Trisscar
-
Posts
19 -
Joined
-
Last visited
-
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Running pretty well actually. XP starts up a lot faster than it had been before this whole rigamarole. Now to figure out why Ubuntu's latest update crashed lightdm so hard that it hasn't fixed itself since. XD -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Well crap. Looks like Avast doesn't like anything to do with internet. I don't know if it's just a bad install or what, but once it did install I suddenly couldn't load pages anymore, it would stop trying a second after I entered a url. I had to go into safe mode to uninstall it, because it couldn't get past the first menu of the uninstaller in normal mode. I'mma try with AVG a bit later, and now that Avast is gone everything seems fine. Weird interactions though.... -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Del fix log; # DelFix v1.010 - Logfile created 29/04/2015 at 23:22:12 # Updated 26/04/2015 by Xplode # Username : Administrator - FAUXGLASS # Operating System : Microsoft Windows XP Service Pack 2 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\zoek_backup Deleted : C:\TDSSKiller.3.0.0.44_25.04.2015_09.56.21_log.txt Deleted : C:\TDSSKiller.3.0.0.44_25.04.2015_10.05.13_log.txt Deleted : C:\zoek-results.log Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\Addition 04192015.txt Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\FRST 04192015.txt Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\FRST64.exe Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\tdsskiller.exe Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\Zoek log.txt Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\zoek-results.txt Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\zoek.exe Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Downloaded and installed Avast, already have NoScript as a constant part of Firefox with almost nothing allowed, and an electric blue eye just rolled by in the background. Thank you much surrah! -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
*Throws arms in the air* IT WORKED!!! You sir are amazing. I have no clue how it was fixed, but it seems to have been. The computer got stuck at the welcome screen momentarily, then launched MBAM before it even loaded the taskbar. Windows also spat out these logs of what errors it had encountered at me, not sure if they're still something I need to worry about, hopefully not. Thank you so much. ; BCCode : 27 BCP1 : 00000000BAAD0080 BCP2 : FFFFFADF17D043A0 BCP3 : FFFFFADF17D03DB0 BCP4 : FFFFF80001289FD5 OSVer : 5_2_3790 SP : 2_0 Product : 256_1 BCCode : 27 BCP1 : 00000000BAAD0080 BCP2 : FFFFFADF17D193A0 BCP3 : FFFFFADF17D18DB0 BCP4 : FFFFF80001289FD5 OSVer : 5_2_3790 SP : 2_0 Product : 256_1 -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Alright, scanned, cure wasn't an option for either threat. (I should probably mention, I had a friend take a look at everything the other day, and he found that my Ubuntu OS is currently booting off the partition that holds my XP boot, even though it's using it's own partition for everything else. Not sure if this is relevant at all, just thought I'd mention it