Jump to content

Various errors [Mbam won't run, can't play movies or music, etc]


fuji520

Recommended Posts

Hello,

I've been getting various errors lately and I am certain this is the works of a sneaky virus...

These are the errors I've been encountering so far...

  • hijackthis won't save log (it would in safe mode)
  • there are multiple dllhost running on my computer
  • can't save in any application
  • can't right click>properties in my computer
  • can't uninstall software through control panel
  • can't play movies or music, to add, in winamp it skips around a bit and asks for a file overwrite in WMP it says server execution error
  • mbam won't run - says runtime error '0' then runtime error '440' automation error

I have uploaded a couple of pictures showing some of the errors. Captured it on the phone as I can't save files in any image editing software...

The HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:14:47 PM, on 23/12/12

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Safe mode with network support

Running processes:

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)

O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [steam] "X:\Games\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [HDDtemp4] C:\Program Files (x86)\BinarySense\HDDTemp4\\hddtemp4 /minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\FiaN\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [Google Update] "C:\Users\FiaN\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Voipwise] "C:\Program Files (x86)\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-21-4032062568-3766263197-1891077631-1000\..\Run: [steam] "X:\Games\Steam\steam.exe" -silent (User '?')

O4 - HKUS\S-1-5-21-4032062568-3766263197-1891077631-1000\..\Run: [Google Update] "C:\Users\FiaN\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')

O4 - HKUS\S-1-5-21-4032062568-3766263197-1891077631-1000\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED (User '?')

O4 - HKUS\S-1-5-21-4032062568-3766263197-1891077631-1000\..\Run: [Voipwise] "C:\Program Files (x86)\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized (User '?')

O4 - HKUS\S-1-5-21-4032062568-3766263197-1891077631-1000\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User '?')

O4 - S-1-5-21-4032062568-3766263197-1891077631-1000 Startup: Canon IJ Status Monitor Canon Inkjet i350.lnk = ? (User '?')

O4 - S-1-5-21-4032062568-3766263197-1891077631-1000 Startup: Dropbox.lnk = FiaN\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')

O4 - S-1-5-21-4032062568-3766263197-1891077631-1000 Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe (User '?')

O4 - Startup: Canon IJ Status Monitor Canon Inkjet i350.lnk = ?

O4 - Startup: Dropbox.lnk = FiaN\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

O4 - Global Startup: PrivateTunnel.lnk = C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.h...tDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.m...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{604AFE75-2B17-4487-AB5C-5F39A71B604B}: NameServer = 10.85.40.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{EAAEE705-61FB-46DF-BE1F-0E6008FD0351}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{604AFE75-2B17-4487-AB5C-5F39A71B604B}: NameServer = 10.85.40.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{604AFE75-2B17-4487-AB5C-5F39A71B604B}: NameServer = 10.85.40.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)

O23 - Service: ActiveSMART Service - Ariolic Software, Ltd. (http://www.ariolic.com) - C:\Program Files (x86)\ActiveSMART 2.8\ASmartService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe

O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) - Unknown owner - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14110 bytes

Any help is appreciated, thanks.

post-122965-0-83166700-1356255475.jpg

post-122965-0-49192700-1356255582.jpg

Link to post
Share on other sites

Hello Fuji and welcome to MalwareBytes forums.

Please start with this:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Link to post
Share on other sites

<p>Oh no wait, used internet explorer and bingo - downloaded.</p>

<p> </p>

<p>logs:</p>

<p> </p>

<p> </p>

<div>Rkill 2.4.5 by Lawrence Abrams (Grinler)</div>

<div>http://www.bleepingcomputer.com/</div>

<div>Copyright 2008-2012 BleepingComputer.com</div>

<div>More Information about Rkill can be found at this link:</div>

<div> http://www.bleepingcomputer.com/forums/topic308364.html</div>

<div> </div>

<div>Program started at: 12/23/2012 05:03:05 PM in x64 mode.</div>

<div>Windows Version: Windows 7 Ultimate </div>

<div> </div>

<div>Checking for Windows services to stop:</div>

<div> </div>

<div> * No malware services found to stop.</div>

<div> </div>

<div>Checking for processes to terminate:</div>

<div> </div>

<div> * No malware processes found to kill.</div>

<div> </div>

<div>Possibly Patched Files.</div>

<div> </div>

<div> * C:\Windows\Explorer.EXE</div>

<div> </div>

<div>Checking Registry for malware related settings:</div>

<div> </div>

<div> * Advanced Explorer Setting Removed:  HideIcons [HKCU]</div>

<div> * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]</div>

<div> </div>

<div>Backup Registry file created at:</div>

<div> C:\Users\FiaN\Desktop\rkill\rkill-12-23-2012-05-03-20.reg</div>

<div> </div>

<div>Resetting .EXE, .COM, & .BAT associations in the Windows Registry.</div>

<div> </div>

<div>Performing miscellaneous checks:</div>

<div> </div>

<div> * No issues found.</div>

<div> </div>

<div>Checking Windows Service Integrity: </div>

<div> </div>

<div> * No issues found.</div>

<div> </div>

<div>Searching for Missing Digital Signatures: </div>

<div> </div>

<div> * C:\Windows\explorer.exe [NoSig]</div>

<div> +-> C:\Windows\SysWOW64\explorer.exe : 2,614,272 : 10/31/2009 00:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]</div>

<div> +-> C:\Windows\W7SOC\explorer.exe : 2,870,272 : 01/09/2011 05:57 PM : 45dfd444ea07d50efa17277228403f85 [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2,868,224 : 07/14/2009 00:39 AM : c235a51cb740e45ffa0ebfb9bafcda64 [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2,868,224 : 08/03/2009 00:17 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2,870,272 : 10/31/2009 00:34 AM : 9aaaec8dac27aa17b053e6352ad233ae [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2,868,224 : 08/03/2009 00:19 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2,870,272 : 10/31/2009 00:38 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2,613,248 : 07/14/2009 00:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2,613,248 : 08/03/2009 00:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2,614,272 : 10/31/2009 00:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2,613,248 : 08/03/2009 00:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl]</div>

<div> +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2,614,272 : 10/31/2009 00:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl]</div>

<div> </div>

<div>Checking HOSTS File: </div>

<div> </div>

<div> * No issues found.</div>

<div> </div>

<div>Program finished at: 12/23/2012 05:04:15 PM</div>

<div>Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)</div>

<div> </div>

<div>Also, I forgot to mention one more thing - I am using a custom windows 7 skin so it would perhaps explain the C:\Windows\SysWOW64\explorer.exe and the C:\Windows\W7SOC\explorer.exe</div>

Link to post
Share on other sites

D'ya see the weird formatting of that report? Try again, and from henceforth, always click on More Reply Options button, and then click 1 time on the light-swicth icon in the toolbar so that the toolbar is OFF, and only then Paste the log.

Please do this and re-post the last log.

Link to post
Share on other sites

P.S. Your logs showed some peer-to-peer filesharing apps: uTorrent . Uninstall it, then Restart your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

Hehe, sorry about that.

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingc...opic308364.html

Program started at: 12/23/2012 05:03:05 PM in x64 mode.

Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\Explorer.EXE

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:

C:\Users\FiaN\Desktop\rkill\rkill-12-23-2012-05-03-20.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\explorer.exe [NoSig]

+-> C:\Windows\SysWOW64\explorer.exe : 2,614,272 : 10/31/2009 00:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]

+-> C:\Windows\W7SOC\explorer.exe : 2,870,272 : 01/09/2011 05:57 PM : 45dfd444ea07d50efa17277228403f85 [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2,868,224 : 07/14/2009 00:39 AM : c235a51cb740e45ffa0ebfb9bafcda64 [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2,868,224 : 08/03/2009 00:17 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2,870,272 : 10/31/2009 00:34 AM : 9aaaec8dac27aa17b053e6352ad233ae [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2,868,224 : 08/03/2009 00:19 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2,870,272 : 10/31/2009 00:38 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl]

+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2,613,248 : 07/14/2009 00:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl]

+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2,613,248 : 08/03/2009 00:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl]

+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2,614,272 : 10/31/2009 00:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl]

+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2,613,248 : 08/03/2009 00:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl]

+-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2,614,272 : 10/31/2009 00:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 12/23/2012 05:04:15 PM

Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)

Link to post
Share on other sites

P.S. Your logs showed some peer-to-peer filesharing apps: uTorrent . Uninstall it, then Restart your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

http://forums.malwar...showtopic=97700

Sorry about that, only reason I had that was to download an MMO client. It's completely disabled now.

Link to post
Share on other sites

Run the following and post the requested log. Credit Kevinf80 for the following

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.

14. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Image10.png

Post those two logs in your reply.

Link to post
Share on other sites

MBAR log:

Malwarebytes Anti-Rootkit 1.01.0.1011

v2012.12.23.04

Windows 7 x64 NTFS

8.0.7600.16385

F**N :: F**N-PC

23/12/12 6:24:59 PM

mbar-log-2012-12-23 (18-24-59).txt

33563

27 , 42

0

0

0

0

0

0

0

System log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, X:\ DRIVE_FIXED

CPU speed: 2.926000 GHz

Memory total: 4294103040, free: 2617991168

------------ Kernel report ------------

12/23/2012 17:55:36

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\spxt.sys

\SystemRoot\System32\Drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\vmstorfl.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\SysWOW64\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\ehdrv.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\drivers\truecrypt.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\Drivers\abj9ae2j.SYS

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\vrtaucbl.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\Drivers\RootMdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\HssDrv.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\taphss.sys

\SystemRoot\system32\DRIVERS\tapoas.sys

\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\drivers\WmBEnum.sys

\SystemRoot\system32\drivers\WmXlCore.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\xusb21.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\point64k.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\eamon.sys

\SystemRoot\system32\drivers\WudfPf.sys

\??\C:\Windows\system32\drivers\uxpatch.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\drivers\cpuz135_x64.sys

\SystemRoot\system32\DRIVERS\epfwwfpr.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\WmVirHid.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\Wldap32.dll

\Windows\System32\msctf.dll

\Windows\System32\lpk.dll

\Windows\System32\clbcatq.dll

\Windows\System32\sechost.dll

\Windows\System32\nsi.dll

\Windows\System32\normaliz.dll

\Windows\System32\ws2_32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\imagehlp.dll

\Windows\System32\ole32.dll

\Windows\System32\usp10.dll

\Windows\System32\shlwapi.dll

\Windows\System32\psapi.dll

\Windows\System32\shell32.dll

\Windows\System32\wininet.dll

\Windows\System32\advapi32.dll

\Windows\System32\setupapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\difxapi.dll

\Windows\System32\comdlg32.dll

\Windows\System32\user32.dll

\Windows\System32\kernel32.dll

\Windows\System32\imm32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\urlmon.dll

\Windows\System32\iertutil.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\comctl32.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\devobj.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk6\DR6

Upper Device Object: 0xfffffa8005b04790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000088\

Lower Device Object: 0xfffffa8005934b70

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa8005afa790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000087\

Lower Device Object: 0xfffffa800592eb70

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8005af8790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000086\

Lower Device Object: 0xfffffa8005931b70

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa8005af6790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000085\

Lower Device Object: 0xfffffa8005930b70

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8005af4790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000084\

Lower Device Object: 0xfffffa8005923b70

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80049d5060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa8004868060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80049d4060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa8004857060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Downloaded database version: v2012.12.23.04

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80049d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80049d4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80049d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80048789b0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004857060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a011a5c540, 0xfffffa80049d4060, 0xfffffa8005edc790

Lower DeviceData: 0xfffff8a012866940, 0xfffffa8004857060, 0xfffffa8004826c70

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: DE4DFC5D

Partition information:

Partition 0 type is Other (0xc)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 16369664

Partition file system is FAT32

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 16371712 Numsec = 608765952

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa80049d5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80049d5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80049d5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80048854e0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004868060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a012b9bf50, 0xfffffa80049d5060, 0xfffffa8005e65790

Lower DeviceData: 0xfffff8a012595860, 0xfffffa8004868060, 0xfffffa800674b090

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 8B0783E1

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 1953519616

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8005af4790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005937910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005af4790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005923b70, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa8005af6790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005936b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005af6790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005930b70, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8005af8790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005935b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005af8790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005931b70, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa8005afa790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005938b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005afa790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800592eb70, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 6, DevicePointer: 0xfffffa8005b04790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005939b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005b04790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005934b70, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

IF you have a prior copy of Adwcleaner.exe, then Delete it.

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • IF you have a prior copy of TDSSKILLER.exe, them Delete it now.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

# AdwCleaner v2.101 - Logfile created 12/23/2012 at 23:23:29

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : FiaN - FIAN-PC

# Boot Mode : Normal

# Running from : C:\Users\FiaN\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\FiaN\AppData\Local\Temp\Uninstall.exe

File Found : C:\Users\FiaN\AppData\Roaming\Mozilla\Firefox\Profiles\m3j0cnbj.default\searchplugins\Askcom.xml

Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

Folder Found : C:\ProgramData\Trymedia

Folder Found : C:\Users\FiaN\AppData\Local\APN

Folder Found : C:\Users\FiaN\AppData\Local\Temp\AskSearch

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKU\S-1-5-21-4032062568-3766263197-1891077631-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKU\S-1-5-21-4032062568-3766263197-1891077631-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.hotspotshield.com/g/?c=h

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Users\FiaN\AppData\Roaming\Mozilla\Firefox\Profiles\m3j0cnbj.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\FiaN\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3135 octets] - [23/12/2012 23:23:29]

########## EOF - C:\AdwCleaner[R1].txt - [3195 octets] ##########

23:25:52.0608 2704 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

23:25:53.0886 2704 ============================================================

23:25:53.0886 2704 Current date / time: 2012/12/23 23:25:53.0886

23:25:53.0886 2704 SystemInfo:

23:25:53.0886 2704

23:25:53.0886 2704 OS Version: 6.1.7600 ServicePack: 0.0

23:25:53.0886 2704 Product type: Workstation

23:25:53.0886 2704 ComputerName: FIAN-PC

23:25:53.0886 2704 UserName: FiaN

23:25:53.0886 2704 Windows directory: C:\Windows

23:25:53.0886 2704 System windows directory: C:\Windows

23:25:53.0886 2704 Running under WOW64

23:25:53.0886 2704 Processor architecture: Intel x64

23:25:53.0886 2704 Number of processors: 2

23:25:53.0886 2704 Page size: 0x1000

23:25:53.0886 2704 Boot type: Normal boot

23:25:53.0886 2704 ============================================================

23:25:55.0013 2704 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:25:55.0028 2704 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:25:55.0068 2704 ============================================================

23:25:55.0068 2704 \Device\Harddisk0\DR0:

23:25:55.0068 2704 MBR partitions:

