Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

BC.Miner virus assistance, please.

Started by charade539, Jun 26 2012 07:21 PM

BC.Miner virus

This topic is locked
Go to first unread post

31 replies to this topic

#21
gringo_pr

Posted 03 July 2012 - 08:18 PM

Forum Deity

Experts
6,621 posts

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#22
gringo_pr

Posted 05 July 2012 - 11:09 PM

Forum Deity

Experts
6,621 posts

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

<-- Don't worry every little bit helps.

#23
charade539

Posted 06 July 2012 - 01:43 PM

New Member

Members
17 posts

Sorry for the delay, things got a little crazy over here. I'll do the next part of your instructions now.

#24
charade539

Posted 06 July 2012 - 01:46 PM

New Member

Members
17 posts

13:44:02.0609 3432 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
13:44:03.0115 3432 ============================================================
13:44:03.0115 3432 Current date / time: 2012/07/06 13:44:03.0115
13:44:03.0115 3432 SystemInfo:
13:44:03.0115 3432
13:44:03.0115 3432 OS Version: 6.1.7600 ServicePack: 0.0
13:44:03.0115 3432 Product type: Workstation
13:44:03.0115 3432 ComputerName: WHEELJACK
13:44:03.0115 3432 UserName: Kyle
13:44:03.0115 3432 Windows directory: C:\Windows
13:44:03.0115 3432 System windows directory: C:\Windows
13:44:03.0115 3432 Running under WOW64
13:44:03.0115 3432 Processor architecture: Intel x64
13:44:03.0115 3432 Number of processors: 4
13:44:03.0115 3432 Page size: 0x1000
13:44:03.0115 3432 Boot type: Normal boot
13:44:03.0115 3432 ============================================================
13:44:04.0325 3432 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:44:04.0331 3432 ============================================================
13:44:04.0331 3432 \Device\Harddisk0\DR0:
13:44:04.0331 3432 MBR partitions:
13:44:04.0331 3432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:44:04.0331 3432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
13:44:04.0331 3432 ============================================================
13:44:04.0350 3432 C: <-> \Device\Harddisk0\DR0\Partition1
13:44:04.0350 3432 ============================================================
13:44:04.0350 3432 Initialize success
13:44:04.0350 3432 ============================================================
13:44:07.0470 3548 ============================================================
13:44:07.0470 3548 Scan started
13:44:07.0470 3548 Mode: Manual;
13:44:07.0470 3548 ============================================================
13:44:08.0359 3548 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:44:08.0362 3548 1394ohci - ok
13:44:08.0397 3548 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:44:08.0400 3548 ACPI - ok
13:44:08.0434 3548 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:44:08.0435 3548 AcpiPmi - ok
13:44:08.0508 3548 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:44:08.0509 3548 AdobeARMservice - ok
13:44:08.0599 3548 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:08.0602 3548 AdobeFlashPlayerUpdateSvc - ok
13:44:08.0627 3548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:44:08.0633 3548 adp94xx - ok
13:44:08.0655 3548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:44:08.0659 3548 adpahci - ok
13:44:08.0668 3548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:44:08.0670 3548 adpu320 - ok
13:44:08.0747 3548 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
13:44:08.0757 3548 AdvancedSystemCareService5 - ok
13:44:08.0786 3548 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:44:08.0788 3548 AeLookupSvc - ok
13:44:08.0809 3548 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
13:44:08.0815 3548 AFD - ok
13:44:08.0830 3548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:44:08.0831 3548 agp440 - ok
13:44:08.0845 3548 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:44:08.0847 3548 ALG - ok
13:44:08.0851 3548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:44:08.0851 3548 aliide - ok
13:44:08.0856 3548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:44:08.0857 3548 amdide - ok
13:44:08.0863 3548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:44:08.0865 3548 AmdK8 - ok
13:44:08.0870 3548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:44:08.0871 3548 AmdPPM - ok
13:44:08.0879 3548 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:44:08.0880 3548 amdsata - ok
13:44:08.0891 3548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:44:08.0893 3548 amdsbs - ok
13:44:08.0906 3548 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:44:08.0907 3548 amdxata - ok
13:44:08.0921 3548 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:44:08.0922 3548 AppID - ok
13:44:08.0931 3548 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:44:08.0932 3548 AppIDSvc - ok
13:44:08.0960 3548 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:44:08.0961 3548 Appinfo - ok
13:44:08.0999 3548 Application Updater (54951548980ecd07b80ead3c7921f8a1) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
13:44:09.0007 3548 Application Updater - ok
13:44:09.0055 3548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:44:09.0056 3548 arc - ok
13:44:09.0082 3548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:44:09.0084 3548 arcsas - ok
13:44:09.0157 3548 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:44:09.0158 3548 aspnet_state - ok
13:44:09.0182 3548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:44:09.0183 3548 AsyncMac - ok
13:44:09.0200 3548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:44:09.0200 3548 atapi - ok
13:44:09.0229 3548 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:44:09.0236 3548 AudioEndpointBuilder - ok
13:44:09.0244 3548 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:44:09.0248 3548 AudioSrv - ok
13:44:09.0263 3548 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:44:09.0265 3548 AxInstSV - ok
13:44:09.0283 3548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:44:09.0287 3548 b06bdrv - ok
13:44:09.0300 3548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:44:09.0303 3548 b57nd60a - ok
13:44:09.0324 3548 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:44:09.0325 3548 BDESVC - ok
13:44:09.0329 3548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:44:09.0329 3548 Beep - ok
13:44:09.0378 3548 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:44:09.0386 3548 BFE - ok
13:44:09.0428 3548 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
13:44:09.0476 3548 BITS - ok
13:44:09.0505 3548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:44:09.0506 3548 blbdrive - ok
13:44:09.0551 3548 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:44:09.0555 3548 Bonjour Service - ok
13:44:09.0563 3548 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:44:09.0564 3548 bowser - ok
13:44:09.0568 3548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:44:09.0569 3548 BrFiltLo - ok
13:44:09.0575 3548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:44:09.0576 3548 BrFiltUp - ok
13:44:09.0584 3548 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:44:09.0586 3548 BridgeMP - ok
13:44:09.0602 3548 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:44:09.0604 3548 Browser - ok
13:44:09.0620 3548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:44:09.0624 3548 Brserid - ok
13:44:09.0632 3548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:44:09.0633 3548 BrSerWdm - ok
13:44:09.0644 3548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:44:09.0645 3548 BrUsbMdm - ok
13:44:09.0649 3548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:44:09.0650 3548 BrUsbSer - ok
13:44:09.0655 3548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:44:09.0657 3548 BTHMODEM - ok
13:44:09.0666 3548 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:44:09.0667 3548 bthserv - ok
