear the virus. After having done a full scan, it had detected the virus but just can't seem to clear it. Every few minutes it pops up stating it has detected the virus after I have clicked to remove all the files. In the end, I uninstalled AVG as it was really starting to get on my nerves with a pop up alert every few minutes.
 
The symptoms of the virus is also driving me mad. Whilst browsing, I have a new tab opened every now and then to a page about PC Keeper. I also have what I can only describe as TV adverts going on in the background, despite no pages that I am on having any adverts. This also happens when I have no programs running i.e. all you can see is the desktop. It has also slowed my internet speed (which wasn't great to start with) right down. I race online with iRacing competitively but havn't been able to for days since the connection has dropped to levels where it is impossible to race online.
 
Does anyone know how to remove it? I can't wait long enough to move house and unpack everything to find the Norton product key.
 
Most appreciated if anyone can help.

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any malware logs being included in the topic. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:45 AM

Posted 28 August 2013 - 02:15 PM

Hello, Did AVG have a name for this Trojan it finds?

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.


Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • >>>
  • Last run ESET.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JayCoops

JayCoops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 28 August 2013 - 04:25 PM

Hi boopme,

 

Thanks for helping me resolve this problem. AVG did have a name, it listed it as:

 

Threat: Trojan horse Generic34.TKL

Object Name: C:\Windows\explorer.exe (2224) and also Object Name: C:\Windows\System32\services.exe (564)

 

It had also found another,

 

Threat: Found Luhe.Sirefef.A

Object Name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3404)

 

Here is the result.txt from MiniToolBox.

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Jay (administrator) on 28-08-2013 at 20:51:06
Running from "C:\Users\Jay\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

127.0.0.1 bir3yk.net

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : JaysPC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Physical Address. . . . . . . . . : 00-1A-A0-C0-69-5C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3da0:a604:4b5f:6cda%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 27 August 2013 21:52:34
   Lease Expires . . . . . . . . . . : 29 August 2013 09:52:34
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234887840
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-5B-5F-A1-00-1A-A0-C0-69-5C
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Pinging google.com [173.194.34.163] with 32 bytes of data:
Reply from 173.194.34.163: bytes=32 time=556ms TTL=57
Reply from 173.194.34.163: bytes=32 time=500ms TTL=57

Ping statistics for 173.194.34.163:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 500ms, Maximum = 556ms, Average = 528ms

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=259ms TTL=49
Request timed out.

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 259ms, Maximum = 259ms, Average = 259ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 1a a0 c0 69 5c ......Broadcom NetXtreme 57xx Gigabit Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    276
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::3da0:a604:4b5f:6cda/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File not found] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 02 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 03 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 04 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 05 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 06 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 07 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 08 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/28/2013 01:33:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x9bc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/27/2013 05:42:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x19e8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/27/2013 02:02:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x1434
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/27/2013 00:25:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x8f0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/26/2013 02:48:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1040
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3

Error: (08/26/2013 02:23:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7396c9f1
Faulting process id: 0x1ac4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/26/2013 02:22:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7396c9f1
Faulting process id: 0xc6c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/26/2013 02:21:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7396c9f1
Faulting process id: 0x17f0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/26/2013 02:20:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7396c9f1
Faulting process id: 0x18ac
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/26/2013 02:19:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7396c9f1
Faulting process id: 0xe68
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (08/28/2013 08:27:12 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/28/2013 08:27:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/28/2013 05:13:43 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/27/2013 09:54:18 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/27/2013 09:54:18 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/27/2013 09:52:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sfdrv01
sfsync04

Error: (08/27/2013 09:52:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/27/2013 09:52:38 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/27/2013 09:52:37 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/27/2013 09:52:37 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (08/28/2013 01:33:17 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a9bc01cea384a26a7e8fC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll6df5fbde-0f79-11e3-946f-001aa0c0695c

Error: (08/27/2013 05:42:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a19e801cea343c5186016C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll9aec2e75-0f37-11e3-8cba-001aa0c0695c

Error: (08/27/2013 02:02:02 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a143401cea2bef49cce60C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll47be886c-0eb4-11e3-8cba-001aa0c0695c

Error: (08/27/2013 00:25:50 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a8f001cea2b281d89c65C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dlld77c080d-0ea6-11e3-8cba-001aa0c0695c

Error: (08/26/2013 02:48:15 AM) (Source: Application Error)(User: )
Description: wmplayer.exe12.0.7601.175144ce7a485unknown0.0.0.000000000c000000500000000104001cea1fe53c19b90C:\Program Files (x86)\Windows Media Player\wmplayer.exeunknown922d9147-0df1-11e3-8cba-001aa0c0695c

Error: (08/26/2013 02:23:47 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057396c9f11ac401cea1fae92a0cd4C:\Windows\SysWOW64\svchost.exeunknown2718e175-0dee-11e3-8cba-001aa0c0695c

Error: (08/26/2013 02:22:46 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057396c9f1c6c01cea1fac53ce639C:\Windows\SysWOW64\svchost.exeunknown02eeff17-0dee-11e3-8cba-001aa0c0695c

Error: (08/26/2013 02:21:45 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057396c9f117f001cea1faa0fac08fC:\Windows\SysWOW64\svchost.exeunknownded570a5-0ded-11e3-8cba-001aa0c0695c

Error: (08/26/2013 02:20:45 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057396c9f118ac01cea1fa7d0e8458C:\Windows\SysWOW64\svchost.exeunknownbac02804-0ded-11e3-8cba-001aa0c0695c

Error: (08/26/2013 02:19:44 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057396c9f1e6801cea1fa591e5071C:\Windows\SysWOW64\svchost.exeunknown96ce9488-0ded-11e3-8cba-001aa0c0695c


=========================== Installed Programs ============================

µTorrent (Version: 3.2.3.28705)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader 6.0 (Version: 6.0)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
ASUS GPU Tweak (Version: 2.2.9.3)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
Battlelog Web Plugins (Version: 2.1.3)
BrowserDefender
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Conquest of the New World Deluxe
D3DX10 (Version: 15.4.2368.0902)
Debut Video Capture Software
Delta Chrome Toolbar
Delta toolbar   (Version: 1.8.24.6)
Dropbox (Version: 2.0.22)
EAO_International TrackPack 2
ESN Sonar (Version: 0.70.4)
Express Burn
F1-S-R - Track Pack 1994
Fallout 3 (Version: 1.00.0000)
Fallout Mod Manager 0.13.21
Football Manager 2012
Foxit Reader (Version: 5.3.1.606)
Fraps
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (Version: 29.0.1547.57)
Google Update Helper (Version: 1.3.21.153)
GT Power Expansion
HydraVision (Version: 4.2.242.0)
iRacing.com Race Simulation (Version: 1.01.0380)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Jimmie Johnson Spotter-Cuss Pack
Junk Mail filter update (Version: 16.4.3508.0205)
LEGO® Star Wars™: The Complete Saga (Version: 1.00.0000)
Little Big Adventure
Logitech Gaming Software 5.10 (Version: 5.10.127)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.0.19.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Movie Maker (Version: 16.4.3508.0205)
Mozilla Firefox 23.0.1 (x86 en-GB) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nexus Mod Manager (Version: 0.44.16)
NVIDIA PhysX (Version: 9.12.0613)
OpenOffice.org 3.4 (Version: 3.4.9590)
Origin (Version: 9.1.15.109)
Photo Gallery (Version: 16.4.3508.0205)
Pinnacle Instant DVD Recorder (Version: 1.60.110)
Prism Video File Converter
RACE 07 - Formula RaceRoom Add-On
Resident Evil 6 / Biohazard 6
rFactor (remove only)
Skype™ 6.5 (Version: 6.5.158)
Star Wars JK II Jedi Outcast
STCC: The Game
Steam (Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.6)
TeamViewer 8 (Version: 8.0.20202)
The WTCC 2010 Pack
Trading Paints (Version: 1.0.8)
UK Truck Simulator 1.02 (Version: 1.02)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VideoPad Video Editor
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.3 (Version: 2.0.3)
Web-Cake 3.00 (Version: 3.00)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live Messenger (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 8189.66 MB
Available physical RAM: 4733.47 MB
Total Pagefile: 16377.5 MB
Available Pagefile: 13226.41 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.73 GB) (Free:12.75 GB) NTFS
2 Drive d: (NORTON) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\JAYSPC

Administrator            Guest                    Jay                      


**** End of log ****

 

Here is the log report from TDSSKiller.