23:25:55.0068 2704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0xF9C800

23:25:55.0068 2704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF9D000, BlocksNum 0x24490800

23:25:55.0068 2704 \Device\Harddisk1\DR1:

23:25:55.0068 2704 MBR partitions:

23:25:55.0068 2704 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

23:25:55.0068 2704 ============================================================

23:25:55.0148 2704 C: <-> \Device\Harddisk0\DR0\Partition2

23:25:55.0191 2704 X: <-> \Device\Harddisk1\DR1\Partition1

23:25:55.0191 2704 ============================================================

23:25:55.0191 2704 Initialize success

23:25:55.0191 2704 ============================================================

23:26:03.0063 4272 ============================================================

23:26:03.0063 4272 Scan started

23:26:03.0063 4272 Mode: Manual;

23:26:03.0063 4272 ============================================================

23:26:04.0679 4272 ================ Scan system memory ========================

23:26:04.0679 4272 System memory - ok

23:26:04.0679 4272 ================ Scan services =============================

23:26:04.0819 4272 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

23:26:04.0824 4272 1394ohci - ok

23:26:04.0849 4272 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

23:26:04.0852 4272 ACPI - ok

23:26:04.0874 4272 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

23:26:04.0877 4272 AcpiPmi - ok

23:26:04.0949 4272 [ 35809C29E62BBD179A369288BB2818C6 ] ActiveSMART Service C:\Program Files (x86)\ActiveSMART 2.8\ASmartService.exe

23:26:04.0954 4272 ActiveSMART Service - ok

23:26:04.0992 4272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:26:05.0007 4272 adp94xx - ok

23:26:05.0044 4272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:26:05.0049 4272 adpahci - ok

23:26:05.0079 4272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:26:05.0099 4272 adpu320 - ok

23:26:05.0154 4272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:26:05.0172 4272 AeLookupSvc - ok

23:26:05.0199 4272 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys

23:26:05.0214 4272 AFD - ok

23:26:05.0227 4272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

23:26:05.0229 4272 agp440 - ok

23:26:05.0244 4272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:26:05.0247 4272 ALG - ok

23:26:05.0262 4272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

23:26:05.0262 4272 aliide - ok

23:26:05.0299 4272 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

23:26:05.0302 4272 AMD External Events Utility - ok

23:26:05.0312 4272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

23:26:05.0314 4272 amdide - ok

23:26:05.0339 4272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:26:05.0342 4272 AmdK8 - ok

23:26:05.0539 4272 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

23:26:05.0717 4272 amdkmdag - ok

23:26:05.0744 4272 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

23:26:05.0749 4272 amdkmdap - ok

23:26:05.0757 4272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:26:05.0759 4272 AmdPPM - ok

23:26:05.0787 4272 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

23:26:05.0787 4272 amdsata - ok

23:26:05.0802 4272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:26:05.0804 4272 amdsbs - ok

23:26:05.0817 4272 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

23:26:05.0817 4272 amdxata - ok

23:26:05.0844 4272 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

23:26:05.0844 4272 AppID - ok

23:26:05.0862 4272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:26:05.0864 4272 AppIDSvc - ok

23:26:05.0882 4272 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

23:26:05.0882 4272 Appinfo - ok

23:26:05.0934 4272 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:26:05.0937 4272 Apple Mobile Device - ok

23:26:05.0967 4272 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

23:26:05.0969 4272 AppMgmt - ok

23:26:05.0997 4272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

23:26:05.0999 4272 arc - ok

23:26:06.0012 4272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:26:06.0012 4272 arcsas - ok

23:26:06.0094 4272 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:26:06.0097 4272 aspnet_state - ok

23:26:06.0114 4272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:26:06.0114 4272 AsyncMac - ok

23:26:06.0129 4272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

23:26:06.0129 4272 atapi - ok

23:26:06.0349 4272 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

23:26:06.0399 4272 atikmdag - ok

23:26:06.0442 4272 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:26:06.0457 4272 AudioEndpointBuilder - ok

23:26:06.0474 4272 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:26:06.0479 4272 AudioSrv - ok

23:26:06.0507 4272 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:26:06.0507 4272 AxInstSV - ok

23:26:06.0539 4272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

23:26:06.0544 4272 b06bdrv - ok

23:26:06.0577 4272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:26:06.0582 4272 b57nd60a - ok

23:26:06.0597 4272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:26:06.0599 4272 BDESVC - ok

23:26:06.0617 4272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:26:06.0617 4272 Beep - ok

23:26:06.0652 4272 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

23:26:06.0667 4272 BFE - ok

23:26:06.0697 4272 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll

23:26:06.0714 4272 BITS - ok

23:26:06.0739 4272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:26:06.0739 4272 blbdrive - ok

23:26:06.0807 4272 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

23:26:06.0809 4272 Bonjour Service - ok

23:26:06.0827 4272 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:26:06.0829 4272 bowser - ok

23:26:06.0844 4272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:26:06.0844 4272 BrFiltLo - ok

23:26:06.0857 4272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:26:06.0857 4272 BrFiltUp - ok

23:26:06.0884 4272 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll

23:26:06.0887 4272 Browser - ok

23:26:06.0907 4272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:26:06.0912 4272 Brserid - ok

23:26:06.0932 4272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:26:06.0932 4272 BrSerWdm - ok

23:26:06.0942 4272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:26:06.0942 4272 BrUsbMdm - ok

23:26:06.0954 4272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:26:06.0954 4272 BrUsbSer - ok

23:26:06.0979 4272 [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys

23:26:06.0982 4272 BthAvrcp - ok

23:26:07.0022 4272 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

23:26:07.0024 4272 BthEnum - ok

23:26:07.0042 4272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:26:07.0042 4272 BTHMODEM - ok

23:26:07.0054 4272 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

23:26:07.0054 4272 BthPan - ok

23:26:07.0082 4272 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

23:26:07.0097 4272 BTHPORT - ok

23:26:07.0114 4272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:26:07.0117 4272 bthserv - ok

23:26:07.0134 4272 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

23:26:07.0134 4272 BTHUSB - ok

23:26:07.0169 4272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:26:07.0172 4272 cdfs - ok

23:26:07.0199 4272 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:26:07.0202 4272 cdrom - ok

23:26:07.0219 4272 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

23:26:07.0222 4272 CertPropSvc - ok

23:26:07.0232 4272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:26:07.0234 4272 circlass - ok

23:26:07.0252 4272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:26:07.0254 4272 CLFS - ok

23:26:07.0307 4272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:26:07.0317 4272 clr_optimization_v2.0.50727_32 - ok

23:26:07.0354 4272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:26:07.0357 4272 clr_optimization_v2.0.50727_64 - ok

23:26:07.0432 4272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:26:07.0434 4272 clr_optimization_v4.0.30319_32 - ok

23:26:07.0444 4272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:26:07.0444 4272 clr_optimization_v4.0.30319_64 - ok

23:26:07.0474 4272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:26:07.0474 4272 CmBatt - ok

23:26:07.0487 4272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

23:26:07.0489 4272 cmdide - ok

23:26:07.0512 4272 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys

23:26:07.0517 4272 CNG - ok

23:26:07.0534 4272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:26:07.0537 4272 Compbatt - ok

23:26:07.0554 4272 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

23:26:07.0557 4272 CompositeBus - ok

23:26:07.0569 4272 COMSysApp - ok

23:26:07.0599 4272 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys

23:26:07.0602 4272 cpuz135 - ok

23:26:07.0614 4272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:26:07.0614 4272 crcdisk - ok