13:44:09.0689 3548 catchme - ok
13:44:09.0697 3548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:44:09.0698 3548 cdfs - ok
13:44:09.0723 3548 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:44:09.0725 3548 cdrom - ok
13:44:09.0734 3548 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:44:09.0735 3548 CertPropSvc - ok
13:44:09.0751 3548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:44:09.0752 3548 circlass - ok
13:44:09.0770 3548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:44:09.0774 3548 CLFS - ok
13:44:09.0829 3548 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:44:09.0831 3548 clr_optimization_v2.0.50727_32 - ok
13:44:09.0873 3548 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:44:09.0874 3548 clr_optimization_v2.0.50727_64 - ok
13:44:09.0927 3548 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:44:09.0929 3548 clr_optimization_v4.0.30319_32 - ok
13:44:09.0962 3548 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:44:09.0964 3548 clr_optimization_v4.0.30319_64 - ok
13:44:09.0968 3548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:44:09.0969 3548 CmBatt - ok
13:44:09.0975 3548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:44:09.0976 3548 cmdide - ok
13:44:10.0000 3548 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:44:10.0005 3548 CNG - ok
13:44:10.0016 3548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:44:10.0017 3548 Compbatt - ok
13:44:10.0033 3548 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:44:10.0034 3548 CompositeBus - ok
13:44:10.0052 3548 COMSysApp - ok
13:44:10.0058 3548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:44:10.0059 3548 crcdisk - ok
13:44:10.0092 3548 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:44:10.0094 3548 CryptSvc - ok
13:44:10.0155 3548 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:44:10.0162 3548 DcomLaunch - ok
13:44:10.0181 3548 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:44:10.0185 3548 defragsvc - ok
13:44:10.0221 3548 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
13:44:10.0222 3548 DfsC - ok
13:44:10.0245 3548 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:44:10.0248 3548 Dhcp - ok
13:44:10.0263 3548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:44:10.0264 3548 discache - ok
13:44:10.0280 3548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:44:10.0281 3548 Disk - ok
13:44:10.0313 3548 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
13:44:10.0322 3548 Dnscache - ok
13:44:10.0372 3548 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:44:10.0376 3548 dot3svc - ok
13:44:10.0407 3548 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:44:10.0408 3548 DPS - ok
13:44:10.0443 3548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:44:10.0444 3548 drmkaud - ok
13:44:10.0492 3548 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:44:10.0495 3548 dtsoftbus01 - ok
13:44:10.0552 3548 dump_wmimmc - ok
13:44:10.0599 3548 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:44:10.0610 3548 DXGKrnl - ok
13:44:10.0631 3548 EagleX64 - ok
13:44:10.0669 3548 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:44:10.0670 3548 EapHost - ok
13:44:10.0828 3548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:44:10.0881 3548 ebdrv - ok
13:44:10.0960 3548 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
13:44:10.0961 3548 EFS - ok
13:44:11.0004 3548 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:44:11.0012 3548 ehRecvr - ok
13:44:11.0023 3548 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:44:11.0025 3548 ehSched - ok
13:44:11.0099 3548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:44:11.0105 3548 elxstor - ok
13:44:11.0113 3548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:44:11.0114 3548 ErrDev - ok
13:44:11.0207 3548 esgiguard - ok
13:44:11.0245 3548 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:44:11.0249 3548 EventSystem - ok
13:44:11.0287 3548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:44:11.0289 3548 exfat - ok
13:44:11.0307 3548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:44:11.0309 3548 fastfat - ok
13:44:11.0341 3548 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:44:11.0348 3548 Fax - ok
13:44:11.0363 3548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:44:11.0364 3548 fdc - ok
13:44:11.0380 3548 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:44:11.0381 3548 fdPHost - ok
13:44:11.0394 3548 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:44:11.0395 3548 FDResPub - ok
13:44:11.0405 3548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:44:11.0406 3548 FileInfo - ok
13:44:11.0529 3548 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
13:44:11.0530 3548 FileMonitor - ok
13:44:11.0550 3548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:44:11.0551 3548 Filetrace - ok
13:44:11.0559 3548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:44:11.0560 3548 flpydisk - ok
13:44:11.0576 3548 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:44:11.0580 3548 FltMgr - ok
13:44:11.0624 3548 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
13:44:11.0645 3548 FontCache - ok
13:44:11.0699 3548 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:44:11.0700 3548 FontCache3.0.0.0 - ok
13:44:11.0745 3548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:44:11.0746 3548 FsDepends - ok
13:44:11.0755 3548 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:44:11.0756 3548 Fs_Rec - ok
13:44:11.0792 3548 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:44:11.0795 3548 fvevol - ok
13:44:11.0825 3548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:44:11.0826 3548 gagp30kx - ok
13:44:11.0857 3548 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:44:11.0865 3548 gpsvc - ok
13:44:11.0898 3548 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys
13:44:11.0902 3548 Hardlock - ok
13:44:11.0926 3548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:44:11.0927 3548 hcw85cir - ok
13:44:11.0964 3548 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:44:11.0967 3548 HdAudAddService - ok
13:44:11.0982 3548 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:44:11.0984 3548 HDAudBus - ok
13:44:12.0000 3548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:44:12.0002 3548 HidBatt - ok
13:44:12.0030 3548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:44:12.0032 3548 HidBth - ok
13:44:12.0056 3548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:44:12.0058 3548 HidIr - ok
13:44:12.0069 3548 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:44:12.0070 3548 hidserv - ok
13:44:12.0084 3548 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:44:12.0085 3548 HidUsb - ok
13:44:12.0102 3548 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:44:12.0104 3548 hkmsvc - ok
13:44:12.0137 3548 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:44:12.0141 3548 HomeGroupListener - ok
13:44:12.0183 3548 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:44:12.0186 3548 HomeGroupProvider - ok
13:44:12.0204 3548 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:44:12.0206 3548 HpSAMD - ok
13:44:12.0258 3548 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:44:12.0266 3548 HTTP - ok
13:44:12.0298 3548 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:44:12.0299 3548 hwpolicy - ok
13:44:12.0318 3548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:44:12.0320 3548 i8042prt - ok
13:44:12.0347 3548 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:44:12.0352 3548 iaStorV - ok
13:44:12.0431 3548 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:44:12.0441 3548 idsvc - ok
13:44:12.0453 3548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:44:12.0455 3548 iirsp - ok
13:44:12.0489 3548 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:44:12.0498 3548 IKEEXT - ok