 

21:03:48.0635 0x1e18  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
21:03:50.0637 0x1e18  ============================================================
21:03:50.0637 0x1e18  Current date / time: 2013/08/28 21:03:50.0637
21:03:50.0637 0x1e18  SystemInfo:
21:03:50.0637 0x1e18  
21:03:50.0637 0x1e18  OS Version: 6.1.7601 ServicePack: 1.0
21:03:50.0637 0x1e18  Product type: Workstation
21:03:50.0637 0x1e18  ComputerName: JAYSPC
21:03:50.0637 0x1e18  UserName: Jay
21:03:50.0637 0x1e18  Windows directory: C:\Windows
21:03:50.0637 0x1e18  System windows directory: C:\Windows
21:03:50.0637 0x1e18  Running under WOW64
21:03:50.0637 0x1e18  Processor architecture: Intel x64
21:03:50.0637 0x1e18  Number of processors: 8
21:03:50.0637 0x1e18  Page size: 0x1000
21:03:50.0637 0x1e18  Boot type: Normal boot
21:03:50.0637 0x1e18  ============================================================
21:03:52.0057 0x1e18  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:03:52.0064 0x1e18  ============================================================
21:03:52.0064 0x1e18  \Device\Harddisk0\DR0:
21:03:52.0064 0x1e18  MBR partitions:
21:03:52.0064 0x1e18  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:03:52.0064 0x1e18  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D176CA2
21:03:52.0064 0x1e18  ============================================================
21:03:52.0094 0x1e18  C: <-> \Device\Harddisk0\DR0\Partition2
21:03:52.0094 0x1e18  ============================================================
21:03:52.0094 0x1e18  Initialize success
21:03:52.0094 0x1e18  ============================================================
21:04:27.0894 0x140c  ============================================================
21:04:27.0894 0x140c  Scan started
21:04:27.0894 0x140c  Mode: Manual; TDLFS;
21:04:27.0894 0x140c  ============================================================
21:04:29.0444 0x140c  ================ Scan system memory ========================
21:04:29.0444 0x140c  System memory - ok
21:04:29.0444 0x140c  ================ Scan services =============================
21:04:29.0594 0x140c  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:04:29.0599 0x140c  1394ohci - ok
21:04:29.0649 0x140c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:04:29.0654 0x140c  ACPI - ok
21:04:29.0722 0x140c  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:04:29.0724 0x140c  AcpiPmi - ok
21:04:29.0819 0x140c  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:04:29.0824 0x140c  AdobeFlashPlayerUpdateSvc - ok
21:04:29.0941 0x140c  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:04:29.0991 0x140c  adp94xx - ok
21:04:30.0073 0x140c  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:04:30.0081 0x140c  adpahci - ok
21:04:30.0131 0x140c  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:04:30.0133 0x140c  adpu320 - ok
21:04:30.0191 0x140c  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:04:30.0193 0x140c  AeLookupSvc - ok
21:04:30.0233 0x140c  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:04:30.0251 0x140c  AFD - ok
21:04:30.0286 0x140c  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:04:30.0286 0x140c  agp440 - ok
21:04:30.0308 0x140c  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:04:30.0311 0x140c  ALG - ok
21:04:30.0344 0x140c  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:04:30.0346 0x140c  aliide - ok
21:04:30.0436 0x140c  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:04:30.0441 0x140c  AMD External Events Utility - ok
21:04:30.0459 0x140c  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:04:30.0459 0x140c  amdide - ok
21:04:30.0491 0x140c  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:04:30.0494 0x140c  AmdK8 - ok
21:04:30.0906 0x140c  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:04:31.0169 0x140c  amdkmdag - ok
21:04:31.0204 0x140c  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:04:31.0219 0x140c  amdkmdap - ok
21:04:31.0241 0x140c  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:04:31.0244 0x140c  AmdPPM - ok
21:04:31.0266 0x140c  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:04:31.0269 0x140c  amdsata - ok
21:04:31.0309 0x140c  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:04:31.0314 0x140c  amdsbs - ok
21:04:31.0354 0x140c  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:04:31.0354 0x140c  amdxata - ok
21:04:31.0439 0x140c  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:04:31.0441 0x140c  AppID - ok
21:04:31.0499 0x140c  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:04:31.0501 0x140c  AppIDSvc - ok
21:04:31.0529 0x140c  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
21:04:31.0531 0x140c  Appinfo - ok
21:04:31.0576 0x140c  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:04:31.0581 0x140c  AppMgmt - ok
21:04:31.0609 0x140c  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:04:31.0611 0x140c  arc - ok
21:04:31.0689 0x140c  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:04:31.0691 0x140c  arcsas - ok
21:04:31.0766 0x140c  ASAPIW2k - ok
21:04:31.0934 0x140c  [ E536856E96A7605EBF580D62A868E5FE ] ASGT            C:\Windows\SysWOW64\ASGT.exe
21:04:31.0936 0x140c  ASGT - ok
21:04:32.0264 0x140c  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:04:32.0264 0x140c  aspnet_state - ok
21:04:32.0431 0x140c  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:32.0431 0x140c  AsyncMac - ok
21:04:32.0501 0x140c  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:04:32.0504 0x140c  atapi - ok
21:04:32.0544 0x140c  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:04:32.0546 0x140c  AtiHDAudioService - ok
21:04:32.0674 0x140c  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:04:32.0699 0x140c  AudioEndpointBuilder - ok
21:04:32.0724 0x140c  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:04:32.0726 0x140c  AudioSrv - ok
21:04:32.0766 0x140c  [ C8D9EEACF266512C1FA52E2ECF5AD944 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
21:04:32.0766 0x140c  AVGIDSHA - ok
21:04:32.0849 0x140c  [ 29FCDEAC6086FB7E55344B51E35D99CE ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
21:04:32.0854 0x140c  Avgloga - ok
21:04:32.0929 0x140c  [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
21:04:32.0934 0x140c  Avgtdia - ok
21:04:33.0089 0x140c  [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
21:04:33.0094 0x140c  avgwd - ok
21:04:33.0124 0x140c  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:04:33.0126 0x140c  AxInstSV - ok
21:04:33.0171 0x140c  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:04:33.0189 0x140c  b06bdrv - ok
21:04:33.0231 0x140c  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:04:33.0236 0x140c  b57nd60a - ok
21:04:33.0276 0x140c  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:04:33.0281 0x140c  BDESVC - ok
21:04:33.0301 0x140c  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:04:33.0301 0x140c  Beep - ok
21:04:33.0326 0x140c  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:04:33.0326 0x140c  blbdrive - ok
21:04:33.0359 0x140c  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:04:33.0359 0x140c  bowser - ok
21:04:33.0386 0x140c  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:04:33.0389 0x140c  BrFiltLo - ok
21:04:33.0421 0x140c  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:04:33.0424 0x140c  BrFiltUp - ok
21:04:33.0446 0x140c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:04:33.0449 0x140c  Browser - ok
21:04:33.0834 0x140c  [ DAF56EC5E652F629D6D2B3930FF199F6 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
21:04:33.0851 0x140c  BrowserDefendert - ok
21:04:33.0994 0x140c  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:04:33.0999 0x140c  Brserid - ok
21:04:34.0139 0x140c  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:04:34.0141 0x140c  BrSerWdm - ok
21:04:34.0209 0x140c  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:04:34.0211 0x140c  BrUsbMdm - ok
21:04:34.0236 0x140c  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:04:34.0239 0x140c  BrUsbSer - ok
21:04:34.0296 0x140c  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:04:34.0296 0x140c  BTHMODEM - ok
21:04:34.0334 0x140c  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:04:34.0336 0x140c  bthserv - ok
21:04:34.0366 0x140c  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:04:34.0366 0x140c  cdfs - ok
21:04:34.0394 0x140c  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:04:34.0396 0x140c  cdrom - ok
21:04:34.0434 0x140c  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:04:34.0436 0x140c  CertPropSvc - ok
21:04:34.0481 0x140c  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:04:34.0481 0x140c  circlass - ok
21:04:34.0566 0x140c  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:04:34.0571 0x140c  CLFS - ok
21:04:34.0641 0x140c  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:34.0644 0x140c  clr_optimization_v2.0.50727_32 - ok
21:04:34.0761 0x140c  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:04:34.0764 0x140c  clr_optimization_v2.0.50727_64 - ok
21:04:34.0943 0x140c  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:04:34.0948 0x140c  clr_optimization_v4.0.30319_32 - ok
21:04:34.0953 0x140c  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:04:34.0956 0x140c  clr_optimization_v4.0.30319_64 - ok
21:04:34.0986 0x140c  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:04:34.0988 0x140c  CmBatt - ok
21:04:35.0041 0x140c  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:04:35.0043 0x140c  cmdide - ok
21:04:35.0123 0x140c  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:04:35.0131 0x140c  CNG - ok
21:04:35.0218 0x140c  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:04:35.0218 0x140c  Compbatt - ok
21:04:35.0288 0x140c  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:04:35.0293 0x140c  CompositeBus - ok
21:04:35.0306 0x140c  COMSysApp - ok
21:04:35.0331 0x140c  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:04:35.0331 0x140c  crcdisk - ok