23:26:07.0649 4272 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:26:07.0652 4272 CryptSvc - ok

23:26:07.0689 4272 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys

23:26:07.0704 4272 CSC - ok

23:26:07.0732 4272 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll

23:26:07.0749 4272 CscService - ok

23:26:07.0784 4272 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:26:07.0799 4272 DcomLaunch - ok

23:26:07.0824 4272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:26:07.0827 4272 defragsvc - ok

23:26:07.0862 4272 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:26:07.0862 4272 DfsC - ok

23:26:07.0889 4272 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

23:26:07.0889 4272 dg_ssudbus - ok

23:26:07.0924 4272 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

23:26:07.0929 4272 Dhcp - ok

23:26:07.0937 4272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:26:07.0939 4272 discache - ok

23:26:07.0964 4272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:26:07.0967 4272 Disk - ok

23:26:07.0977 4272 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:26:07.0979 4272 Dnscache - ok

23:26:08.0002 4272 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

23:26:08.0007 4272 dot3svc - ok

23:26:08.0024 4272 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

23:26:08.0027 4272 DPS - ok

23:26:08.0049 4272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:26:08.0049 4272 drmkaud - ok

23:26:08.0102 4272 dump_wmimmc - ok

23:26:08.0137 4272 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:26:08.0164 4272 DXGKrnl - ok

23:26:08.0199 4272 [ DADF326F74EEC4D759ADA18C5B73FC77 ] eamon C:\Windows\system32\DRIVERS\eamon.sys

23:26:08.0202 4272 eamon - ok

23:26:08.0227 4272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:26:08.0229 4272 EapHost - ok

23:26:08.0309 4272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

23:26:08.0369 4272 ebdrv - ok

23:26:08.0394 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe

23:26:08.0394 4272 EFS - ok

23:26:08.0417 4272 [ CC1B838D1A837C2957FA84658D57F809 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys

23:26:08.0419 4272 ehdrv - ok

23:26:08.0467 4272 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:26:08.0484 4272 ehRecvr - ok

23:26:08.0502 4272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:26:08.0504 4272 ehSched - ok

23:26:08.0579 4272 [ DE4BCFDD049DAFFAADCD66943D492B3F ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

23:26:08.0579 4272 EhttpSrv - ok

23:26:08.0614 4272 [ 8791F03854611DEAC8D2967C1C958A7E ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

23:26:08.0619 4272 ekrn - ok

23:26:08.0649 4272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:26:08.0664 4272 elxstor - ok

23:26:08.0684 4272 [ 031B3AE524D9FF2735DE08E59353AEF9 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys

23:26:08.0687 4272 epfwwfpr - ok

23:26:08.0702 4272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

23:26:08.0704 4272 ErrDev - ok

23:26:08.0749 4272 [ 932C05033053ADA2404FD836C9AB2C70 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys

23:26:08.0752 4272 EuMusDesignVirtualAudioCableWdm - ok

23:26:08.0777 4272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:26:08.0782 4272 EventSystem - ok

23:26:08.0802 4272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:26:08.0804 4272 exfat - ok

23:26:08.0832 4272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:26:08.0834 4272 fastfat - ok

23:26:08.0862 4272 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

23:26:08.0879 4272 Fax - ok

23:26:08.0892 4272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:26:08.0894 4272 fdc - ok

23:26:08.0909 4272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:26:08.0912 4272 fdPHost - ok

23:26:08.0924 4272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:26:08.0924 4272 FDResPub - ok

23:26:08.0937 4272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:26:08.0939 4272 FileInfo - ok

23:26:08.0949 4272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:26:08.0952 4272 Filetrace - ok

23:26:08.0994 4272 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:26:08.0999 4272 FLEXnet Licensing Service - ok

23:26:09.0022 4272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:26:09.0022 4272 flpydisk - ok

23:26:09.0047 4272 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:26:09.0049 4272 FltMgr - ok

23:26:09.0084 4272 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll

23:26:09.0109 4272 FontCache - ok

23:26:09.0149 4272 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:26:09.0149 4272 FontCache3.0.0.0 - ok

23:26:09.0157 4272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:26:09.0157 4272 FsDepends - ok

23:26:09.0177 4272 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:26:09.0177 4272 Fs_Rec - ok

23:26:09.0214 4272 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:26:09.0217 4272 fvevol - ok

23:26:09.0239 4272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:26:09.0239 4272 gagp30kx - ok

23:26:09.0267 4272 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:26:09.0269 4272 GEARAspiWDM - ok

23:26:09.0307 4272 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

23:26:09.0324 4272 gpsvc - ok

23:26:09.0382 4272 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:26:09.0384 4272 gupdate - ok

23:26:09.0397 4272 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:26:09.0399 4272 gupdatem - ok

23:26:09.0437 4272 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

23:26:09.0439 4272 gusvc - ok

23:26:09.0457 4272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:26:09.0459 4272 hcw85cir - ok

23:26:09.0487 4272 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:26:09.0492 4272 HdAudAddService - ok

23:26:09.0517 4272 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:26:09.0517 4272 HDAudBus - ok

23:26:09.0564 4272 [ 9AE4747663A6C62F6FFE0B991A0F531A ] HDD & SSD access service C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe

23:26:09.0567 4272 HDD & SSD access service - ok

23:26:09.0592 4272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:26:09.0594 4272 HidBatt - ok

23:26:09.0609 4272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:26:09.0612 4272 HidBth - ok

23:26:09.0624 4272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:26:09.0627 4272 HidIr - ok

23:26:09.0644 4272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

23:26:09.0647 4272 hidserv - ok

23:26:09.0679 4272 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:26:09.0679 4272 HidUsb - ok

23:26:09.0744 4272 [ 8D1F00F4254C3EF428B715484940427C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

23:26:09.0747 4272 HiPatchService - ok

23:26:09.0774 4272 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:26:09.0774 4272 hkmsvc - ok

23:26:09.0792 4272 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:26:09.0797 4272 HomeGroupListener - ok

23:26:09.0824 4272 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:26:09.0827 4272 HomeGroupProvider - ok

23:26:09.0859 4272 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

23:26:09.0862 4272 HpSAMD - ok

23:26:09.0967 4272 [ 575546EE9A39DD5CB3B4E34A146A8A3E ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

23:26:09.0972 4272 hshld - ok

23:26:09.0999 4272 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys

23:26:09.0999 4272 HssDrv - ok

23:26:10.0042 4272 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

23:26:10.0047 4272 HssSrv - ok

23:26:10.0062 4272 [ 4EFB7FC2A11DB10AB6205206D60C432B ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

23:26:10.0064 4272 HssTrayService - ok

23:26:10.0107 4272 HssWd - ok

23:26:10.0147 4272 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:26:10.0164 4272 HTTP - ok

23:26:10.0177 4272 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:26:10.0177 4272 hwpolicy - ok

23:26:10.0214 4272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

23:26:10.0214 4272 i8042prt - ok

23:26:10.0254 4272 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys

23:26:10.0259 4272 iaStorV - ok

23:26:10.0312 4272 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

23:26:10.0312 4272 IDriverT - ok

23:26:10.0362 4272 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:26:10.0379 4272 idsvc - ok

23:26:10.0529 4272 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

23:26:10.0657 4272 igfx - ok

23:26:10.0682 4272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:26:10.0684 4272 iirsp - ok