13:44:12.0632 3548 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
13:44:12.0641 3548 IMFservice - ok
13:44:12.0723 3548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:44:12.0724 3548 intelide - ok
13:44:12.0731 3548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:44:12.0732 3548 intelppm - ok
13:44:12.0744 3548 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:44:12.0746 3548 IPBusEnum - ok
13:44:12.0753 3548 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:44:12.0754 3548 IpFilterDriver - ok
13:44:12.0795 3548 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:44:12.0801 3548 iphlpsvc - ok
13:44:12.0819 3548 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:44:12.0820 3548 IPMIDRV - ok
13:44:12.0826 3548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:44:12.0828 3548 IPNAT - ok
13:44:12.0844 3548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:44:12.0845 3548 IRENUM - ok
13:44:12.0867 3548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:44:12.0868 3548 isapnp - ok
13:44:12.0885 3548 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:44:12.0888 3548 iScsiPrt - ok
13:44:12.0901 3548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:44:12.0902 3548 kbdclass - ok
13:44:12.0914 3548 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:44:12.0915 3548 kbdhid - ok
13:44:12.0923 3548 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:44:12.0924 3548 KeyIso - ok
13:44:12.0935 3548 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:44:12.0937 3548 KSecDD - ok
13:44:12.0948 3548 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
13:44:12.0951 3548 KSecPkg - ok
13:44:12.0961 3548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:44:12.0962 3548 ksthunk - ok
13:44:12.0991 3548 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:44:12.0996 3548 KtmRm - ok
13:44:13.0021 3548 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:44:13.0025 3548 LanmanServer - ok
13:44:13.0034 3548 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:44:13.0037 3548 LanmanWorkstation - ok
13:44:13.0045 3548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:44:13.0046 3548 lltdio - ok
13:44:13.0067 3548 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:44:13.0071 3548 lltdsvc - ok
13:44:13.0087 3548 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:44:13.0087 3548 lmhosts - ok
13:44:13.0158 3548 LMIGuardianSvc (e01fded75312652de448e5aa792afa59) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
13:44:13.0163 3548 LMIGuardianSvc - ok
13:44:13.0193 3548 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
13:44:13.0194 3548 LMIInfo - ok
13:44:13.0211 3548 LMIMaint (be53cf6e8ffef255988209a35f184f9f) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
13:44:13.0214 3548 LMIMaint - ok
13:44:13.0237 3548 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
13:44:13.0238 3548 lmimirr - ok
13:44:13.0241 3548 LMIRfsClientNP - ok
13:44:13.0271 3548 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
13:44:13.0273 3548 LMIRfsDriver - ok
13:44:13.0315 3548 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
13:44:13.0320 3548 LogMeIn - ok
13:44:13.0334 3548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:44:13.0336 3548 LSI_FC - ok
13:44:13.0342 3548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:44:13.0344 3548 LSI_SAS - ok
13:44:13.0348 3548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:44:13.0349 3548 LSI_SAS2 - ok
13:44:13.0375 3548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:44:13.0377 3548 LSI_SCSI - ok
13:44:13.0399 3548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:44:13.0401 3548 luafv - ok
13:44:13.0431 3548 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:44:13.0432 3548 MBAMProtector - ok
13:44:13.0482 3548 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:44:13.0489 3548 MBAMService - ok
13:44:13.0504 3548 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:44:13.0506 3548 Mcx2Svc - ok
13:44:13.0511 3548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:44:13.0512 3548 megasas - ok
13:44:13.0538 3548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:44:13.0541 3548 MegaSR - ok
13:44:13.0585 3548 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:44:13.0588 3548 Microsoft Office Groove Audit Service - ok
13:44:13.0607 3548 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:44:13.0609 3548 MMCSS - ok
13:44:13.0622 3548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:44:13.0623 3548 Modem - ok
13:44:13.0637 3548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:44:13.0638 3548 monitor - ok
13:44:13.0653 3548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:44:13.0655 3548 mouclass - ok
13:44:13.0664 3548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:44:13.0666 3548 mouhid - ok
13:44:13.0679 3548 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:44:13.0681 3548 mountmgr - ok
13:44:13.0738 3548 MozillaMaintenance (af9b1aa7cf8e486ff703944e56459ba3) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:44:13.0740 3548 MozillaMaintenance - ok
13:44:13.0750 3548 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:44:13.0752 3548 mpio - ok
13:44:13.0768 3548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:44:13.0769 3548 mpsdrv - ok
13:44:13.0845 3548 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:44:13.0855 3548 MpsSvc - ok
13:44:13.0872 3548 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:44:13.0874 3548 MRxDAV - ok
13:44:13.0883 3548 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:44:13.0885 3548 mrxsmb - ok
13:44:13.0901 3548 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:44:13.0904 3548 mrxsmb10 - ok
13:44:13.0915 3548 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:44:13.0916 3548 mrxsmb20 - ok
13:44:13.0927 3548 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:44:13.0929 3548 msahci - ok
13:44:13.0939 3548 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:44:13.0941 3548 msdsm - ok
13:44:13.0956 3548 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:44:13.0959 3548 MSDTC - ok
13:44:13.0974 3548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:44:13.0975 3548 Msfs - ok
13:44:13.0985 3548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:44:13.0986 3548 mshidkmdf - ok
13:44:13.0994 3548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:44:13.0995 3548 msisadrv - ok
13:44:14.0012 3548 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:44:14.0014 3548 MSiSCSI - ok
13:44:14.0017 3548 msiserver - ok
13:44:14.0028 3548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:44:14.0029 3548 MSKSSRV - ok
13:44:14.0042 3548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:44:14.0042 3548 MSPCLOCK - ok
13:44:14.0057 3548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:44:14.0058 3548 MSPQM - ok
13:44:14.0079 3548 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:44:14.0084 3548 MsRPC - ok
13:44:14.0098 3548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:44:14.0100 3548 mssmbios - ok
13:44:14.0108 3548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:44:14.0109 3548 MSTEE - ok
13:44:14.0122 3548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:44:14.0123 3548 MTConfig - ok
13:44:14.0140 3548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:44:14.0141 3548 Mup - ok
13:44:14.0167 3548 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:44:14.0173 3548 napagent - ok
13:44:14.0215 3548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:44:14.0219 3548 NativeWifiP - ok
13:44:14.0270 3548 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:44:14.0280 3548 NDIS - ok
13:44:14.0294 3548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:44:14.0295 3548 NdisCap - ok
13:44:14.0336 3548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:44:14.0337 3548 NdisTapi - ok
13:44:14.0367 3548 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:44:14.0367 3548 Ndisuio - ok