21:04:35.0481 0x140c  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:04:35.0486 0x140c  CryptSvc - ok
21:04:35.0578 0x140c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
21:04:35.0696 0x140c  CSC - ok
21:04:35.0813 0x140c  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
21:04:35.0838 0x140c  CscService - ok
21:04:35.0896 0x140c  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:04:35.0956 0x140c  DcomLaunch - ok
21:04:36.0013 0x140c  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:04:36.0018 0x140c  defragsvc - ok
21:04:36.0176 0x140c  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:04:36.0176 0x140c  DfsC - ok
21:04:36.0216 0x140c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:04:36.0223 0x140c  Dhcp - ok
21:04:36.0268 0x140c  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:04:36.0271 0x140c  discache - ok
21:04:36.0306 0x140c  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:04:36.0308 0x140c  Disk - ok
21:04:36.0321 0x140c  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:04:36.0321 0x140c  dmvsc - ok
21:04:36.0386 0x140c  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:04:36.0388 0x140c  Dnscache - ok
21:04:36.0441 0x140c  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:04:36.0446 0x140c  dot3svc - ok
21:04:36.0541 0x140c  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:04:36.0543 0x140c  DPS - ok
21:04:36.0603 0x140c  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:04:36.0603 0x140c  drmkaud - ok
21:04:36.0726 0x140c  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:04:36.0751 0x140c  DXGKrnl - ok
21:04:36.0826 0x140c  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
21:04:36.0828 0x140c  E1G60 - ok
21:04:36.0893 0x140c  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:04:36.0896 0x140c  EapHost - ok
21:04:37.0033 0x140c  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:04:37.0201 0x140c  ebdrv - ok
21:04:37.0283 0x140c  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:04:37.0288 0x140c  EFS - ok
21:04:37.0346 0x140c  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:04:37.0371 0x140c  ehRecvr - ok
21:04:37.0396 0x140c  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:04:37.0398 0x140c  ehSched - ok
21:04:37.0488 0x140c  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:04:37.0588 0x140c  elxstor - ok
21:04:37.0686 0x140c  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:04:37.0686 0x140c  ErrDev - ok
21:04:37.0731 0x140c  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:04:37.0741 0x140c  EventSystem - ok
21:04:37.0833 0x140c  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:04:37.0836 0x140c  exfat - ok
21:04:37.0936 0x140c  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:04:37.0938 0x140c  fastfat - ok
21:04:37.0991 0x140c  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:04:38.0016 0x140c  Fax - ok
21:04:38.0028 0x140c  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:04:38.0031 0x140c  fdc - ok
21:04:38.0093 0x140c  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:04:38.0096 0x140c  fdPHost - ok
21:04:38.0108 0x140c  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:04:38.0111 0x140c  FDResPub - ok
21:04:38.0118 0x140c  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:04:38.0118 0x140c  FileInfo - ok
21:04:38.0128 0x140c  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:04:38.0128 0x140c  Filetrace - ok
21:04:38.0146 0x140c  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:04:38.0148 0x140c  flpydisk - ok
21:04:38.0213 0x140c  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:04:38.0218 0x140c  FltMgr - ok
21:04:38.0411 0x140c  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:04:38.0448 0x140c  FontCache - ok
21:04:38.0588 0x140c  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:04:38.0591 0x140c  FontCache3.0.0.0 - ok
21:04:38.0631 0x140c  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:04:38.0633 0x140c  FsDepends - ok
21:04:38.0713 0x140c  [ B3EB502D2C3F47C47415F85387DFAEF1 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:04:38.0716 0x140c  fssfltr - ok
21:04:38.0983 0x140c  [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:04:39.0026 0x140c  fsssvc - ok
21:04:39.0083 0x140c  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:04:39.0083 0x140c  Fs_Rec - ok
21:04:39.0183 0x140c  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:04:39.0188 0x140c  fvevol - ok
21:04:39.0218 0x140c  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:04:39.0221 0x140c  gagp30kx - ok
21:04:39.0266 0x140c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:04:39.0298 0x140c  gpsvc - ok
21:04:39.0368 0x140c  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:04:39.0371 0x140c  gupdate - ok
21:04:39.0376 0x140c  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:04:39.0378 0x140c  gupdatem - ok
21:04:39.0403 0x140c  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:04:39.0406 0x140c  hcw85cir - ok
21:04:39.0489 0x140c  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:04:39.0499 0x140c  HdAudAddService - ok
21:04:39.0599 0x140c  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:04:39.0599 0x140c  HDAudBus - ok
21:04:39.0669 0x140c  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:04:39.0679 0x140c  HidBatt - ok
21:04:39.0699 0x140c  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:04:39.0699 0x140c  HidBth - ok
21:04:39.0719 0x140c  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:04:39.0729 0x140c  HidIr - ok
21:04:39.0769 0x140c  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:04:39.0779 0x140c  hidserv - ok
21:04:39.0799 0x140c  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:04:39.0809 0x140c  HidUsb - ok
21:04:39.0909 0x140c  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:04:39.0909 0x140c  hkmsvc - ok
21:04:40.0010 0x140c  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:04:40.0010 0x140c  HomeGroupListener - ok
21:04:40.0170 0x140c  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:04:40.0170 0x140c  HomeGroupProvider - ok
21:04:40.0240 0x140c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:04:40.0240 0x140c  HpSAMD - ok
21:04:40.0290 0x140c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:04:40.0320 0x140c  HTTP - ok
21:04:40.0340 0x140c  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:04:40.0340 0x140c  hwpolicy - ok
21:04:40.0410 0x140c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:04:40.0420 0x140c  i8042prt - ok
21:04:40.0480 0x140c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:04:40.0490 0x140c  iaStorV - ok
21:04:40.0660 0x140c  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:04:40.0670 0x140c  IDriverT - ok
21:04:40.0760 0x140c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:04:40.0790 0x140c  idsvc - ok
21:04:40.0820 0x140c  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:04:40.0820 0x140c  iirsp - ok
21:04:40.0860 0x140c  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:04:40.0890 0x140c  IKEEXT - ok
21:04:40.0940 0x140c  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:04:40.0940 0x140c  intelide - ok
21:04:40.0970 0x140c  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:04:40.0970 0x140c  intelppm - ok
21:04:41.0110 0x140c  [ A01C412699B6F21645B2885C2BAE4454 ] IOMap           C:\Windows\system32\drivers\IOMap64.sys
21:04:41.0110 0x140c  IOMap - ok
21:04:41.0180 0x140c  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:04:41.0180 0x140c  IPBusEnum - ok
21:04:41.0250 0x140c  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:41.0260 0x140c  IpFilterDriver - ok
21:04:41.0310 0x140c  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:04:41.0310 0x140c  IPMIDRV - ok
21:04:41.0460 0x140c  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:04:41.0460 0x140c  IPNAT - ok
21:04:41.0680 0x140c  [ 181B3A286ECC1FA096B521B4AEC7655E ] iRacingService  C:\Program Files (x86)\iRacing\iRacingService.exe
21:04:41.0690 0x140c  iRacingService - ok
21:04:41.0770 0x140c  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:04:41.0770 0x140c  IRENUM - ok
21:04:41.0850 0x140c  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:04:41.0850 0x140c  isapnp - ok
21:04:41.0910 0x140c  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:04:41.0920 0x140c  iScsiPrt - ok
21:04:42.0000 0x140c  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:04:42.0000 0x140c  kbdclass - ok
21:04:42.0030 0x140c  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:04:42.0030 0x140c  kbdhid - ok
21:04:42.0040 0x140c  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:04:42.0040 0x140c  KeyIso - ok
21:04:42.0060 0x140c  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:04:42.0060 0x140c  KSecDD - ok
21:04:42.0140 0x140c  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:04:42.0140 0x140c  KSecPkg - ok
21:04:42.0230 0x140c  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:04:42.0230 0x140c  ksthunk - ok
21:04:42.0320 0x140c  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:04:42.0330 0x140c  KtmRm - ok
21:04:42.0380 0x140c  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:04:42.0380 0x140c  LanmanServer - ok
21:04:42.0520 0x140c  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:04:42.0530 0x140c  LanmanWorkstation - ok
21:04:42.0560 0x140c  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:04:42.0560 0x140c  lltdio - ok
21:04:42.0630 0x140c  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:04:42.0640 0x140c  lltdsvc - ok
21:04:42.0680 0x140c  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:04:42.0680 0x140c  lmhosts - ok
21:04:42.0710 0x140c  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:04:42.0720 0x140c  LSI_FC - ok
21:04:42.0810 0x140c  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:04:42.0810 0x140c  LSI_SAS - ok
21:04:42.0830 0x140c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:04:42.0830 0x140c  LSI_SAS2 - ok
21:04:42.0870 0x140c  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:04:42.0870 0x140c  LSI_SCSI - ok