23:26:10.0724 4272 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

23:26:10.0742 4272 IKEEXT - ok

23:26:10.0797 4272 [ 397AF4C77E4AC1B262E4EBAC2958188C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

23:26:10.0832 4272 IntcAzAudAddService - ok

23:26:10.0847 4272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

23:26:10.0849 4272 intelide - ok

23:26:10.0887 4272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:26:10.0887 4272 intelppm - ok

23:26:10.0909 4272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:26:10.0912 4272 IPBusEnum - ok

23:26:10.0924 4272 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:26:10.0924 4272 IpFilterDriver - ok

23:26:10.0947 4272 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:26:10.0959 4272 iphlpsvc - ok

23:26:10.0974 4272 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

23:26:10.0977 4272 IPMIDRV - ok

23:26:10.0992 4272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:26:10.0994 4272 IPNAT - ok

23:26:11.0049 4272 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:26:11.0067 4272 iPod Service - ok

23:26:11.0087 4272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:26:11.0089 4272 IRENUM - ok

23:26:11.0107 4272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

23:26:11.0107 4272 isapnp - ok

23:26:11.0122 4272 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

23:26:11.0124 4272 iScsiPrt - ok

23:26:11.0144 4272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:26:11.0144 4272 kbdclass - ok

23:26:11.0164 4272 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:26:11.0164 4272 kbdhid - ok

23:26:11.0177 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe

23:26:11.0179 4272 KeyIso - ok

23:26:11.0192 4272 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:26:11.0194 4272 KSecDD - ok

23:26:11.0214 4272 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:26:11.0214 4272 KSecPkg - ok

23:26:11.0222 4272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:26:11.0222 4272 ksthunk - ok

23:26:11.0244 4272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:26:11.0249 4272 KtmRm - ok

23:26:11.0277 4272 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll

23:26:11.0279 4272 LanmanServer - ok

23:26:11.0292 4272 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:26:11.0294 4272 LanmanWorkstation - ok

23:26:11.0367 4272 [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

23:26:11.0372 4272 LBTServ - ok

23:26:11.0389 4272 [ 0A7D6ED578D85F0C35353424EE3F5245 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

23:26:11.0392 4272 LHidFilt - ok

23:26:11.0424 4272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:26:11.0427 4272 lltdio - ok

23:26:11.0457 4272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:26:11.0459 4272 lltdsvc - ok

23:26:11.0484 4272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:26:11.0484 4272 lmhosts - ok

23:26:11.0499 4272 [ 6542E2E6DB58118FBB1B82A68CE3AFF9 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

23:26:11.0499 4272 LMouFilt - ok

23:26:11.0537 4272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:26:11.0539 4272 LSI_FC - ok

23:26:11.0544 4272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:26:11.0547 4272 LSI_SAS - ok

23:26:11.0549 4272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:26:11.0552 4272 LSI_SAS2 - ok

23:26:11.0557 4272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:26:11.0557 4272 LSI_SCSI - ok

23:26:11.0569 4272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:26:11.0572 4272 luafv - ok

23:26:11.0584 4272 [ DA3494DF01C62D821911ED91CE5E1642 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys

23:26:11.0584 4272 LUsbFilt - ok

23:26:11.0604 4272 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:26:11.0607 4272 Mcx2Svc - ok

23:26:11.0619 4272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:26:11.0622 4272 megasas - ok

23:26:11.0634 4272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:26:11.0637 4272 MegaSR - ok

23:26:11.0702 4272 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

23:26:11.0702 4272 Microsoft Office Groove Audit Service - ok

23:26:11.0727 4272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:26:11.0729 4272 MMCSS - ok

23:26:11.0742 4272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:26:11.0742 4272 Modem - ok

23:26:11.0772 4272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:26:11.0774 4272 monitor - ok

23:26:11.0794 4272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:26:11.0797 4272 mouclass - ok

23:26:11.0827 4272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:26:11.0827 4272 mouhid - ok

23:26:11.0837 4272 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:26:11.0837 4272 mountmgr - ok

23:26:11.0894 4272 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:26:11.0897 4272 MozillaMaintenance - ok

23:26:11.0917 4272 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

23:26:11.0919 4272 mpio - ok

23:26:11.0939 4272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:26:11.0939 4272 mpsdrv - ok

23:26:11.0982 4272 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:26:11.0999 4272 MpsSvc - ok

23:26:12.0014 4272 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:26:12.0017 4272 MRxDAV - ok

23:26:12.0047 4272 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:26:12.0047 4272 mrxsmb - ok

23:26:12.0062 4272 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:26:12.0067 4272 mrxsmb10 - ok

23:26:12.0084 4272 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:26:12.0087 4272 mrxsmb20 - ok

23:26:12.0097 4272 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

23:26:12.0097 4272 msahci - ok

23:26:12.0109 4272 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

23:26:12.0112 4272 msdsm - ok

23:26:12.0132 4272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:26:12.0137 4272 MSDTC - ok

23:26:12.0162 4272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:26:12.0162 4272 Msfs - ok

23:26:12.0172 4272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:26:12.0172 4272 mshidkmdf - ok

23:26:12.0182 4272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

23:26:12.0182 4272 msisadrv - ok

23:26:12.0217 4272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:26:12.0222 4272 MSiSCSI - ok

23:26:12.0227 4272 msiserver - ok

23:26:12.0249 4272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:26:12.0249 4272 MSKSSRV - ok

23:26:12.0269 4272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:26:12.0269 4272 MSPCLOCK - ok

23:26:12.0284 4272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:26:12.0284 4272 MSPQM - ok

23:26:12.0304 4272 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:26:12.0309 4272 MsRPC - ok

23:26:12.0332 4272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

23:26:12.0332 4272 mssmbios - ok

23:26:12.0349 4272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:26:12.0352 4272 MSTEE - ok

23:26:12.0367 4272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:26:12.0367 4272 MTConfig - ok

23:26:12.0384 4272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:26:12.0384 4272 Mup - ok

23:26:12.0409 4272 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

23:26:12.0424 4272 napagent - ok

23:26:12.0454 4272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:26:12.0459 4272 NativeWifiP - ok

23:26:12.0492 4272 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys

23:26:12.0509 4272 NDIS - ok

23:26:12.0524 4272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:26:12.0527 4272 NdisCap - ok

23:26:12.0552 4272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:26:12.0552 4272 NdisTapi - ok

23:26:12.0574 4272 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:26:12.0574 4272 Ndisuio - ok

23:26:12.0594 4272 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:26:12.0597 4272 NdisWan - ok

23:26:12.0604 4272 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:26:12.0607 4272 NDProxy - ok

23:26:12.0624 4272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:26:12.0624 4272 NetBIOS - ok

23:26:12.0637 4272 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:26:12.0639 4272 NetBT - ok

23:26:12.0652 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe

23:26:12.0652 4272 Netlogon - ok

23:26:12.0682 4272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:26:12.0687 4272 Netman - ok

23:26:12.0717 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:26:12.0717 4272 NetMsmqActivator - ok

23:26:12.0722 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:26:12.0722 4272 NetPipeActivator - ok

23:26:12.0732 4272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:26:12.0737 4272 netprofm - ok

23:26:12.0742 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:26:12.0742 4272 NetTcpActivator - ok

23:26:12.0747 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:26:12.0747 4272 NetTcpPortSharing - ok

23:26:12.0774 4272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:26:12.0777 4272 nfrd960 - ok