in case it was.) Here's the log; 09:56:21.0953 0x0530 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 09:56:28.0609 0x0530 ============================================================ 09:56:28.0609 0x0530 Current date / time: 2015/04/25 09:56:28.0609 09:56:28.0609 0x0530 SystemInfo: 09:56:28.0609 0x0530 09:56:28.0609 0x0530 OS Version: 5.2.3790 ServicePack: 2.0 09:56:28.0609 0x0530 Product type: Workstation 09:56:28.0609 0x0530 ComputerName: FAUXGLASS 09:56:28.0609 0x0530 UserName: Administrator 09:56:28.0609 0x0530 Windows directory: C:\WINDOWS 09:56:28.0609 0x0530 System windows directory: C:\WINDOWS 09:56:28.0609 0x0530 Running under WOW64 09:56:28.0609 0x0530 Processor architecture: Intel x64 09:56:28.0609 0x0530 Number of processors: 2 09:56:28.0609 0x0530 Page size: 0x1000 09:56:28.0609 0x0530 Boot type: Safe boot 09:56:28.0609 0x0530 ============================================================ 09:56:32.0437 0x0530 KLMD registered as C:\WINDOWS\system32\drivers\18919074.sys 09:56:33.0437 0x0530 System UUID: {AEC566B3-3BAC-33AE-13F6-6198A9449442} 09:56:36.0265 0x0530 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044 09:56:36.0265 0x0530 ============================================================ 09:56:36.0265 0x0530 \Device\Harddisk0\DR0: 09:56:36.0265 0x0530 MBR partitions: 09:56:36.0265 0x0530 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D 09:56:36.0312 0x0530 ============================================================ 09:56:36.0359 0x0530 C: <-> \Device\Harddisk0\DR0\Partition1 09:56:36.0375 0x0530 ============================================================ 09:56:36.0375 0x0530 Initialize success 09:56:36.0375 0x0530 ============================================================ 09:56:48.0953 0x05ac ============================================================ 09:56:48.0953 0x05ac Scan started 09:56:48.0953 0x05ac Mode: Manual; SigCheck; TDLFS; 09:56:48.0953 0x05ac ============================================================ 09:56:48.0953 0x05ac KSN ping started 09:56:49.0281 0x05ac KSN ping finished: false 09:56:49.0609 0x05ac ================ Scan system memory ======================== 09:56:49.0609 0x05ac System memory - ok 09:56:49.0609 0x05ac ================ Scan services ============================= 09:56:49.0859 0x05ac Abiosdsk - ok 09:56:50.0015 0x05ac [ CFF41DEAE62881B2465D97C6C68D19C6, 3D6E755E8286F0E8C0E80A8E50EE2CDC1C950E8097B3F5CD75EFD11FA40E2574 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:56:50.0859 0x05ac ACPI - ok 09:56:51.0093 0x05ac [ A4D4F508BC6613442B0C32CDE443E382, 17D804FC5846CBBC9C35113DEC6A8BFD8C07848522C6394F26E9BFA8A9EA80CA ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 09:56:51.0187 0x05ac ACPIEC - ok 09:56:51.0187 0x05ac adpu160m - ok 09:56:51.0203 0x05ac adpu320 - ok 09:56:51.0296 0x05ac [ 92500BC3A6E241BBC357F532DD500A75, FE14096E9F3DA851092D43EB58AA89C69235456768EA6D0CB9BCFE655FCA90CD ] aec C:\WINDOWS\system32\drivers\aec.sys 09:56:51.0453 0x05ac aec - ok 09:56:51.0468 0x05ac [ 5B41F5AACEEFCB29D1676942076F665A, 8D1729E9E7E2003C351B02814F81F04851BFBED2BF8ECF7C662F2D33F0B4B31B ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll 09:56:51.0515 0x05ac AeLookupSvc - ok 