21:04:42.0910 0x140c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:04:42.0910 0x140c  luafv - ok
21:04:42.0940 0x140c  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:04:42.0940 0x140c  Mcx2Svc - ok
21:04:42.0970 0x140c  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:04:42.0970 0x140c  megasas - ok
21:04:43.0000 0x140c  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:04:43.0000 0x140c  MegaSR - ok
21:04:43.0040 0x140c  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:04:43.0040 0x140c  MMCSS - ok
21:04:43.0050 0x140c  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:04:43.0060 0x140c  Modem - ok
21:04:43.0070 0x140c  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:04:43.0080 0x140c  monitor - ok
21:04:43.0100 0x140c  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:04:43.0110 0x140c  mouclass - ok
21:04:43.0130 0x140c  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:04:43.0130 0x140c  mouhid - ok
21:04:43.0160 0x140c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:04:43.0160 0x140c  mountmgr - ok
21:04:43.0260 0x140c  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:04:43.0260 0x140c  MozillaMaintenance - ok
21:04:43.0340 0x140c  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:04:43.0340 0x140c  MpFilter - ok
21:04:43.0450 0x140c  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:04:43.0450 0x140c  mpio - ok
21:04:43.0480 0x140c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:04:43.0480 0x140c  mpsdrv - ok
21:04:43.0510 0x140c  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:04:43.0510 0x140c  MRxDAV - ok
21:04:43.0560 0x140c  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:43.0560 0x140c  mrxsmb - ok
21:04:43.0580 0x140c  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:43.0590 0x140c  mrxsmb10 - ok
21:04:43.0600 0x140c  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:43.0600 0x140c  mrxsmb20 - ok
21:04:43.0630 0x140c  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:04:43.0640 0x140c  msahci - ok
21:04:43.0650 0x140c  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:04:43.0660 0x140c  msdsm - ok
21:04:43.0670 0x140c  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:04:43.0670 0x140c  MSDTC - ok
21:04:43.0700 0x140c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:04:43.0700 0x140c  Msfs - ok
21:04:43.0710 0x140c  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:04:43.0710 0x140c  mshidkmdf - ok
21:04:43.0730 0x140c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:04:43.0730 0x140c  msisadrv - ok
21:04:43.0770 0x140c  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:04:43.0780 0x140c  MSiSCSI - ok
21:04:43.0780 0x140c  msiserver - ok
21:04:43.0820 0x140c  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:04:43.0820 0x140c  MSKSSRV - ok
21:04:43.0890 0x140c  MsMpSvc - ok
21:04:43.0900 0x140c  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:43.0900 0x140c  MSPCLOCK - ok
21:04:43.0910 0x140c  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:04:43.0910 0x140c  MSPQM - ok
21:04:43.0970 0x140c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:04:43.0980 0x140c  MsRPC - ok
21:04:44.0000 0x140c  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:04:44.0000 0x140c  mssmbios - ok
21:04:44.0020 0x140c  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:04:44.0020 0x140c  MSTEE - ok
21:04:44.0050 0x140c  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:04:44.0050 0x140c  MTConfig - ok
21:04:44.0070 0x140c  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:04:44.0070 0x140c  Mup - ok
21:04:44.0110 0x140c  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:04:44.0130 0x140c  napagent - ok
21:04:44.0190 0x140c  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:04:44.0200 0x140c  NativeWifiP - ok
21:04:44.0260 0x140c  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:04:44.0290 0x140c  NDIS - ok
21:04:44.0310 0x140c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:44.0310 0x140c  NdisCap - ok
21:04:44.0340 0x140c  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:44.0340 0x140c  NdisTapi - ok
21:04:44.0360 0x140c  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:44.0370 0x140c  Ndisuio - ok
21:04:44.0390 0x140c  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:44.0400 0x140c  NdisWan - ok
21:04:44.0410 0x140c  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:04:44.0410 0x140c  NDProxy - ok
21:04:44.0450 0x140c  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:04:44.0450 0x140c  NetBIOS - ok
21:04:44.0610 0x140c  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:04:44.0660 0x140c  NetBT - ok
21:04:44.0710 0x140c  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:04:44.0720 0x140c  Netlogon - ok
21:04:44.0800 0x140c  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:04:44.0800 0x140c  Netman - ok
21:04:44.0850 0x140c  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:44.0850 0x140c  NetMsmqActivator - ok
21:04:44.0850 0x140c  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:44.0860 0x140c  NetPipeActivator - ok
21:04:44.0900 0x140c  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:04:44.0900 0x140c  netprofm - ok
21:04:44.0910 0x140c  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:44.0910 0x140c  NetTcpActivator - ok
21:04:44.0920 0x140c  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:04:44.0920 0x140c  NetTcpPortSharing - ok
21:04:44.0950 0x140c  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:04:44.0950 0x140c  nfrd960 - ok
21:04:44.0991 0x140c  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:04:44.0991 0x140c  NisDrv - ok
21:04:45.0001 0x140c  NisSrv - ok
21:04:45.0041 0x140c  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:04:45.0051 0x140c  NlaSvc - ok
21:04:45.0071 0x140c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:04:45.0071 0x140c  Npfs - ok
21:04:45.0101 0x140c  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:04:45.0101 0x140c  nsi - ok
21:04:45.0111 0x140c  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:04:45.0111 0x140c  nsiproxy - ok
21:04:45.0211 0x140c  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:04:45.0261 0x140c  Ntfs - ok
21:04:45.0271 0x140c  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:04:45.0281 0x140c  Null - ok
21:04:45.0631 0x140c  [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:04:46.0011 0x140c  nvlddmkm - ok
21:04:46.0071 0x140c  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:04:46.0071 0x140c  nvraid - ok
21:04:46.0181 0x140c  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:04:46.0181 0x140c  nvstor - ok
21:04:46.0241 0x140c  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:04:46.0241 0x140c  nv_agp - ok
21:04:46.0281 0x140c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:04:46.0281 0x140c  ohci1394 - ok
21:04:46.0361 0x140c  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:04:46.0371 0x140c  p2pimsvc - ok
21:04:46.0401 0x140c  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:04:46.0411 0x140c  p2psvc - ok
21:04:46.0441 0x140c  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:04:46.0441 0x140c  Parport - ok
21:04:46.0471 0x140c  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:04:46.0471 0x140c  partmgr - ok
21:04:46.0481 0x140c  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:04:46.0491 0x140c  pci - ok
21:04:46.0501 0x140c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:04:46.0501 0x140c  pciide - ok
21:04:46.0531 0x140c  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:04:46.0531 0x140c  pcmcia - ok
21:04:46.0571 0x140c  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:04:46.0571 0x140c  pcw - ok
21:04:46.0601 0x140c  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:04:46.0621 0x140c  PEAUTH - ok
21:04:46.0671 0x140c  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:04:46.0711 0x140c  PeerDistSvc - ok
21:04:46.0771 0x140c  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:04:46.0771 0x140c  PerfHost - ok
21:04:46.0831 0x140c  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:04:46.0881 0x140c  pla - ok
21:04:46.0921 0x140c  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:04:46.0931 0x140c  PlugPlay - ok
21:04:46.0961 0x140c  PnkBstrA - ok
21:04:46.0981 0x140c  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:04:46.0991 0x140c  PNRPAutoReg - ok
21:04:47.0011 0x140c  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:04:47.0011 0x140c  PNRPsvc - ok
21:04:47.0051 0x140c  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:04:47.0071 0x140c  PolicyAgent - ok
21:04:47.0091 0x140c  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:04:47.0101 0x140c  Power - ok
21:04:47.0131 0x140c  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:04:47.0131 0x140c  PptpMiniport - ok
21:04:47.0161 0x140c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:04:47.0171 0x140c  Processor - ok
21:04:47.0201 0x140c  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:04:47.0201 0x140c  ProfSvc - ok
21:04:47.0211 0x140c  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:04:47.0211 0x140c  ProtectedStorage - ok
21:04:47.0251 0x140c  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:04:47.0261 0x140c  Psched - ok
21:04:47.0441 0x140c  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:04:47.0571 0x140c  ql2300 - ok
21:04:47.0651 0x140c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:04:47.0651 0x140c  ql40xx - ok
21:04:47.0941 0x140c  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:04:48.0071 0x140c  QWAVE - ok
21:04:48.0181 0x140c  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:04:48.0181 0x140c  QWAVEdrv - ok
21:04:48.0231 0x140c  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:04:48.0241 0x140c  RasAcd - ok
21:04:48.0271 0x140c  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:04:48.0281 0x140c  RasAgileVpn - ok
21:04:48.0291 0x140c  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:04:48.0291 0x140c  RasAuto - ok