23:26:12.0792 4272 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:26:12.0794 4272 NlaSvc - ok

23:26:12.0809 4272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:26:12.0809 4272 Npfs - ok

23:26:12.0819 4272 npggsvc - ok

23:26:12.0822 4272 NPPTNT2 - ok

23:26:12.0842 4272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:26:12.0842 4272 nsi - ok

23:26:12.0857 4272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:26:12.0857 4272 nsiproxy - ok

23:26:12.0894 4272 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:26:12.0919 4272 Ntfs - ok

23:26:12.0929 4272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:26:12.0932 4272 Null - ok

23:26:12.0952 4272 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys

23:26:12.0954 4272 nvraid - ok

23:26:12.0959 4272 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys

23:26:12.0972 4272 nvstor - ok

23:26:12.0987 4272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

23:26:12.0987 4272 nv_agp - ok

23:26:13.0057 4272 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:26:13.0072 4272 odserv - ok

23:26:13.0090 4272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

23:26:13.0090 4272 ohci1394 - ok

23:26:13.0162 4272 [ 6FF6EF1CC25E558CF0335928B658D11E ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe

23:26:13.0162 4272 OpenVPNAccessClient - ok

23:26:13.0205 4272 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:26:13.0207 4272 ose - ok

23:26:13.0242 4272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:26:13.0247 4272 p2pimsvc - ok

23:26:13.0270 4272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:26:13.0285 4272 p2psvc - ok

23:26:13.0312 4272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:26:13.0315 4272 Parport - ok

23:26:13.0327 4272 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:26:13.0332 4272 partmgr - ok

23:26:13.0345 4272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:26:13.0347 4272 PcaSvc - ok

23:26:13.0357 4272 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

23:26:13.0360 4272 pci - ok

23:26:13.0372 4272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

23:26:13.0375 4272 pciide - ok

23:26:13.0392 4272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:26:13.0395 4272 pcmcia - ok

23:26:13.0410 4272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:26:13.0412 4272 pcw - ok

23:26:13.0432 4272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:26:13.0447 4272 PEAUTH - ok

23:26:13.0500 4272 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

23:26:13.0527 4272 PeerDistSvc - ok

23:26:13.0590 4272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:26:13.0592 4272 PerfHost - ok

23:26:13.0650 4272 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

23:26:13.0677 4272 pla - ok

23:26:13.0702 4272 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:26:13.0710 4272 PlugPlay - ok

23:26:13.0752 4272 PnkBstrA - ok

23:26:13.0762 4272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:26:13.0765 4272 PNRPAutoReg - ok

23:26:13.0782 4272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:26:13.0787 4272 PNRPsvc - ok

23:26:13.0812 4272 [ A6D06378F37BDBA0C0019294C2AABBD0 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys

23:26:13.0812 4272 Point64 - ok

23:26:13.0845 4272 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:26:13.0860 4272 PolicyAgent - ok

23:26:13.0877 4272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:26:13.0882 4272 Power - ok

23:26:13.0910 4272 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:26:13.0912 4272 PptpMiniport - ok

23:26:13.0930 4272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:26:13.0930 4272 Processor - ok

23:26:13.0960 4272 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll

23:26:13.0962 4272 ProfSvc - ok

23:26:13.0977 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe

23:26:13.0980 4272 ProtectedStorage - ok

23:26:14.0005 4272 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:26:14.0007 4272 Psched - ok

23:26:14.0045 4272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:26:14.0072 4272 ql2300 - ok

23:26:14.0102 4272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:26:14.0122 4272 ql40xx - ok

23:26:14.0182 4272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:26:14.0197 4272 QWAVE - ok

23:26:14.0210 4272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:26:14.0212 4272 QWAVEdrv - ok

23:26:14.0227 4272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:26:14.0230 4272 RasAcd - ok

23:26:14.0265 4272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:26:14.0267 4272 RasAgileVpn - ok

23:26:14.0275 4272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:26:14.0277 4272 RasAuto - ok

23:26:14.0292 4272 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:26:14.0295 4272 Rasl2tp - ok

23:26:14.0315 4272 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

23:26:14.0330 4272 RasMan - ok

23:26:14.0347 4272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:26:14.0355 4272 RasPppoe - ok

23:26:14.0372 4272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:26:14.0375 4272 RasSstp - ok

23:26:14.0392 4272 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:26:14.0397 4272 rdbss - ok

23:26:14.0407 4272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:26:14.0410 4272 rdpbus - ok

23:26:14.0417 4272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:26:14.0417 4272 RDPCDD - ok

23:26:14.0440 4272 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

23:26:14.0442 4272 RDPDR - ok

23:26:14.0460 4272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:26:14.0460 4272 RDPENCDD - ok

23:26:14.0465 4272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:26:14.0467 4272 RDPREFMP - ok

23:26:14.0485 4272 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:26:14.0487 4272 RDPWD - ok

23:26:14.0510 4272 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:26:14.0512 4272 rdyboost - ok

23:26:14.0530 4272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:26:14.0532 4272 RemoteAccess - ok

23:26:14.0555 4272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:26:14.0560 4272 RemoteRegistry - ok

23:26:14.0597 4272 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

23:26:14.0600 4272 RFCOMM - ok

23:26:14.0637 4272 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

23:26:14.0640 4272 RimUsb - ok

23:26:14.0660 4272 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

23:26:14.0660 4272 RimVSerPort - ok

23:26:14.0685 4272 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

23:26:14.0685 4272 ROOTMODEM - ok

23:26:14.0717 4272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:26:14.0720 4272 RpcEptMapper - ok

23:26:14.0735 4272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:26:14.0737 4272 RpcLocator - ok

23:26:14.0750 4272 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

23:26:14.0755 4272 RpcSs - ok

23:26:14.0775 4272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:26:14.0775 4272 rspndr - ok

23:26:14.0802 4272 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

23:26:14.0805 4272 RTL8167 - ok

23:26:14.0827 4272 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys

23:26:14.0830 4272 s3cap - ok

23:26:14.0842 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe

23:26:14.0845 4272 SamSs - ok

23:26:14.0862 4272 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

23:26:14.0865 4272 sbp2port - ok

23:26:14.0882 4272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:26:14.0885 4272 SCardSvr - ok

23:26:14.0897 4272 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:26:14.0897 4272 scfilter - ok

23:26:14.0922 4272 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll

23:26:14.0940 4272 Schedule - ok

23:26:14.0962 4272 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:26:14.0962 4272 SCPolicySvc - ok

23:26:14.0972 4272 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:26:14.0975 4272 SDRSVC - ok

23:26:14.0992 4272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:26:14.0995 4272 secdrv - ok

23:26:15.0007 4272 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

23:26:15.0007 4272 seclogon - ok

23:26:15.0017 4272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

23:26:15.0020 4272 SENS - ok

23:26:15.0030 4272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:26:15.0032 4272 SensrSvc - ok

23:26:15.0045 4272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:26:15.0045 4272 Serenum - ok

23:26:15.0055 4272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:26:15.0057 4272 Serial - ok

23:26:15.0070 4272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:26:15.0072 4272 sermouse - ok

23:26:15.0095 4272 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

23:26:15.0097 4272 SessionEnv - ok

23:26:15.0107 4272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

23:26:15.0107 4272 sffdisk - ok

23:26:15.0125 4272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

23:26:15.0125 4272 sffp_mmc - ok

23:26:15.0135 4272 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

23:26:15.0137 4272 sffp_sd - ok

23:26:15.0150 4272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:26:15.0150 4272 sfloppy - ok