13:44:14.0401 3548 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:44:14.0403 3548 NdisWan - ok
13:44:14.0439 3548 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:44:14.0441 3548 NDProxy - ok
13:44:14.0449 3548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:44:14.0450 3548 NetBIOS - ok
13:44:14.0463 3548 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:44:14.0466 3548 NetBT - ok
13:44:14.0479 3548 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:44:14.0481 3548 Netlogon - ok
13:44:14.0496 3548 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:44:14.0501 3548 Netman - ok
13:44:14.0585 3548 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:44:14.0588 3548 NetMsmqActivator - ok
13:44:14.0591 3548 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:44:14.0593 3548 NetPipeActivator - ok
13:44:14.0615 3548 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:44:14.0621 3548 netprofm - ok
13:44:14.0698 3548 netr28x (d9a089e17112f04f452d22254b959d87) C:\Windows\system32\DRIVERS\netr28x.sys
13:44:14.0706 3548 netr28x - ok
13:44:14.0720 3548 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:44:14.0721 3548 NetTcpActivator - ok
13:44:14.0724 3548 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:44:14.0725 3548 NetTcpPortSharing - ok
13:44:14.0750 3548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:44:14.0751 3548 nfrd960 - ok
13:44:14.0774 3548 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:44:14.0778 3548 NlaSvc - ok
13:44:14.0788 3548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:44:14.0789 3548 Npfs - ok
13:44:14.0792 3548 npggsvc - ok
13:44:14.0798 3548 NPPTNT2 - ok
13:44:14.0822 3548 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:44:14.0823 3548 nsi - ok
13:44:14.0831 3548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:44:14.0832 3548 nsiproxy - ok
13:44:14.0880 3548 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
13:44:14.0906 3548 Ntfs - ok
13:44:14.0984 3548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:44:14.0985 3548 Null - ok
13:44:15.0326 3548 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:44:15.0529 3548 nvlddmkm - ok
13:44:15.0570 3548 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:44:15.0572 3548 nvraid - ok
13:44:15.0589 3548 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:44:15.0591 3548 nvstor - ok
13:44:15.0628 3548 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
13:44:15.0637 3548 nvsvc - ok
13:44:15.0715 3548 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:44:15.0745 3548 nvUpdatusService - ok
13:44:15.0787 3548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:44:15.0789 3548 nv_agp - ok
13:44:15.0865 3548 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:44:15.0871 3548 odserv - ok
13:44:15.0902 3548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:44:15.0903 3548 ohci1394 - ok
13:44:15.0929 3548 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:44:15.0931 3548 ose - ok
13:44:15.0972 3548 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:44:15.0977 3548 p2pimsvc - ok
13:44:16.0017 3548 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:44:16.0023 3548 p2psvc - ok
13:44:16.0034 3548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:44:16.0036 3548 Parport - ok
13:44:16.0045 3548 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:44:16.0047 3548 partmgr - ok
13:44:16.0121 3548 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
13:44:16.0122 3548 pbfilter - ok
13:44:16.0133 3548 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:44:16.0136 3548 PcaSvc - ok
13:44:16.0152 3548 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:44:16.0154 3548 pci - ok
13:44:16.0170 3548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:44:16.0171 3548 pciide - ok
13:44:16.0196 3548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:44:16.0199 3548 pcmcia - ok
13:44:16.0237 3548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:44:16.0238 3548 pcw - ok
13:44:16.0285 3548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:44:16.0292 3548 PEAUTH - ok
13:44:16.0351 3548 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:44:16.0352 3548 PerfHost - ok
13:44:16.0420 3548 pfc - ok
13:44:16.0464 3548 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:44:16.0493 3548 pla - ok
13:44:16.0534 3548 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
13:44:16.0540 3548 PlugPlay - ok
13:44:16.0563 3548 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:44:16.0565 3548 PNRPAutoReg - ok
13:44:16.0603 3548 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:44:16.0606 3548 PNRPsvc - ok
13:44:16.0658 3548 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:44:16.0664 3548 PolicyAgent - ok
13:44:16.0686 3548 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:44:16.0690 3548 Power - ok
13:44:16.0701 3548 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:44:16.0702 3548 PptpMiniport - ok
13:44:16.0719 3548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:44:16.0720 3548 Processor - ok
13:44:16.0756 3548 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:44:16.0759 3548 ProfSvc - ok
13:44:16.0798 3548 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:44:16.0800 3548 ProtectedStorage - ok
13:44:16.0813 3548 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:44:16.0815 3548 Psched - ok
13:44:16.0862 3548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:44:16.0890 3548 ql2300 - ok
13:44:16.0961 3548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:44:16.0963 3548 ql40xx - ok
13:44:16.0990 3548 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:44:16.0994 3548 QWAVE - ok
13:44:17.0003 3548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:44:17.0004 3548 QWAVEdrv - ok
13:44:17.0084 3548 RalinkRegistryWriter (2ee6d9cab03900646d1d3d9077167bd6) C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
13:44:17.0086 3548 RalinkRegistryWriter - ok
13:44:17.0123 3548 RalinkRegistryWriter64 (46358c32af09a57a171bc422649be53b) C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
13:44:17.0125 3548 RalinkRegistryWriter64 - ok
13:44:17.0139 3548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:44:17.0140 3548 RasAcd - ok
13:44:17.0155 3548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:44:17.0156 3548 RasAgileVpn - ok
13:44:17.0173 3548 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:44:17.0175 3548 RasAuto - ok
13:44:17.0192 3548 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:44:17.0194 3548 Rasl2tp - ok
13:44:17.0212 3548 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:44:17.0217 3548 RasMan - ok
13:44:17.0229 3548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:44:17.0230 3548 RasPppoe - ok
13:44:17.0255 3548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:44:17.0257 3548 RasSstp - ok
13:44:17.0297 3548 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:44:17.0301 3548 rdbss - ok
13:44:17.0335 3548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:44:17.0336 3548 rdpbus - ok
13:44:17.0347 3548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:44:17.0347 3548 RDPCDD - ok
13:44:17.0363 3548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:44:17.0364 3548 RDPENCDD - ok
13:44:17.0380 3548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:44:17.0381 3548 RDPREFMP - ok
13:44:17.0393 3548 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:44:17.0396 3548 RDPWD - ok
13:44:17.0413 3548 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:44:17.0416 3548 rdyboost - ok
13:44:17.0524 3548 RegFilter (c3b79061634fbc3ba3379f557ad952c7) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
13:44:17.0525 3548 RegFilter - ok
13:44:17.0569 3548 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:44:17.0571 3548 RemoteAccess - ok