21:04:48.0361 0x140c  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:48.0361 0x140c  Rasl2tp - ok
21:04:48.0381 0x140c  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:04:48.0391 0x140c  RasMan - ok
21:04:48.0401 0x140c  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:48.0401 0x140c  RasPppoe - ok
21:04:48.0411 0x140c  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:04:48.0411 0x140c  RasSstp - ok
21:04:48.0451 0x140c  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:04:48.0451 0x140c  rdbss - ok
21:04:48.0481 0x140c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:04:48.0481 0x140c  rdpbus - ok
21:04:48.0491 0x140c  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:48.0491 0x140c  RDPCDD - ok
21:04:48.0531 0x140c  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:04:48.0541 0x140c  RDPDR - ok
21:04:48.0571 0x140c  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:04:48.0571 0x140c  RDPENCDD - ok
21:04:48.0581 0x140c  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:04:48.0581 0x140c  RDPREFMP - ok
21:04:48.0641 0x140c  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:04:48.0641 0x140c  RdpVideoMiniport - ok
21:04:48.0681 0x140c  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:04:48.0691 0x140c  RDPWD - ok
21:04:48.0721 0x140c  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:04:48.0731 0x140c  rdyboost - ok
21:04:48.0771 0x140c  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:04:48.0771 0x140c  RemoteAccess - ok
21:04:48.0811 0x140c  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:04:48.0821 0x140c  RemoteRegistry - ok
21:04:48.0831 0x140c  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:04:48.0831 0x140c  RpcEptMapper - ok
21:04:48.0851 0x140c  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:04:48.0851 0x140c  RpcLocator - ok
21:04:48.0881 0x140c  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:04:48.0891 0x140c  RpcSs - ok
21:04:48.0921 0x140c  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:04:48.0921 0x140c  rspndr - ok
21:04:48.0951 0x140c  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:04:48.0951 0x140c  s3cap - ok
21:04:48.0961 0x140c  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:04:48.0961 0x140c  SamSs - ok
21:04:48.0991 0x140c  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:04:48.0991 0x140c  sbp2port - ok
21:04:49.0041 0x140c  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:04:49.0041 0x140c  SCardSvr - ok
21:04:49.0071 0x140c  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:04:49.0071 0x140c  scfilter - ok
21:04:49.0121 0x140c  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:04:49.0161 0x140c  Schedule - ok
21:04:49.0191 0x140c  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:04:49.0191 0x140c  SCPolicySvc - ok
21:04:49.0221 0x140c  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:04:49.0221 0x140c  SDRSVC - ok
21:04:49.0251 0x140c  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:04:49.0251 0x140c  secdrv - ok
21:04:49.0281 0x140c  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:04:49.0281 0x140c  seclogon - ok
21:04:49.0291 0x140c  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:04:49.0301 0x140c  SENS - ok
21:04:49.0311 0x140c  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:04:49.0321 0x140c  SensrSvc - ok
21:04:49.0351 0x140c  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:04:49.0351 0x140c  Serenum - ok
21:04:49.0371 0x140c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:04:49.0371 0x140c  Serial - ok
21:04:49.0401 0x140c  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:04:49.0401 0x140c  sermouse - ok
21:04:49.0441 0x140c  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:04:49.0441 0x140c  SessionEnv - ok
21:04:49.0571 0x140c  [ 4756F36ECAE3BF3CB74C06A584F046A2 ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
21:04:49.0571 0x140c  sfdrv01 - ok
21:04:49.0611 0x140c  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:04:49.0621 0x140c  sffdisk - ok
21:04:49.0631 0x140c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:04:49.0631 0x140c  sffp_mmc - ok
21:04:49.0641 0x140c  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:04:49.0641 0x140c  sffp_sd - ok
21:04:49.0761 0x140c  [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
21:04:49.0761 0x140c  sfhlp02 - ok
21:04:49.0951 0x140c  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:04:49.0951 0x140c  sfloppy - ok
21:04:50.0282 0x140c  [ 426E48B3F14CC2A190FF7A5712A4A0B4 ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
21:04:50.0282 0x140c  sfsync04 - ok
21:04:50.0412 0x140c  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:04:50.0422 0x140c  ShellHWDetection - ok
21:04:50.0452 0x140c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:04:50.0452 0x140c  SiSRaid2 - ok
21:04:50.0482 0x140c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:04:50.0482 0x140c  SiSRaid4 - ok
21:04:50.0562 0x140c  [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:04:50.0562 0x140c  SkypeUpdate - ok
21:04:50.0622 0x140c  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:04:50.0622 0x140c  Smb - ok
21:04:50.0712 0x140c  [ 9222B9EBEE5C5BF60392E4E7A5B16439 ] smwdm           C:\Windows\system32\drivers\smwdm.sys
21:04:50.0712 0x140c  smwdm - ok
21:04:50.0762 0x140c  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:04:50.0762 0x140c  SNMPTRAP - ok
21:04:50.0772 0x140c  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:04:50.0772 0x140c  spldr - ok
21:04:50.0812 0x140c  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:04:50.0822 0x140c  Spooler - ok
21:04:50.0932 0x140c  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:04:51.0022 0x140c  sppsvc - ok
21:04:51.0042 0x140c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:04:51.0052 0x140c  sppuinotify - ok
21:04:51.0092 0x140c  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:04:51.0092 0x140c  srv - ok
21:04:51.0122 0x140c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:04:51.0122 0x140c  srv2 - ok
21:04:51.0142 0x140c  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:04:51.0142 0x140c  srvnet - ok
21:04:51.0172 0x140c  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:04:51.0182 0x140c  SSDPSRV - ok
21:04:51.0192 0x140c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:04:51.0192 0x140c  SstpSvc - ok
21:04:51.0372 0x140c  [ 837EAEAA2E1D25A9FF0C7ECFC6AD7A13 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:04:51.0382 0x140c  Steam Client Service - ok
21:04:51.0422 0x140c  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:04:51.0422 0x140c  stexstor - ok
21:04:51.0522 0x140c  [ 7ED1012B59ACACFCFB1AF56345F9CD0F ] STHDA           C:\Windows\system32\drivers\stwrt64.sys
21:04:51.0532 0x140c  STHDA - ok
21:04:51.0602 0x140c  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:04:51.0692 0x140c  stisvc - ok
21:04:51.0792 0x140c  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:04:51.0802 0x140c  storflt - ok
21:04:51.0852 0x140c  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
21:04:51.0862 0x140c  StorSvc - ok
21:04:51.0902 0x140c  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:04:51.0912 0x140c  storvsc - ok
21:04:51.0932 0x140c  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:04:51.0942 0x140c  swenum - ok
21:04:52.0002 0x140c  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:04:52.0062 0x140c  swprv - ok
21:04:52.0192 0x140c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:04:52.0282 0x140c  SysMain - ok
21:04:52.0372 0x140c  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:04:52.0372 0x140c  TabletInputService - ok
21:04:52.0432 0x140c  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:04:52.0442 0x140c  TapiSrv - ok
21:04:52.0522 0x140c  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:04:52.0522 0x140c  TBS - ok
21:04:52.0722 0x140c  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:04:52.0822 0x140c  Tcpip - ok
21:04:52.0922 0x140c  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:04:52.0932 0x140c  TCPIP6 - ok
21:04:52.0972 0x140c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:04:52.0972 0x140c  tcpipreg - ok
21:04:53.0072 0x140c  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:04:53.0072 0x140c  TDPIPE - ok
21:04:53.0122 0x140c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:04:53.0122 0x140c  TDTCP - ok
21:04:53.0202 0x140c  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:04:53.0202 0x140c  tdx - ok
21:04:53.0462 0x140c  [ D53118C165AE5D188632B6CDEEE82A1B ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
21:04:53.0592 0x140c  TeamViewer8 - ok
21:04:53.0632 0x140c  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:04:53.0632 0x140c  TermDD - ok
21:04:53.0682 0x140c  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:04:53.0712 0x140c  TermService - ok
21:04:53.0812 0x140c  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:04:53.0812 0x140c  Themes - ok
21:04:53.0872 0x140c  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:04:53.0872 0x140c  THREADORDER - ok
21:04:53.0922 0x140c  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:04:53.0932 0x140c  TrkWks - ok
21:04:54.0102 0x140c  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:04:54.0102 0x140c  TrustedInstaller - ok
21:04:54.0142 0x140c  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:04:54.0152 0x140c  tssecsrv - ok
21:04:54.0242 0x140c  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:04:54.0242 0x140c  TsUsbFlt - ok
21:04:54.0322 0x140c  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:04:54.0322 0x140c  TsUsbGD - ok
21:04:54.0362 0x140c  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:04:54.0362 0x140c  tunnel - ok
21:04:54.0462 0x140c  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:04:54.0462 0x140c  uagp35 - ok
21:04:54.0572 0x140c  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:04:54.0572 0x140c  udfs - ok
21:04:54.0662 0x140c  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:04:54.0672 0x140c  UI0Detect - ok