09:56:51.0687 0x05ac [ 8A7742098432696EC85A9EEF15C4D8E7, 5B8D75044B2CFC6B0DFE60E41327D0B2081A9D2EB6006204F384B869705F3D8B ] AFD C:\WINDOWS\System32\drivers\afd.sys 09:56:51.0843 0x05ac AFD - ok 09:56:51.0843 0x05ac aic78u2 - ok 09:56:51.0843 0x05ac aic78xx - ok 09:56:51.0890 0x05ac [ AFA2CF7CB731CA177CCCFFFFE5D88776, BD5F71D558AAD16F34E1F6810C962A720CD8F7B80352DE4CD72A06222EA4025E ] Alerter C:\WINDOWS\system32\alrsvc.dll 09:56:51.0968 0x05ac Alerter - ok 09:56:52.0031 0x05ac [ 76BC04CFE3F430AF5DF7B289B9A3BF59, D876B871FAC4496467B4EFB5791D8CA38487C603AC201EC3C5318725705783DE ] ALG C:\WINDOWS\System32\alg.exe 09:56:52.0093 0x05ac ALG - ok 09:56:52.0093 0x05ac AliIde - ok 09:56:52.0906 0x05ac [ 1DFC5D5CD2E655D67C9CB0E4E8B2CB72, 71CFBC320B7C9E5BA80CCF72A1774AFFDC98A7A911734C1DC449A92422E2601C ] Ambfilt64 C:\WINDOWS\system32\drivers\Ambft64.sys 09:56:54.0734 0x05ac Ambfilt64 - ok 09:56:54.0796 0x05ac [ D39CB7B4BB3A46BC84AD0CC1B8261FB8, 047DF172B42A536871E30E697A209BDC100615B4422ADAF958D0475412EA6E4D ] amdhub30 C:\WINDOWS\system32\DRIVERS\amdhub30.sys 09:56:54.0812 0x05ac amdhub30 - ok 09:56:54.0828 0x05ac AmdIde - ok 09:56:54.0859 0x05ac [ CCE290F816A286A6632530DA169F5545, 7A2982BE57EAD36314E680113D60F1241FCF504314119E62A666C1D495C9224E ] AmdPPM64 C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys 09:56:54.0921 0x05ac AmdPPM64 - ok 09:56:55.0031 0x05ac [ 990E896740E42C6B88284AFD1799AA56, 600556B41A272588D58AB0D552AD903BD0BF5CFB9CB2F5D966E0AD5EA5F2A3F8 ] amdxhc C:\WINDOWS\system32\DRIVERS\amdxhc.sys 09:56:55.0046 0x05ac amdxhc - ok 09:56:55.0062 0x05ac [ CC19A6452BA688EA32D14D8DBEC190F4, 6D52B63926E1766DB8BD00CC5CC0AD9EA3B68FC1E6C66FAF4E899606437468A3 ] AppleCharger C:\WINDOWS\system32\DRIVERS\AppleCharger.sys 09:56:55.0078 0x05ac AppleCharger - ok 09:56:55.0109 0x05ac [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\WINDOWS\system32\AppleChargerSrv.exe 09:56:55.0140 0x05ac AppleChargerSrv - ok 09:56:55.0281 0x05ac [ 4F6B2DE8BC199C542F174844BB64485A, 6DCB098F5B0EBB188554E2B1415C1FF22D2FCFFA49A505A81933E812039DFBBF ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 09:56:55.0437 0x05ac AppMgmt - ok 09:56:55.0453 0x05ac arc - ok 09:56:55.0625 0x05ac [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 09:56:55.0734 0x05ac aspnet_state - ok 09:56:55.0765 0x05ac [ 7380ACDD2D8E6621392E56D9A0467FE4, A364874276B85EC7E338A336ACC3427B7C6EFC6DA7F835580A31883A7B16E8F1 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:56:55.0828 0x05ac AsyncMac - ok 09:56:55.0906 0x05ac [ 76719A3C10C6264E9435709EC2789A59, B9D0A797C2A9525CB6DDE9D77320136947916ECDE63BB513B7392A379EC2A060 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 09:56:55.0968 0x05ac atapi - ok 09:56:55.0968 0x05ac Atdisk - ok 09:56:56.0390 0x05ac [ 0601C722F9CDD864A22D1E29C96223C3, 4EF855A9C262083E3C53B11D4DFB1231957FFDFA495B1F569C030348E85BFACF ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 09:56:57.0218 0x05ac Ati HotKey Poller - ok 09:57:00.0656 0x05ac [ D0121102A81C68298982FEA36062EB69, BF2530ACC75AEC7910FC000FECC9408BCF4DCEE26CFBB5AA1D8BDF5BACC48071 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 09:57:07.0437 0x05ac ati2mtag - ok 09:57:07.0546 0x05ac [ 