13:44:17.0592 3548 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:44:17.0595 3548 RemoteRegistry - ok
13:44:17.0623 3548 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:44:17.0625 3548 RpcEptMapper - ok
13:44:17.0629 3548 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:44:17.0630 3548 RpcLocator - ok
13:44:17.0673 3548 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
13:44:17.0677 3548 RpcSs - ok
13:44:17.0687 3548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:44:17.0688 3548 rspndr - ok
13:44:17.0713 3548 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:44:17.0715 3548 RTL8167 - ok
13:44:17.0725 3548 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:44:17.0726 3548 SamSs - ok
13:44:17.0742 3548 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:44:17.0744 3548 sbp2port - ok
13:44:17.0775 3548 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
13:44:17.0776 3548 SBRE - ok
13:44:17.0801 3548 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:44:17.0805 3548 SCardSvr - ok
13:44:17.0813 3548 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:44:17.0814 3548 scfilter - ok
13:44:17.0853 3548 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:44:17.0865 3548 Schedule - ok
13:44:17.0893 3548 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:44:17.0894 3548 SCPolicySvc - ok
13:44:17.0905 3548 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:44:17.0908 3548 SDRSVC - ok
13:44:17.0930 3548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:44:17.0931 3548 secdrv - ok
13:44:17.0942 3548 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:44:17.0943 3548 seclogon - ok
13:44:17.0955 3548 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:44:17.0957 3548 SENS - ok
13:44:17.0962 3548 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:44:17.0964 3548 SensrSvc - ok
13:44:17.0994 3548 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
13:44:17.0996 3548 Sentinel64 - ok
13:44:18.0039 3548 SentinelKeysServer (1ba2c677c6146a8b3adea7b69d2eed56) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
13:44:18.0043 3548 SentinelKeysServer - ok
13:44:18.0092 3548 SentinelProtectionServer (d1a2ba8bf092ddf18f3d3db1d5ac7803) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
13:44:18.0112 3548 SentinelProtectionServer - ok
13:44:18.0128 3548 SentinelSecurityRuntime (e80b91aec007711b1eec9c83487754e2) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
13:44:18.0131 3548 SentinelSecurityRuntime - ok
13:44:18.0194 3548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:44:18.0195 3548 Serenum - ok
13:44:18.0206 3548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:44:18.0208 3548 Serial - ok
13:44:18.0222 3548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:44:18.0222 3548 sermouse - ok
13:44:18.0303 3548 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:44:18.0312 3548 SessionEnv - ok
13:44:18.0322 3548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:44:18.0323 3548 sffdisk - ok
13:44:18.0338 3548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:44:18.0339 3548 sffp_mmc - ok
13:44:18.0355 3548 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:44:18.0356 3548 sffp_sd - ok
13:44:18.0373 3548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:44:18.0374 3548 sfloppy - ok
13:44:18.0433 3548 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:44:18.0438 3548 SharedAccess - ok
13:44:18.0460 3548 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:44:18.0464 3548 ShellHWDetection - ok
13:44:18.0479 3548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:44:18.0480 3548 SiSRaid2 - ok
13:44:18.0494 3548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:44:18.0496 3548 SiSRaid4 - ok
13:44:18.0552 3548 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:44:18.0555 3548 SkypeUpdate - ok
13:44:18.0562 3548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:44:18.0563 3548 Smb - ok
13:44:18.0572 3548 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:44:18.0574 3548 SNMPTRAP - ok
13:44:18.0633 3548 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
13:44:18.0635 3548 speedfan - ok
13:44:18.0645 3548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:44:18.0646 3548 spldr - ok
13:44:18.0665 3548 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:44:18.0672 3548 Spooler - ok
13:44:18.0778 3548 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:44:18.0866 3548 sppsvc - ok
13:44:18.0959 3548 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:44:18.0961 3548 sppuinotify - ok
13:44:18.0987 3548 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
13:44:18.0992 3548 srv - ok
13:44:19.0011 3548 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
13:44:19.0015 3548 srv2 - ok
13:44:19.0034 3548 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
13:44:19.0036 3548 srvnet - ok
13:44:19.0072 3548 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:44:19.0075 3548 SSDPSRV - ok
13:44:19.0158 3548 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:44:19.0160 3548 SstpSvc - ok
13:44:19.0206 3548 Steam Client Service - ok
13:44:19.0276 3548 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:44:19.0280 3548 Stereo Service - ok
13:44:19.0296 3548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:44:19.0297 3548 stexstor - ok
13:44:19.0327 3548 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:44:19.0334 3548 stisvc - ok
13:44:19.0348 3548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:44:19.0349 3548 swenum - ok
13:44:19.0398 3548 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:44:19.0403 3548 SwitchBoard - ok
13:44:19.0435 3548 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:44:19.0441 3548 swprv - ok
13:44:19.0496 3548 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:44:19.0531 3548 SysMain - ok
13:44:19.0595 3548 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:44:19.0598 3548 TabletInputService - ok
13:44:19.0616 3548 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:44:19.0621 3548 TapiSrv - ok
13:44:19.0629 3548 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:44:19.0631 3548 TBS - ok
13:44:19.0695 3548 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
13:44:19.0731 3548 Tcpip - ok
13:44:19.0807 3548 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
13:44:19.0817 3548 TCPIP6 - ok
13:44:19.0854 3548 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:44:19.0856 3548 tcpipreg - ok
13:44:19.0872 3548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:44:19.0873 3548 TDPIPE - ok
13:44:19.0877 3548 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:44:19.0878 3548 TDTCP - ok
13:44:19.0888 3548 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:44:19.0890 3548 tdx - ok
13:44:19.0899 3548 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:44:19.0900 3548 TermDD - ok
13:44:19.0944 3548 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:44:19.0952 3548 TermService - ok
13:44:19.0978 3548 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:44:19.0980 3548 Themes - ok
13:44:20.0006 3548 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:44:20.0008 3548 THREADORDER - ok
13:44:20.0018 3548 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:44:20.0021 3548 TrkWks - ok
13:44:20.0052 3548 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:44:20.0054 3548 TrustedInstaller - ok
13:44:20.0073 3548 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:44:20.0074 3548 tssecsrv - ok
13:44:20.0088 3548 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:44:20.0090 3548 tunnel - ok
13:44:20.0096 3548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:44:20.0097 3548 uagp35 - ok
13:44:20.0111 3548 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:44:20.0115 3548 udfs - ok
13:44:20.0136 3548 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:44:20.0138 3548 UI0Detect - ok