21:04:54.0762 0x140c  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:04:54.0762 0x140c  uliagpkx - ok
21:04:54.0802 0x140c  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:04:54.0802 0x140c  umbus - ok
21:04:54.0942 0x140c  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:04:54.0942 0x140c  UmPass - ok
21:04:55.0012 0x140c  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
21:04:55.0023 0x140c  UmRdpService - ok
21:04:55.0073 0x140c  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:04:55.0083 0x140c  upnphost - ok
21:04:55.0223 0x140c  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:04:55.0223 0x140c  usbaudio - ok
21:04:55.0283 0x140c  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:04:55.0293 0x140c  usbccgp - ok
21:04:55.0373 0x140c  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:04:55.0373 0x140c  usbcir - ok
21:04:55.0463 0x140c  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:04:55.0723 0x140c  usbehci - ok
21:04:55.0773 0x140c  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:04:55.0773 0x140c  usbhub - ok
21:04:55.0803 0x140c  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:04:55.0803 0x140c  usbohci - ok
21:04:55.0813 0x140c  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:04:55.0813 0x140c  usbprint - ok
21:04:55.0843 0x140c  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:04:55.0843 0x140c  USBSTOR - ok
21:04:55.0883 0x140c  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:04:55.0883 0x140c  usbuhci - ok
21:04:55.0903 0x140c  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:04:55.0903 0x140c  UxSms - ok
21:04:55.0923 0x140c  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:04:55.0923 0x140c  VaultSvc - ok
21:04:55.0953 0x140c  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:04:55.0963 0x140c  vdrvroot - ok
21:04:55.0993 0x140c  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:04:56.0013 0x140c  vds - ok
21:04:56.0053 0x140c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:04:56.0053 0x140c  vga - ok
21:04:56.0073 0x140c  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:04:56.0073 0x140c  VgaSave - ok
21:04:56.0113 0x140c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:04:56.0123 0x140c  vhdmp - ok
21:04:56.0163 0x140c  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:04:56.0163 0x140c  viaide - ok
21:04:56.0233 0x140c  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:04:56.0233 0x140c  vmbus - ok
21:04:56.0283 0x140c  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:04:56.0283 0x140c  VMBusHID - ok
21:04:56.0313 0x140c  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:04:56.0313 0x140c  volmgr - ok
21:04:56.0353 0x140c  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:04:56.0353 0x140c  volmgrx - ok
21:04:56.0383 0x140c  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:04:56.0393 0x140c  volsnap - ok
21:04:56.0433 0x140c  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:04:56.0443 0x140c  vsmraid - ok
21:04:56.0503 0x140c  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:04:56.0553 0x140c  VSS - ok
21:04:56.0573 0x140c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:04:56.0573 0x140c  vwifibus - ok
21:04:56.0603 0x140c  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:04:56.0613 0x140c  W32Time - ok
21:04:56.0623 0x140c  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:04:56.0623 0x140c  WacomPen - ok
21:04:56.0653 0x140c  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:04:56.0653 0x140c  WANARP - ok
21:04:56.0663 0x140c  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:04:56.0673 0x140c  Wanarpv6 - ok
21:04:56.0733 0x140c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:04:56.0773 0x140c  WatAdminSvc - ok
21:04:56.0833 0x140c  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:04:56.0883 0x140c  wbengine - ok
21:04:56.0893 0x140c  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:04:56.0903 0x140c  WbioSrvc - ok
21:04:56.0933 0x140c  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:04:56.0943 0x140c  wcncsvc - ok
21:04:56.0963 0x140c  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:04:56.0963 0x140c  WcsPlugInService - ok
21:04:56.0993 0x140c  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:04:56.0993 0x140c  Wd - ok
21:04:57.0033 0x140c  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:04:57.0063 0x140c  Wdf01000 - ok
21:04:57.0073 0x140c  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:04:57.0083 0x140c  WdiServiceHost - ok
21:04:57.0083 0x140c  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:04:57.0093 0x140c  WdiSystemHost - ok
21:04:57.0223 0x140c  [ 7D66C7460240C5FA7DA4E775DF9FF328 ] WebCakeUpdater  C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe
21:04:57.0223 0x140c  WebCakeUpdater - ok
21:04:57.0293 0x140c  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:04:57.0303 0x140c  WebClient - ok
21:04:57.0323 0x140c  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:04:57.0333 0x140c  Wecsvc - ok
21:04:57.0413 0x140c  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:04:57.0423 0x140c  wercplsupport - ok
21:04:57.0483 0x140c  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:04:57.0483 0x140c  WerSvc - ok
21:04:57.0553 0x140c  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:04:57.0553 0x140c  WfpLwf - ok
21:04:57.0573 0x140c  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:04:57.0573 0x140c  WIMMount - ok
21:04:57.0583 0x140c  WinHttpAutoProxySvc - ok
21:04:57.0623 0x140c  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:04:57.0633 0x140c  Winmgmt - ok
21:04:57.0723 0x140c  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:04:57.0803 0x140c  WinRM - ok
21:04:57.0913 0x140c  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:04:57.0913 0x140c  WinUsb - ok
21:04:57.0973 0x140c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:04:58.0013 0x140c  Wlansvc - ok
21:04:58.0303 0x140c  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:04:58.0443 0x140c  wlidsvc - ok
21:04:58.0623 0x140c  [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
21:04:58.0623 0x140c  WmBEnum - ok
21:04:58.0773 0x140c  [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
21:04:58.0773 0x140c  WmFilter - ok
21:04:58.0923 0x140c  [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo         C:\Windows\system32\drivers\WmHidLo.sys
21:04:58.0923 0x140c  WmHidLo - ok
21:04:58.0953 0x140c  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:04:58.0953 0x140c  WmiAcpi - ok
21:04:59.0033 0x140c  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:04:59.0033 0x140c  wmiApSrv - ok
21:04:59.0083 0x140c  WMPNetworkSvc - ok
21:04:59.0153 0x140c  [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
21:04:59.0153 0x140c  WmVirHid - ok
21:04:59.0163 0x140c  [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
21:04:59.0173 0x140c  WmXlCore - ok
21:04:59.0233 0x140c  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:04:59.0233 0x140c  WPCSvc - ok
21:04:59.0283 0x140c  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:04:59.0283 0x140c  WPDBusEnum - ok
21:04:59.0333 0x140c  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:04:59.0333 0x140c  ws2ifsl - ok
21:04:59.0343 0x140c  WSearch - ok
21:04:59.0433 0x140c  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:04:59.0433 0x140c  WudfPf - ok
21:04:59.0473 0x140c  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:04:59.0483 0x140c  WUDFRd - ok
21:04:59.0533 0x140c  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:04:59.0533 0x140c  wudfsvc - ok
21:04:59.0633 0x140c  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:04:59.0633 0x140c  WwanSvc - ok
21:04:59.0723 0x140c  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
21:04:59.0723 0x140c  xusb21 - ok
21:04:59.0893 0x140c  [ B21B683C3096F51BBDEE48661FBFC0D7 ] ‮etadpug        C:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\GoogleUpdate.exe
21:04:59.0903 0x140c  ‮etadpug ( Rootkit.Win32.PMax.gen ) - infected
21:04:59.0903 0x140c  ‮etadpug - detected Rootkit.Win32.PMax.gen (0)
21:04:59.0903 0x140c  ================ Scan global ===============================
21:04:59.0983 0x140c  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:05:00.0144 0x140c  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:05:00.0154 0x140c  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:05:00.0254 0x140c  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:05:00.0314 0x140c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:05:00.0324 0x140c  [Global] - ok
21:05:00.0324 0x140c  ================ Scan MBR ==================================
21:05:00.0364 0x140c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:05:00.0714 0x140c  \Device\Harddisk0\DR0 - ok
21:05:00.0714 0x140c  ================ Scan VBR ==================================
21:05:00.0774 0x140c  [ 772AE38787182589726F6FF3B9D860C3 ] \Device\Harddisk0\DR0\Partition1
21:05:00.0774 0x140c  \Device\Harddisk0\DR0\Partition1 - ok
21:05:00.0784 0x140c  [ 0047F8721FCE09614DA475D8307D0D18 ] \Device\Harddisk0\DR0\Partition2
21:05:00.0784 0x140c  \Device\Harddisk0\DR0\Partition2 - ok
21:05:00.0784 0x140c  ============================================================
21:05:00.0784 0x140c  Scan finished
21:05:00.0784 0x140c  ============================================================
21:05:00.0794 0x18a8  Detected object count: 1
21:05:00.0794 0x18a8  Actual detected object count: 1
21:05:47.0090 0x18a8  C:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\GoogleUpdate.exe - copied to quarantine
21:05:47.0100 0x18a8  HKLM\SYSTEM\ControlSet001\services\‮etadpug - will be deleted on reboot
21:05:47.0133 0x18a8  HKLM\SYSTEM\ControlSet002\services\‮etadpug - will be deleted on reboot
21:05:47.0440 0x18a8  C:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\GoogleUpdate.exe - will be deleted on reboot
21:05:47.0440 0x18a8  ‮etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Delete
21:08:17.0759 0x1d10  Deinitialize success
 