955E1C7E0558CCE6FA820DB4D3521A9D, D52169279A0DE010C58B642CAD646AC623F7458D15F41BF6B01DB13E63A0284C ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP6.sys 09:57:07.0640 0x05ac AtiHDAudioService - ok 09:57:07.0703 0x05ac [ 62D65FCE5695B53A2DDF92E83111EA06, EA309ED82765593D1A1762DE62226647BF873524A780F000883B3F2382215622 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:57:07.0812 0x05ac Atmarpc - ok 09:57:07.0875 0x05ac [ 0DA015AB1EE54988572CFC4B7644556A, AD282873A3917A0DB5FF3C6C91877F6607CDDE1F752712E7E7C6B9F7EB4B062F ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 09:57:07.0968 0x05ac AudioSrv - ok 09:57:07.0984 0x05ac [ 1437089F59DBA75FEE4ED959077A938E, 9063F1BF7D018961894172E7F63D7295BD2A4F1A24255F89905810AB756626AD ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 09:57:08.0062 0x05ac audstub - ok 09:57:08.0078 0x05ac [ 8BA2E5CDFDE406DC4646AFB894804844, DB043993312412262AD89111E3CFE3B21A4F85E356D71F1353E38052ACC4DED4 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 09:57:08.0140 0x05ac Beep - ok 09:57:08.0484 0x05ac [ 444F3CC5FFEFBC1509ED0F301F952DF3, 17562741F67E2182721B6D03AE3D63B3C20E2A0884080607EEE5A895D9754C6A ] BITS C:\WINDOWS\system32\qmgr.dll 09:57:09.0156 0x05ac BITS - ok 09:57:09.0375 0x05ac [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 09:57:09.0640 0x05ac Bonjour Service - ok 09:57:09.0734 0x05ac [ 13681D0B32933E3DE95AE15349E751DA, D4F07BE8F8F6BA694CBCE260157323239966820C127667A686FE525398E72EC7 ] Browser C:\WINDOWS\System32\browser.dll 09:57:09.0828 0x05ac Browser - ok 09:57:09.0859 0x05ac [ 2367A4DDA10960624FE696BCEDFC995A, 2D45269FA05A241329EB4CA2F4D8FA57A949C32E06D6197BB268FCA4FCA1B2E7 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 09:57:09.0937 0x05ac CCDECODE - ok 09:57:09.0953 0x05ac [ 982563CF02CD6D4E5D8E0F4B5CBB9B6A, 2A793288E8EED0C656E62D53FB538F9CE9B65B7666370D406F5BC34DB7CD3472 ] CdaC15BA C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys 09:57:10.0031 0x05ac CdaC15BA - ok 09:57:10.0046 0x05ac [ 9067D96899D98CA4535A76E8C8B2E3A5, 9B1F9F69B5BC3F519F1A7F191AE0440F1DD33E405396C4214AE565E913C1D41C ] CdaD10BA C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys 09:57:10.0109 0x05ac CdaD10BA - ok 09:57:10.0171 0x05ac [ 4D99E36322FB51A8D1B2B6D6B69D9889, ADD7675C57EE2576AB3D79B3C6DCA9284BC1D75728D89842DE871C08B1BCE455 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 09:57:10.0281 0x05ac Cdfs - ok 09:57:10.0343 0x05ac [ DF644A11DB3CF37C6041D0D506299FC6, 749FCAAE065752E2895FF137A529C0395A9106C4351E1F8C5423F4E23463FE23 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:57:10.0421 0x05ac Cdrom - ok 09:57:10.0421 0x05ac Changer - ok 09:57:10.0437 0x05ac [ 46C54F209031AFA0F100D0703FC346DA, 5E122FDAC6FB1DBB71A65EE81FD6F65D326B4C465C9311A54B190AFE111BB9A2 ] CiSvc C:\WINDOWS\system32\cisvc.exe 09:57:10.0546 0x05ac CiSvc - ok 09:57:10.0578 0x05ac [ 74F11D0323666D9F615A2D3692590122, EBF245F1FCDEBF8FF25179D1D606235CB216855323D33246C868D36BD2143506 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 09:57:10.0703 0x05ac ClipSrv - ok 09:57:10.0796 0x05ac [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:57:10.0921 0x05ac clr_optimization_v2.0.50727_32 - ok 09:57:11.0000 0x05ac [ FA58B51ED71C9133E141164EAA7C54EB, 36310620185E43149A5CACFC9E26D3F322D7E5A958024885232F1AC0A5AA5C0D ] clr_optimization_v2.0.50727_64 c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:57:11.0078 0x05ac clr_optimization_v2.0.50727_64 - ok 09:57:11.0218 0x05ac [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:57:11.0390 0x05ac clr_optimization_v4.0.30319_32 - ok 09:57:11.0453 0x05ac [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:57:11.0562 0x05ac clr_optimization_v4.0.30319_64 - ok 09:57:11.0562 0x05ac CmdIde - ok 09:57:11.0562 0x05ac COMSysApp - ok 09:57:11.0609 0x05ac [ 423F7A6E3AF4C2A73C8C8AD945F72CBA, D552491C3874B60859E278EE11F5A1DE15E16C2B58CE7B6E473A0311BB6D996D ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys 09:57:11.0687 0x05ac crcdisk - ok 09:57:11.0750 0x05ac [ 8B0B3744C60936ACAE31012799DB3982, D4A85362ABDCD874A79F65911A7DA76122D00BD53E47AEBFC58C0FFB7E99BC0B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 09:57:11.0859 0x05ac CryptSvc - ok 09:57:12.0250 0x05ac [ 51362C5BF89F4CE5FAE7826E8079ED18, 11689A42A27B93E27E168E71CD00B26AB2BDEE0896B3692B9BFA4CED724BCD29 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 09:57:12.0859 0x05ac DcomLaunch - ok 09:57:12.0984 0x05ac [ 54D705CE71DFAF418550F566450B41F4, F8EF1998FC61D9A615109D233ABC528926DDA157E66E18089FF7F992B1BACD4F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 09:57:13.0093 0x05ac Dhcp - ok 09:57:13.0140 0x05ac [ 87F4F2325911738A7C93180715CB641B, F74CB9C3E129CA8A73B3C91090580A4A4CAAEE5634CE856681F1D1CA94111A54 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 09:57:13.0187 0x05ac Disk - ok 09:57:13.0187 0x05ac dmadmin - ok 09:57:13.0375 0x05ac [ 19D704C92C2E2BD4DC99DB18A3523918, 0905E497E14AB2CB3A00C6C35BCB9BB9E0635AB09B632F8B95D29B80EC5A4E4A ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 09:57:13.0781 0x05ac dmboot - ok 09:57:13.0890 0x05ac [ 18F5E66786759D16E5BF0CBBA8F4B707, A57DA184AC95966B8F70203C0885FACFD7DDDD7C8B4299186A49CC0A93E19CC4 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 09:57:14.0031 0x05ac dmio - ok 09:57:14.0046 0x05ac [ C294E31D6CB7407A43C96EC1FEC1F8A4, 62F2E5A2B4FA04416EA58E9D525B482BFF6753FBD2378B17B0438527156032B0 ] dmload C:\WINDOWS\system32\drivers\dmload.sys 09:57:14.0125 0x05ac dmload - ok 09:57:14.0140 0x05ac [ 76F7E7922F428BE040F800920BB8FF3B, 71C4C0ECEFE3DFED359891F855F86B18142B8D5F432F08F4D77A32E166F14BF6 ] dmserver C:\WINDOWS\System32\dmserver.dll 09:57:14.0218 0x05ac dmserver - ok 09:57:14.0265 0x05ac [ 07A7E1E330E1FB4453FF05FEB1A84924, D2E8D1C22183870902FFDBBC6BA779C367DADBEEFDB13B16AA391357DC24D363 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 09:57:14.0421 0x05ac Dnscache - ok 09:57:14.0437 0x05ac dpti2o - ok 09:57:14.0437 0x05ac EagleX64 - ok 09:57:14.0468 0x05ac [ B063A36E4E027A9DBE2B019EBBBEAE86, DA2BA66D9C610B03D973C6747C5FBA34F2582AE9BE9F6162816F455694306E37 ] ERSvc C:\WINDOWS\System32\ersvc.dll 09:57:14.0546 0x05ac ERSvc - ok 09:57:14.0593 0x05ac [ 3DBC10CBC436288801FAEE66DE91AE47, CE50732C43AEB8ACF977DF7CF609C88CB022E596EBE0C0AA9DDBC4D6BB25B804 ] EtronHub3 C:\WINDOWS\system32\Drivers\EtronHub3.sys 09:57:14.0656 0x05ac EtronHub3 - ok 09:57:14.0703 0x05ac [ DE261095A2220D400D9603E1E42D4185, F5C4493EDCE92EC46BC7940764F719131FE27AE695201EDF143D678881CD239D ] EtronXHCI C:\WINDOWS\system32\Drivers\EtronXHCI.sys 09:57:14.0750 0x05ac EtronXHCI - ok 09:57:14.0859 0x05ac [ F45468C29F0F877041C02ABEA981DCDB, 06A1CEABEAA3D8F4314D243AF42C945DF33F3F9F9DAD88D885E311E0A6493D40 ] Eventlog C:\WINDOWS\system32\services.exe 09:57:14.0984 0x05ac Eventlog - ok 09:57:15.0156 0x05ac [ BC28F36CE5B0DEDE74CE02554B4094AF, C2953EF2ACC843A38461A79BB4B9EA2F3D8EF258D4CD227D23AF30423A9825C5 ] EventSystem C:\WINDOWS\system32\es.dll 09:57:15.0468 0x05ac EventSystem - ok 09:57:15.0609 0x05ac [ 9D264C32B7E4A2AE1B31F60F79A2B9B0, 60C703139778D9CCCECB2669D45776C6D53C05A6CE74EE67696BFA841A6AD5DD ] exFat C:\WINDOWS\system32\drivers\exFat.sys 09:57:15.0750 0x05ac exFat - ok 09:57:15.0859 0x05ac [ DB2B34B94EB328023FA329A682629124, 04F8ECC6E4A8BE68A3A9E4F7C0AD7826246D528BA71FFF8F9F51F1783F484671 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 09:57:16.0000 0x05ac Fastfat - ok 09:57:16.0031 0x05ac [ 7E35D423FF10AB5B8AF1D3DE86236690, 27976CA874C7FAC2CD6B0ABD4C3278B42FE96CFE15B621CE80923A2A5E6DA38D ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 09:57:16.0109 0x05ac Fdc - ok 09:57:16.0140 0x05ac [ 73EA9000F8FB2E060954EB7C3377A3C7, 2B9EB0C4904019B5E404F5A47028E2F16A375C4F67420CE3647D9132D362ABF3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 09:57:16.0218 0x05ac Fips - ok 09:57:16.0250 0x05ac [ 8AC77974378EAC3548330951A5DEEEBF, 1C0B7338E8F00E1915E1CDC265FD7249548DDD949106A5CE451A6CAE3FABE2FD ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 09:57:16.0328 0x05ac Flpydisk - ok 09:57:16.0453 0x05ac [ DB82FB02D10B5D0C2A2DDD6BE1BE00E6, 2EBE7CF62A6EE905482933917C4DC2A780F10DAF25C4E63D675570C2FE22B97E ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 09:57:16.0640 0x05ac FltMgr - ok 09:57:16.0703 0x05ac [ 8A4DCD28D2BE12946F6D5D308B0942A6, 92956D815C4C63AA1886AB26AEDBCBBBB352D56AAD7081FC0AADFAE5B956241B ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 09:57:16.0750 0x05ac FontCache3.0.0.0 - ok 09:57:16.0765 0x05ac [ 90B450C095B6E62EB86F72DE5A09A1DD, 5A57B328E8B3E499331457CC14FC8EA24FA52DA4863ED711D5A2DF9C5DF4F549 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:57:16.0781 0x05ac Fs_Rec - ok 09:57:16.0890 0x05ac [ 5B7244492881DCFF03B36DEDC369852C, F8FB5DDAAF09C648EEC23B87CB91CADAC16CD6EB479874050ED9E9BC3AFC24FD ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:57:17.0031 0x05ac Ftdisk - ok 09:57:17.0046 0x05ac gdrv - ok 09:57:17.0093 0x05ac [ 01D3A399FB0D1E3A6D3DA482B39C1D1B, 8EDE9D7DD4501B941FF9C6123A7A1447840EA154F59F52FCBC4A6C5FF93B8C88 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:57:17.0156 0x05ac Gpc - ok 09:57:17.0234 0x05ac [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:57:17.0296 0x05ac gupdate - ok 09:57:17.0359 0x05ac [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:57:17.0359 0x05ac gupdatem - ok 09:57:17.0437 0x05ac [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 09:57:17.0515 0x05ac gusvc - ok 09:57:17.0640 0x05ac [ D36E47728CDBC8D17A77D36A6CBC29BB, F24FBB4C773C330A0F040833745C3B66ED203AFB913C9614EF5A33989BD1E576 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 09:57:17.0781 0x05ac HDAudBus - ok 