23:26:15.0185 4272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:26:15.0190 4272 SharedAccess - ok

23:26:15.0227 4272 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:26:15.0235 4272 ShellHWDetection - ok

23:26:15.0257 4272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:26:15.0257 4272 SiSRaid2 - ok

23:26:15.0275 4272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:26:15.0277 4272 SiSRaid4 - ok

23:26:15.0312 4272 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

23:26:15.0315 4272 SkypeUpdate - ok

23:26:15.0345 4272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:26:15.0347 4272 Smb - ok

23:26:15.0385 4272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:26:15.0387 4272 SNMPTRAP - ok

23:26:15.0440 4272 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys

23:26:15.0442 4272 speedfan - ok

23:26:15.0470 4272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:26:15.0470 4272 spldr - ok

23:26:15.0492 4272 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe

23:26:15.0510 4272 Spooler - ok

23:26:15.0587 4272 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

23:26:15.0657 4272 sppsvc - ok

23:26:15.0672 4272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:26:15.0675 4272 sppuinotify - ok

23:26:15.0722 4272 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys

23:26:15.0722 4272 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB

23:26:15.0722 4272 sptd ( LockedFile.Multi.Generic ) - warning

23:26:15.0722 4272 sptd - detected LockedFile.Multi.Generic (1)

23:26:15.0755 4272 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\Windows\system32\DRIVERS\srv.sys

23:26:15.0760 4272 srv - ok

23:26:15.0787 4272 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:26:15.0790 4272 srv2 - ok

23:26:15.0807 4272 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:26:15.0807 4272 srvnet - ok

23:26:15.0832 4272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:26:15.0835 4272 SSDPSRV - ok

23:26:15.0845 4272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:26:15.0850 4272 SstpSvc - ok

23:26:15.0877 4272 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

23:26:15.0882 4272 ssudmdm - ok

23:26:15.0922 4272 Steam Client Service - ok

23:26:15.0950 4272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:26:15.0950 4272 stexstor - ok

23:26:15.0987 4272 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

23:26:16.0000 4272 stisvc - ok

23:26:16.0027 4272 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys

23:26:16.0027 4272 storflt - ok

23:26:16.0040 4272 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys

23:26:16.0042 4272 storvsc - ok

23:26:16.0057 4272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

23:26:16.0060 4272 swenum - ok

23:26:16.0080 4272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:26:16.0087 4272 swprv - ok

23:26:16.0120 4272 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

23:26:16.0147 4272 SysMain - ok

23:26:16.0160 4272 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:26:16.0162 4272 TabletInputService - ok

23:26:16.0177 4272 [ E965FC7627862779BA31A4FCB7D0C1EF ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys

23:26:16.0180 4272 tap0901 - ok

23:26:16.0200 4272 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys

23:26:16.0200 4272 taphss - ok

23:26:16.0217 4272 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

23:26:16.0222 4272 TapiSrv - ok

23:26:16.0257 4272 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys

23:26:16.0257 4272 tapoas - ok

23:26:16.0265 4272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:26:16.0267 4272 TBS - ok

23:26:16.0320 4272 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:26:16.0355 4272 Tcpip - ok

23:26:16.0397 4272 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:26:16.0407 4272 TCPIP6 - ok

23:26:16.0420 4272 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:26:16.0420 4272 tcpipreg - ok

23:26:16.0432 4272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:26:16.0435 4272 TDPIPE - ok

23:26:16.0445 4272 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:26:16.0445 4272 TDTCP - ok

23:26:16.0467 4272 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:26:16.0467 4272 tdx - ok

23:26:16.0595 4272 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

23:26:16.0617 4272 TeamViewer7 - ok

23:26:16.0630 4272 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

23:26:16.0632 4272 TermDD - ok

23:26:16.0660 4272 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

23:26:16.0672 4272 TermService - ok

23:26:16.0685 4272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:26:16.0687 4272 Themes - ok

23:26:16.0702 4272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:26:16.0705 4272 THREADORDER - ok

23:26:16.0725 4272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:26:16.0727 4272 TrkWks - ok

23:26:16.0772 4272 [ EA43DE1743C1BA0D2D17B8DB90C91D88 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys

23:26:16.0775 4272 truecrypt - ok

23:26:16.0817 4272 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:26:16.0820 4272 TrustedInstaller - ok

23:26:16.0825 4272 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:26:16.0827 4272 tssecsrv - ok

23:26:16.0867 4272 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:26:16.0870 4272 tunnel - ok

23:26:16.0882 4272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:26:16.0885 4272 uagp35 - ok

23:26:16.0907 4272 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:26:16.0910 4272 udfs - ok

23:26:16.0942 4272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:26:16.0945 4272 UI0Detect - ok

23:26:16.0960 4272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

23:26:16.0960 4272 uliagpkx - ok

23:26:16.0982 4272 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:26:16.0985 4272 umbus - ok

23:26:16.0992 4272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:26:16.0995 4272 UmPass - ok

23:26:17.0020 4272 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll

23:26:17.0022 4272 UmRdpService - ok

23:26:17.0072 4272 [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe

23:26:17.0072 4272 UnsignedThemes - ok

23:26:17.0107 4272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:26:17.0112 4272 upnphost - ok

23:26:17.0130 4272 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:26:17.0132 4272 usbccgp - ok

23:26:17.0155 4272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

23:26:17.0155 4272 usbcir - ok

23:26:17.0167 4272 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:26:17.0167 4272 usbehci - ok

23:26:17.0197 4272 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:26:17.0202 4272 usbhub - ok

23:26:17.0220 4272 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

23:26:17.0222 4272 usbohci - ok

23:26:17.0242 4272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:26:17.0242 4272 usbprint - ok

23:26:17.0260 4272 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:26:17.0262 4272 USBSTOR - ok

23:26:17.0277 4272 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:26:17.0280 4272 usbuhci - ok

23:26:17.0290 4272 [ 297EE9C666FC8BB96A232DB0DDBA1E49 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys

23:26:17.0290 4272 uxpatch - ok

23:26:17.0305 4272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:26:17.0310 4272 UxSms - ok

23:26:17.0317 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe

23:26:17.0320 4272 VaultSvc - ok

23:26:17.0357 4272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

23:26:17.0360 4272 vdrvroot - ok

23:26:17.0377 4272 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

23:26:17.0392 4272 vds - ok

23:26:17.0410 4272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:26:17.0410 4272 vga - ok

23:26:17.0425 4272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:26:17.0425 4272 VgaSave - ok

23:26:17.0442 4272 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

23:26:17.0445 4272 vhdmp - ok

23:26:17.0455 4272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

23:26:17.0455 4272 viaide - ok

23:26:17.0477 4272 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys

23:26:17.0480 4272 vmbus - ok

23:26:17.0487 4272 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys

23:26:17.0487 4272 VMBusHID - ok

23:26:17.0497 4272 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

23:26:17.0500 4272 volmgr - ok

23:26:17.0515 4272 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:26:17.0520 4272 volmgrx - ok

23:26:17.0530 4272 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

23:26:17.0532 4272 volsnap - ok

23:26:17.0552 4272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:26:17.0555 4272 vsmraid - ok

23:26:17.0595 4272 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

23:26:17.0620 4272 VSS - ok

23:26:17.0640 4272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

23:26:17.0640 4272 vwifibus - ok

23:26:17.0657 4272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:26:17.0662 4272 W32Time - ok