Here is a copy of the logfile from AdwCleaner.

 

# AdwCleaner v3.001 - Report created 28/08/2013 at 21:24:23
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jay - JAYSPC
# Running from : C:\Users\Jay\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BrowserDefendert
Service Found : WebCakeUpdater

***** [ Files / Folders ] *****

File Found : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\bprotector_extensions.sqlite
File Found : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\bprotector_prefs.js
File Found : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\user.js
File Found : C:\Windows\System32\Tasks\BrowserDefendert
File Found : C:\Windows\System32\Tasks\EPUpdater
Folder Found : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\Extensions\ffxtlbr@delta.com
Folder Found : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\Extensions\plugin@getwebcake.com
Folder Found C:\Program Files (x86)\delta
Folder Found C:\Program Files (x86)\Tepfel
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BrowserDefender
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Jay\AppData\Roaming\BabSolution
Folder Found C:\Users\Jay\AppData\Roaming\Babylon
Folder Found C:\Users\Jay\AppData\Roaming\delta
Folder Found C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Found C:\Users\Jay\AppData\Roaming\Tepfel

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Jay\Desktop\Search.lnk ( -url hxxp://www2.delta-search.com/?babsrc=DT_ss&mntrId=DE8E001AA0C0695C&affID=119523&tt=280813_dt&tsp=4988 -wbr 2 )

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\f53d68cb768bd45
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\f53d68cb768bd45
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=DE8E001AA0C0695C&affID=119523&tt=280813_dt&tsp=4988

-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=DE8E001AA0C0695C&affID=119523&tt=280813_dt&tsp=4988");
Line Found : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=DE8E001AA0C0695C&affID=119523&tt=280813_dt&tsp=4988");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "de8e3da4000000000000001aa0c0695c");
Line Found : user_pref("extensions.delta.instlDay", "15945");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.620:45:47");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119523&tt=280813_dt&tsp=4988");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\exte[...]
Line Found : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Found : user_pref("extentions.webcake.installId", "577b3cb8-fb33-4fe3-91c1-85923e7b67c5");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [11032 octets] - [25/08/2013 04:35:37]
AdwCleaner[R1].txt - [1131 octets] - [25/08/2013 04:47:57]
AdwCleaner[R2].txt - [1191 octets] - [25/08/2013 04:55:48]
AdwCleaner[R3].txt - [1192 octets] - [25/08/2013 05:00:42]
AdwCleaner[R4].txt - [1252 octets] - [25/08/2013 17:24:44]
AdwCleaner[R5].txt - [1313 octets] - [25/08/2013 19:00:38]
AdwCleaner[R6].txt - [12209 octets] - [28/08/2013 21:24:23]
AdwCleaner[S0].txt - [10372 octets] - [25/08/2013 04:38:46]
AdwCleaner[S1].txt - [1255 octets] - [25/08/2013 04:56:38]
AdwCleaner[S2].txt - [1374 octets] - [25/08/2013 20:13:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [12451 octets] ##########

 

The ESET Online scanner will only go so far into the scan before stopping with a message stating "ERROR 2002"



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:45 AM

Posted 28 August 2013 - 07:35 PM

Hello again and you are welcome. Are you in the USA?

Uninstall this as you use foxit and older versions are exploitable.
Adobe Reader 6.0 (Version: 6.0). The current version is XI


Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


Run ADWcleaner and remove
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
EDIT: I see that you have the latest version of 0access rootkit.