13:44:20.0151 3548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:44:20.0152 3548 uliagpkx - ok
13:44:20.0163 3548 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:44:20.0164 3548 umbus - ok
13:44:20.0179 3548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:44:20.0180 3548 UmPass - ok
13:44:20.0205 3548 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:44:20.0211 3548 upnphost - ok
13:44:20.0369 3548 UrlFilter (401984715693b87fdf4f600fbbebd366) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
13:44:20.0369 3548 UrlFilter - ok
13:44:20.0418 3548 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:44:20.0419 3548 usbaudio - ok
13:44:20.0433 3548 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:44:20.0435 3548 usbccgp - ok
13:44:20.0471 3548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:44:20.0481 3548 usbcir - ok
13:44:20.0522 3548 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
13:44:20.0523 3548 usbehci - ok
13:44:20.0545 3548 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
13:44:20.0549 3548 usbhub - ok
13:44:20.0564 3548 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:44:20.0565 3548 usbohci - ok
13:44:20.0579 3548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:44:20.0580 3548 usbprint - ok
13:44:20.0590 3548 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:44:20.0592 3548 USBSTOR - ok
13:44:20.0607 3548 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:44:20.0608 3548 usbuhci - ok
13:44:20.0620 3548 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:44:20.0622 3548 UxSms - ok
13:44:20.0644 3548 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
13:44:20.0645 3548 VaultSvc - ok
13:44:20.0655 3548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:44:20.0656 3548 vdrvroot - ok
13:44:20.0679 3548 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:44:20.0686 3548 vds - ok
13:44:20.0701 3548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:44:20.0702 3548 vga - ok
13:44:20.0716 3548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:44:20.0717 3548 VgaSave - ok
13:44:20.0733 3548 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:44:20.0735 3548 vhdmp - ok
13:44:20.0739 3548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:44:20.0740 3548 viaide - ok
13:44:20.0757 3548 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:44:20.0758 3548 volmgr - ok
13:44:20.0778 3548 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:44:20.0783 3548 volmgrx - ok
13:44:20.0817 3548 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:44:20.0820 3548 volsnap - ok
13:44:20.0859 3548 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
13:44:20.0861 3548 vpcbus - ok
13:44:20.0894 3548 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:44:20.0896 3548 vpcnfltr - ok
13:44:20.0914 3548 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
13:44:20.0916 3548 vpcusb - ok
13:44:20.0937 3548 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
13:44:20.0942 3548 vpcvmm - ok
13:44:20.0953 3548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:44:20.0955 3548 vsmraid - ok
13:44:21.0008 3548 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:44:21.0035 3548 VSS - ok
13:44:21.0104 3548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:44:21.0105 3548 vwifibus - ok
13:44:21.0112 3548 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:44:21.0113 3548 vwififlt - ok
13:44:21.0138 3548 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:44:21.0143 3548 W32Time - ok
13:44:21.0154 3548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:44:21.0155 3548 WacomPen - ok
13:44:21.0170 3548 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:44:21.0172 3548 WANARP - ok
13:44:21.0176 3548 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:44:21.0177 3548 Wanarpv6 - ok
13:44:21.0234 3548 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:44:21.0268 3548 wbengine - ok
13:44:21.0323 3548 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:44:21.0327 3548 WbioSrvc - ok
13:44:21.0374 3548 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
13:44:21.0379 3548 wcncsvc - ok
13:44:21.0395 3548 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:44:21.0398 3548 WcsPlugInService - ok
13:44:21.0405 3548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:44:21.0406 3548 Wd - ok
13:44:21.0433 3548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:44:21.0440 3548 Wdf01000 - ok
13:44:21.0448 3548 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:44:21.0451 3548 WdiServiceHost - ok
13:44:21.0454 3548 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:44:21.0456 3548 WdiSystemHost - ok
13:44:21.0477 3548 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
13:44:21.0480 3548 WebClient - ok
13:44:21.0495 3548 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:44:21.0499 3548 Wecsvc - ok
13:44:21.0512 3548 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:44:21.0515 3548 wercplsupport - ok
13:44:21.0531 3548 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:44:21.0533 3548 WerSvc - ok
13:44:21.0545 3548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:44:21.0546 3548 WfpLwf - ok
13:44:21.0562 3548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:44:21.0563 3548 WIMMount - ok
13:44:21.0609 3548 WinDefend - ok
13:44:21.0619 3548 WinHttpAutoProxySvc - ok
13:44:21.0663 3548 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:44:21.0666 3548 Winmgmt - ok
13:44:21.0738 3548 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:44:21.0773 3548 WinRM - ok
13:44:21.0832 3548 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:44:21.0833 3548 WinUsb - ok
13:44:21.0867 3548 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:44:21.0877 3548 Wlansvc - ok
13:44:22.0014 3548 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:44:22.0057 3548 wlidsvc - ok
13:44:22.0087 3548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:44:22.0088 3548 WmiAcpi - ok
13:44:22.0115 3548 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:44:22.0118 3548 wmiApSrv - ok
13:44:22.0134 3548 WMPNetworkSvc - ok
13:44:22.0150 3548 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:44:22.0153 3548 WPCSvc - ok
13:44:22.0179 3548 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:44:22.0181 3548 WPDBusEnum - ok
13:44:22.0221 3548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:44:22.0222 3548 ws2ifsl - ok
13:44:22.0298 3548 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:44:22.0301 3548 wscsvc - ok
13:44:22.0304 3548 WSearch - ok
13:44:22.0388 3548 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
13:44:22.0429 3548 wuauserv - ok
13:44:22.0474 3548 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:44:22.0476 3548 WudfPf - ok
13:44:22.0496 3548 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:44:22.0498 3548 WUDFRd - ok
13:44:22.0506 3548 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:44:22.0508 3548 wudfsvc - ok
13:44:22.0522 3548 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:44:22.0540 3548 WwanSvc - ok
13:44:22.0570 3548 X6va005 - ok
13:44:22.0639 3548 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
13:44:22.0646 3548 xnacc - ok
13:44:22.0665 3548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:44:22.0942 3548 \Device\Harddisk0\DR0 - ok
13:44:22.0945 3548 Boot (0x1200) (0abed56843fdfb3cc0f99d71652a84d4) \Device\Harddisk0\DR0\Partition0
13:44:22.0946 3548 \Device\Harddisk0\DR0\Partition0 - ok
13:44:22.0950 3548 Boot (0x1200) (fd76dc7f68ee49013e4e965302494e22) \Device\Harddisk0\DR0\Partition1
13:44:22.0951 3548 \Device\Harddisk0\DR0\Partition1 - ok
13:44:22.0952 3548 ============================================================
13:44:22.0952 3548 Scan finished
13:44:22.0952 3548 ============================================================
13:44:22.0961 4892 Detected object count: 0
13:44:22.0961 4892 Actual detected object count: 0