23:26:17.0675 4272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:26:17.0675 4272 WacomPen - ok

23:26:17.0697 4272 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:26:17.0697 4272 WANARP - ok

23:26:17.0712 4272 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:26:17.0712 4272 Wanarpv6 - ok

23:26:17.0757 4272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:26:17.0785 4272 WatAdminSvc - ok

23:26:17.0820 4272 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

23:26:17.0857 4272 wbengine - ok

23:26:17.0887 4272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:26:17.0892 4272 WbioSrvc - ok

23:26:17.0912 4272 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:26:17.0927 4272 wcncsvc - ok

23:26:17.0945 4272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:26:17.0947 4272 WcsPlugInService - ok

23:26:17.0970 4272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:26:17.0972 4272 Wd - ok

23:26:17.0997 4272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:26:18.0012 4272 Wdf01000 - ok

23:26:18.0022 4272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:26:18.0027 4272 WdiServiceHost - ok

23:26:18.0032 4272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:26:18.0037 4272 WdiSystemHost - ok

23:26:18.0057 4272 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll

23:26:18.0072 4272 WebClient - ok

23:26:18.0092 4272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:26:18.0097 4272 Wecsvc - ok

23:26:18.0112 4272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:26:18.0117 4272 wercplsupport - ok

23:26:18.0140 4272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:26:18.0142 4272 WerSvc - ok

23:26:18.0172 4272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:26:18.0172 4272 WfpLwf - ok

23:26:18.0185 4272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:26:18.0187 4272 WIMMount - ok

23:26:18.0197 4272 WinDefend - ok

23:26:18.0207 4272 WinHttpAutoProxySvc - ok

23:26:18.0250 4272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:26:18.0255 4272 Winmgmt - ok

23:26:18.0315 4272 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

23:26:18.0355 4272 WinRM - ok

23:26:18.0400 4272 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:26:18.0402 4272 WinUsb - ok

23:26:18.0437 4272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:26:18.0465 4272 Wlansvc - ok

23:26:18.0575 4272 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:26:18.0617 4272 wlidsvc - ok

23:26:18.0642 4272 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys

23:26:18.0642 4272 WmBEnum - ok

23:26:18.0667 4272 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys

23:26:18.0670 4272 WmFilter - ok

23:26:18.0682 4272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

23:26:18.0685 4272 WmiAcpi - ok

23:26:18.0710 4272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:26:18.0710 4272 wmiApSrv - ok

23:26:18.0742 4272 WMPNetworkSvc - ok

23:26:18.0752 4272 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys

23:26:18.0755 4272 WmVirHid - ok

23:26:18.0775 4272 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys

23:26:18.0777 4272 WmXlCore - ok

23:26:18.0792 4272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:26:18.0795 4272 WPCSvc - ok

23:26:18.0807 4272 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:26:18.0812 4272 WPDBusEnum - ok

23:26:18.0837 4272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:26:18.0837 4272 ws2ifsl - ok

23:26:18.0845 4272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

23:26:18.0850 4272 wscsvc - ok

23:26:18.0855 4272 WSearch - ok

23:26:18.0902 4272 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll

23:26:18.0950 4272 wuauserv - ok

23:26:18.0970 4272 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:26:18.0972 4272 WudfPf - ok

23:26:18.0982 4272 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:26:18.0985 4272 WUDFRd - ok

23:26:19.0000 4272 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:26:19.0002 4272 wudfsvc - ok

23:26:19.0015 4272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

23:26:19.0020 4272 WwanSvc - ok

23:26:19.0048 4272 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

23:26:19.0051 4272 xusb21 - ok

23:26:19.0086 4272 ================ Scan global ===============================

23:26:19.0103 4272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:26:19.0121 4272 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll

23:26:19.0136 4272 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll

23:26:19.0153 4272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:26:19.0181 4272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:26:19.0186 4272 [Global] - ok

23:26:19.0186 4272 ================ Scan MBR ==================================

23:26:19.0196 4272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:26:19.0568 4272 \Device\Harddisk0\DR0 - ok

23:26:19.0568 4272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

23:26:19.0611 4272 \Device\Harddisk1\DR1 - ok

23:26:19.0611 4272 ================ Scan VBR ==================================

23:26:19.0613 4272 [ 39C3CDCCB5DDA2A7D6D9EEC52BE683B8 ] \Device\Harddisk0\DR0\Partition1

23:26:19.0613 4272 \Device\Harddisk0\DR0\Partition1 - ok

23:26:19.0623 4272 [ 6428E826863F055B1A4E94ED31924093 ] \Device\Harddisk0\DR0\Partition2

23:26:19.0623 4272 \Device\Harddisk0\DR0\Partition2 - ok

23:26:19.0626 4272 [ 579CD46870C2F6CFA9962861E70FC392 ] \Device\Harddisk1\DR1\Partition1

23:26:19.0628 4272 \Device\Harddisk1\DR1\Partition1 - ok

23:26:19.0628 4272 ============================================================

23:26:19.0628 4272 Scan finished

23:26:19.0628 4272 ============================================================

23:26:19.0638 4576 Detected object count: 1

23:26:19.0638 4576 Actual detected object count: 1

23:27:00.0430 4576 sptd ( LockedFile.Multi.Generic ) - skipped by user

23:27:00.0430 4576 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

23:27:59.0138 3140 Deinitialize success

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : FiaN [Admin rights]

Mode : Scan -- Date : 12/23/2012 23:31:40

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{604AFE75-2B17-4487-AB5C-5F39A71B604B} : NameServer (10.85.40.1) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{604AFE75-2B17-4487-AB5C-5F39A71B604B} : NameServer (10.85.40.1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] b60c6e9e601d4aee33120901e7f70b7c

[bSP] a0ce0ba8bcb6d3c7b35b83ac27ccafc1 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2048 | Size: 7993 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16371712 | Size: 297249 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 112632015c992eb27c16a9f774d63654

[bSP] 685ff115e1d8dcbf88b8deae8829da9f : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12232012_02d2331.txt >>

RKreport[1]_S_12232012_02d2331.txt

Link to post
Share on other sites

Turn OFF your Antivirus program so that it does not interfere. Do NOT turn off the firewall.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
    On Windows 7, press Windows-key, then start typing in text box
    Malwarebytes

    then select/click Malwarebytes Anti-Malware Chameleon

  2. Once the Help file opens, click on a Chameleon button (starting with #1)
  3. If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  4. You should see a black Command-prompt-window that remains open and says MBAM-chameleon at the top
  5. Press any key to continue as it says in the window {space-bar will do}
  6. If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  7. Have infinite patience during this process
  8. Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  9. Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  10. Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  11. After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  12. A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  13. Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  14. If prompted to restart your computer to complete the removal process, click Yes :excl:
  15. If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  16. After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

When all done, turn back ON your Antivirus program.

Edited by Maurice Naggar
Link to post
Share on other sites

Here is the new rkill.log anyway

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/24/2012 12:28:53 AM in x64 mode.

Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/24/2012 12:29:01 AM

Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

Link to post
Share on other sites

I advise you to follow these procedures to completely remove any prior MBAM version, and get, and setup the latest MBAM.

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Re-enable the anti-virus application that you turned off before.

Link to post
Share on other sites

Run MBAM-clean 1 more time. Let's cleanout any residue of MBAM.

Let me suggest, if you're an MBAM customer, you contact the consumer help desk here.

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

If you wish to continue with me........

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.