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
>>>>

Try ESET again.
If it fails let me know and try this alternate.


Please run the F-Secure Online Scanner
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Edited by boopme, 28 August 2013 - 08:36 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JayCoops

JayCoops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 28 August 2013 - 08:35 PM

Hi again boopme,

 

I'm from the UK.

 

Here is the log report from AdwCleaner.

 

# AdwCleaner v3.001 - Report created 29/08/2013 at 01:48:30
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jay - JAYSPC
# Running from : C:\Users\Jay\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BrowserDefendert
[#] Service Deleted : WebCakeUpdater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\delta
Folder Deleted : C:\Program Files (x86)\Tepfel
Folder Deleted : C:\Users\Jay\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Jay\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jay\AppData\Roaming\delta
Folder Deleted : C:\Users\Jay\AppData\Roaming\Tepfel
Folder Deleted : C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\Extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\Extensions\plugin@getwebcake.com
File Deleted : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\bprotector_prefs.js
File Deleted : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\user.js
File Deleted : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BrowserDefendert
File Deleted : C:\Windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Jay\Desktop\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\f53d68cb768bd45
Key Deleted : HKLM\SOFTWARE\f53d68cb768bd45
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=DE8E001AA0C0695C&affID=119523&tt=280813_dt&tsp=4988");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=DE8E001AA0C0695C&affID=119523&tt=280813_dt&tsp=4988");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "de8e3da4000000000000001aa0c0695c");
Line Deleted : user_pref("extensions.delta.instlDay", "15945");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.620:45:47");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119523&tt=280813_dt&tsp=4988");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "plugin%40getwebcake.com:1.00.01,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\exte[...]
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "577b3cb8-fb33-4fe3-91c1-85923e7b67c5");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [11032 octets] - [25/08/2013 04:35:37]
AdwCleaner[R1].txt - [1131 octets] - [25/08/2013 04:47:57]
AdwCleaner[R2].txt - [1191 octets] - [25/08/2013 04:55:48]
AdwCleaner[R3].txt - [1192 octets] - [25/08/2013 05:00:42]
AdwCleaner[R4].txt - [1252 octets] - [25/08/2013 17:24:44]
AdwCleaner[R5].txt - [1313 octets] - [25/08/2013 19:00:38]
AdwCleaner[R6].txt - [12560 octets] - [28/08/2013 21:24:23]
AdwCleaner[R7].txt - [12621 octets] - [29/08/2013 01:45:38]
AdwCleaner[S0].txt - [10372 octets] - [25/08/2013 04:38:46]
AdwCleaner[S1].txt - [1255 octets] - [25/08/2013 04:56:38]
AdwCleaner[S2].txt - [1374 octets] - [25/08/2013 20:13:59]
AdwCleaner[S3].txt - [12514 octets] - [29/08/2013 01:48:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [12575 octets] ##########

 

ESET is currently still scanning but has been at 56% for quite some time now. I will post the results as soon as it has finished.

 

Many thanks once again.

 

EDIT: As I posted this, ESET came up with the following above the status bar. "Can not get update, is proxy configured".


Edited by JayCoops, 28 August 2013 - 08:38 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:45 AM

Posted 28 August 2013 - 08:39 PM

Hi please note I edited the above post before ESET as I found some thing new.

That was a good clean from ADW....

Edited by boopme, 28 August 2013 - 08:41 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JayCoops

JayCoops
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 29 August 2013 - 05:35 AM

Glad to hear that.

 

Here is the report from AdwCleaner.

 

# AdwCleaner v3.001 - Report created 29/08/2013 at 02:54:20
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jay - JAYSPC
# Running from : C:\Users\Jay\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635


-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\yn16cz0d.default\prefs.js ]


-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11032 octets] - [25/08/2013 04:35:37]
AdwCleaner[R1].txt - [1131 octets] - [25/08/2013 04:47:57]
AdwCleaner[R2].txt - [1191 octets] - [25/08/2013 04:55:48]
AdwCleaner[R3].txt - [1192 octets] - [25/08/2013 05:00:42]
AdwCleaner[R4].txt - [1252 octets] - [25/08/2013 17:24:44]
AdwCleaner[R5].txt - [1313 octets] - [25/08/2013 19:00:38]
AdwCleaner[R6].txt - [12560 octets] - [28/08/2013 21:24:23]
AdwCleaner[R7].txt - [12621 octets] - [29/08/2013 01:45:38]
AdwCleaner[R8].txt - [1614 octets] - [29/08/2013 02:53:19]
AdwCleaner[S0].txt - [10372 octets] - [25/08/2013 04:38:46]
AdwCleaner[S1].txt - [1255 octets] - [25/08/2013 04:56:38]
AdwCleaner[S2].txt - [1374 octets] - [25/08/2013 20:13:59]
AdwCleaner[S3].txt - [12668 octets] - [29/08/2013 01:48:30]
AdwCleaner[S4].txt - [1535 octets] - [29/08/2013 02:54:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1595 octets] ##########

 

Here is the report from MBAR. 

 

System-log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.327000 GHz
Memory total: 8587476992, free: 6463021056

Downloaded database version: v2013.08.29.01
Downloaded database version: v2013.08.06.01
=======================================
------------ Kernel report ------------
     08/29/2013 03:12:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\sfhlp02.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\b57nd60a.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\stwrt64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\WmHidLo.sys
\SystemRoot\system32\drivers\WmFilter.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WmVirHid.sys
\??\C:\Windows\system32\drivers\IOMap64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\rpcrt4.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007a51790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-3\
Lower Device Object: 0xfffffa800744a060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a51790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a512c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a51790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800744a060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 86308630

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 488074402

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488261250-488281250)...
Done!
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\GoogleUpdate.exe --> [Trojan.FakeAlert]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE --> [Trojan.FakeAlert]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE --> [Trojan.FakeAlert]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update^‮❤ --> [Trojan.FakeAlert]
Infected: C:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
Infected: C:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332} --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\@ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\00000004.@ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\76603ac3 --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\00000004.@ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\00000008.@ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\000000cb.@ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000000.@ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000032.@ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000064.@ --> [Trojan.0Access]
Infected: C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\    --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332} --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\@ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\l --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\00000004.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\201d3dde --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\6715e287 --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\76603ac3 --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\u --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\00000004.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\00000008.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\000000cb.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000000.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000032.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000064.@ --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332} --> [Trojan.0Access]
Scan finished
User declined to cleanup malware.

 

MBAR log:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.08.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Jay :: JAYSPC [administrator]

29/08/2013 03:12:57
mbar-log-2013-08-29 (03-12-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 252622
Time elapsed: 12 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE (Trojan.FakeAlert) -> No action taken.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE (Trojan.FakeAlert) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update^‮❤ (Trojan.FakeAlert) -> Data:  -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332} (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332} (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\    (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \... (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛ (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332} (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\l (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\u (Trojan.0Access) -> No action taken.
C:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332} (Trojan.0Access) -> No action taken.

Files Detected: 23
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\GoogleUpdate.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> No action taken.
C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\@ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\00000004.@ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\76603ac3 (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\00000004.@ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\00000008.@ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\000000cb.@ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000000.@ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000032.@ (Trojan.0Access) -> No action taken.
C:\Users\Jay\AppData\Local\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000064.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\00000004.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\201d3dde (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\6715e287 (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\L\76603ac3 (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\00000004.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\00000008.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\000000cb.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000000.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000032.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\   \...\‮ﯹ๛\{08f5c6f9-ea8d-4f4d-a009-acc4508c7332}\U\80000064.@ (Trojan.0Access) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

Tried ESET again which this time got to 100%, but right at that point displayed the message above the status bar "unexpected Error 2002".

 

F-Secure seems to be unresponsive too. Once downloaded nothing seems to happen. After having left it to do it's thing overnight as you say the scan begins automatically, it didn't seem to do so. Having double clicked the F-Secure icon, all that comes up is a faint blue transparent window with the F-Secure logo in the top left.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:45 AM

Posted 29 August 2013 - 01:46 PM

Ok, its the 0Access rootkit you still have, We need to start a new topic and get this off.

We will need stronger tools and get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users