Running aswMBR now.

#25
charade539

Posted 06 July 2012 - 02:48 PM

New Member

Members
17 posts

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 13:47:00
-----------------------------
13:47:00.607 OS Version: Windows x64 6.1.7600
13:47:00.607 Number of processors: 4 586 0x170A
13:47:00.608 ComputerName: WHEELJACK UserName: Kyle
13:47:03.643 Initialize success
13:50:16.057 AVAST engine defs: 12070601
13:50:50.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:50:50.618 Disk 0 Vendor: ST32000542AS CC34 Size: 1907729MB BusType: 3
13:50:50.635 Disk 0 MBR read successfully
13:50:50.639 Disk 0 MBR scan
13:50:50.644 Disk 0 Windows 7 default MBR code
13:50:50.653 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:50:50.669 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
13:50:50.687 Disk 0 scanning C:\Windows\system32\drivers
13:50:59.240 Service scanning
13:51:14.427 Modules scanning
13:51:14.435 Disk 0 trace - called modules:
13:51:14.457 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
13:51:14.461 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db8060]
13:51:14.467 3 CLASSPNP.SYS[fffff88000dd043f] -> nt!IofCallDriver -> [0xfffffa80077db520]
13:51:14.473 5 ACPI.sys[fffff88000f26781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80077d7680]
13:51:17.346 AVAST engine scan C:\Windows
13:51:24.157 AVAST engine scan C:\Windows\system32
13:54:35.543 AVAST engine scan C:\Windows\system32\drivers
13:54:49.266 AVAST engine scan C:\Users\Kyle
14:30:52.306 AVAST engine scan C:\ProgramData
14:37:04.244 Scan finished successfully
14:47:00.155 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
14:47:00.161 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

#26
gringo_pr

Posted 06 July 2012 - 07:44 PM

Forum Deity

Experts
6,621 posts

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

DAEMON Tools Toolbar

Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

http://www.adobe.com.../readstep2.html

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
- Run the installer to install the application.
- When it gives you the option to install Yahoo toolbar uncheck the box next to it.
- Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
- Click Run Cleaner.
- Close CCleaner.

: Malwarebytes' Anti-Malware :

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidentally close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

- Log From MBAM
- report from Hijackthis
- let me know of any problems you may have had
- How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#27
charade539

Posted 08 July 2012 - 12:51 AM

New Member

Members
17 posts

Downloaded Revo Uninstaller
Updated Adobe Reader (says it was already installed)
Ran Malwarebytes

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: WHEELJACK [administrator]

Protection: Enabled

7/8/2012 12:44:51 AM
mbam-log-2012-07-08 (00-44-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230941
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:32 AM, on 7/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Edimax\Common\RaUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Kyle\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3072253
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
O2 - BHO: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files (x86)\Edimax\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://192.168.15.1
O15 - ESC Trusted IP range: http://192.168.15.1
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10078 bytes

So far I haven't been having the weird redirects, not for the past few days at least. Everything else seems to be running smoothly.

#28
gringo_pr

Posted 08 July 2012 - 03:01 AM

Forum Deity

Experts
6,621 posts

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the add/on to be installed
- Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
- put a checkmark in "Uninstall application on close"
- close program
- report to me that nothing was found

If threats were found
- click on "list of threats found"
- click on "export to text file" and save it as ESET SCAN and save to the desktop
- Click on back
- put a checkmark in "Uninstall application on close"
- click on finish
- close program
- copy and paste the report here

Gringo

<-- Don't worry every little bit helps.

#29
gringo_pr

Posted 11 July 2012 - 12:20 AM

Forum Deity

Experts
6,621 posts

<-- Don't worry every little bit helps.

#30
charade539

Posted 11 July 2012 - 10:27 PM

New Member

Members
17 posts

Here's the results of the scan.

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\00000008.@ Win64/Agent.BA trojan
C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000000.@ Win64/Sirefef.AE trojan
C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000032.@ Win32/Sirefef.FD trojan
C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000064.@ Win64/Sirefef.AM trojan
C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\n Win64/Sirefef.W trojan
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000032.@.vir Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000064.@.vir Win64/Sirefef.AM trojan
C:\Users\Kyle\Documents\Morrowind Mods\cnet2_horse85_exe.exe a variant of Win32/InstallCore.D application
C:\Windows\Installer\fc11d5.msi a variant of Win32/Toolbar.Widgi application

#31
gringo_pr

Posted 11 July 2012 - 10:44 PM

Forum Deity

Experts
6,621 posts

Hello

There are some minor things in your online scan that should be removed.

delete files

Copy all text in the quote box (below)...to Notepad.

Quote
@echo off
rd /s /q "C:\Program Files (x86)\Common Files\Spigot\"
rd /s /q "C:\FRST\"
del /f /s /q "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"
del /f /s /q "C:\Program Files (x86)\IObit Toolbar\IE\5.1\iobitToolbarIE.dll"
del /f /s /q "C:\Windows\Installer\fc11d5.msi"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: <--XP<--vista
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

DeFogger

The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK.

:Uninstall ComboFix:

turn off all active protection software
push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free

CCleaner

Malwarebytes' Anti-Malware

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need?

Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online

Malware Removal

quoted from Tech Support Forum

Quote

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

Gringo

<-- Don't worry every little bit helps.

#32
Maurice Naggar

Posted 14 July 2012 - 08:56 AM

Eradicator de logiciels malveillants

Moderators
13,181 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

~Maurice Naggar

I close my threads if there is 5 days without a response.

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

BC.Miner virus assistance, please.

#21
gringo_pr

Posted 03 July 2012 - 08:18 PM

#22
gringo_pr

Posted 05 July 2012 - 11:09 PM

#23
charade539

Posted 06 July 2012 - 01:43 PM

#24
charade539

Posted 06 July 2012 - 01:46 PM

#25
charade539

Posted 06 July 2012 - 02:48 PM

#26
gringo_pr

Posted 06 July 2012 - 07:44 PM

#27
charade539

Posted 08 July 2012 - 12:51 AM

#28
gringo_pr

Posted 08 July 2012 - 03:01 AM

#29
gringo_pr

Posted 11 July 2012 - 12:20 AM

#30
charade539

Posted 11 July 2012 - 10:27 PM

#31
gringo_pr

Posted 11 July 2012 - 10:44 PM

#32
Maurice Naggar

Posted 14 July 2012 - 08:56 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

BC.Miner virus assistance, please.

#21 gringo_pr Posted 03 July 2012 - 08:18 PM

#22 gringo_pr Posted 05 July 2012 - 11:09 PM

#23 charade539 Posted 06 July 2012 - 01:43 PM

#24 charade539 Posted 06 July 2012 - 01:46 PM

#25 charade539 Posted 06 July 2012 - 02:48 PM

#26 gringo_pr Posted 06 July 2012 - 07:44 PM

#27 charade539 Posted 08 July 2012 - 12:51 AM

#28 gringo_pr Posted 08 July 2012 - 03:01 AM

#29 gringo_pr Posted 11 July 2012 - 12:20 AM

#30 charade539 Posted 11 July 2012 - 10:27 PM

#31 gringo_pr Posted 11 July 2012 - 10:44 PM

#32 Maurice Naggar Posted 14 July 2012 - 08:56 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#21
gringo_pr

Posted 03 July 2012 - 08:18 PM

#22
gringo_pr

Posted 05 July 2012 - 11:09 PM

#23
charade539

Posted 06 July 2012 - 01:43 PM

#24
charade539

Posted 06 July 2012 - 01:46 PM

#25
charade539

Posted 06 July 2012 - 02:48 PM

#26
gringo_pr

Posted 06 July 2012 - 07:44 PM

#27
charade539

Posted 08 July 2012 - 12:51 AM

#28
gringo_pr

Posted 08 July 2012 - 03:01 AM

#29
gringo_pr

Posted 11 July 2012 - 12:20 AM

#30
charade539

Posted 11 July 2012 - 10:27 PM

#31
gringo_pr

Posted 11 July 2012 - 10:44 PM

#32
Maurice Naggar

Posted 14 July 2012 - 08:56 AM