09:57:17.0859 0x05ac [ 40E274B64843813A81C42687592339D7, 90C3262F6F809543A5B00B0ED7AC0A71821BEAB68C955451470CF4BED0E930D5 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 09:57:17.0937 0x05ac helpsvc - ok 09:57:17.0937 0x05ac HidServ - ok 09:57:17.0953 0x05ac [ F32BEC5614A61BBB2BEDE070D279F88B, B9CA32159CFBF658F412C77BF175BFC2E8209A32947F7C4BB251AD2A76D81759 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 09:57:18.0031 0x05ac hidusb - ok 09:57:18.0281 0x05ac [ 9590176FF38CF20DB662AD7846CF2A30, 9B4C254AF074BBC1AB526CE32E6149C15FBF5300056BE125C45D583F474237FA ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 09:57:18.0687 0x05ac HTTP - ok 09:57:18.0703 0x05ac [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] HTTPFilter C:\WINDOWS\System32\lsass.exe 09:57:18.0781 0x05ac HTTPFilter - ok 09:57:18.0781 0x05ac i2omgmt - ok 09:57:18.0828 0x05ac [ 50FD608643D9B56C4C75C0784513F77E, 676229455643781D79F421B986CCCAA14F861492B66C7225AE1347881E561777 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:57:18.0937 0x05ac i8042prt - ok 09:57:19.0093 0x05ac IASJet - ok 09:57:19.0484 0x05ac [ 501CF65702D7F64C38DB360F7EB07ADC, D4EC76EC74B6A79D06CD14C75ABC82ED1931CF5EF393BBCADA40FCC78FA9BD6D ] idsvc c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:57:20.0203 0x05ac idsvc - ok 09:57:20.0203 0x05ac iirsp - ok 09:57:20.0250 0x05ac [ D2E541613B72FF9FCEDF37B166930706, CF3985DCD3EABEF8B972664C0F22C6A42E2C3F3A3572EC391D083B7E76A00455 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 09:57:20.0343 0x05ac imapi - ok 09:57:20.0468 0x05ac [ 9014C144CD95EEE1F5884664A4BFB4D8, B8E6D6509C11B080558AF72377D4373E5D363979D3B0FE832E3B41D20870ACFE ] ImapiService C:\WINDOWS\system32\imapi.exe 09:57:20.0765 0x05ac ImapiService - ok 09:57:24.0250 0x05ac [ 0EA38F5E45367655123FAE492BE093B3, 2F00CE9E10BAF7ED7E231B83FD2331EE5368A7E9EEB74A4D87F5714055D6137A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKHDA64.SYS 09:57:31.0078 0x05ac IntcAzAudAddService - ok 09:57:31.0109 0x05ac IntelIde - ok 09:57:31.0140 0x05ac [ 6601A43EE389D0ADB11AAEDE9A98036B, 0CE5143CC0FFFC7CAAF083A54227010137E00E97876C4D9BC898C4B7320F8DF6 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 09:57:31.0234 0x05ac Ip6Fw - ok 09:57:31.0265 0x05ac [ 1B1B4654A5492A42D2E1BF5B2B22D32B, 17BE92DEE96967788F35DCB4BA325D6411230B55214F5895D27F5DDC2B12544C ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:57:31.0375 0x05ac IpFilterDriver - ok 09:57:31.0390 0x05ac IpInIp - ok 09:57:31.0468 0x05ac [ 94481B6D32788002E1821E636AEB7898, DBA843BC8EC73BA1956F379BC96A81C350C62B9420A39FC47143263B1D065FE9 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:57:31.0578 0x05ac IpNat - ok 09:57:31.0656 0x05ac [ 6CEEBC78F45ED27690A25E88FA8E290B, F25E98DE225420A47B27DD99E4133D28C79555C27102A0364EA3424F18494E66 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:57:31.0765 0x05ac IPSec - ok 09:57:31.0796 0x05ac [ 8B7015EA0171242CCA03C2FB48CCC771, 9CC5BB9492751CC1829E87B17964F2A6BCCB2EB448145998881E31330970FF8D ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 09:57:31.0828 0x05ac IRENUM - ok 09:57:31.0859 0x05ac [ D994162E4D8E931FC16A892A87852BBB, F80D217317E08F1366040DA5FC7331EFE9DF5DDC8608AAD4FAA45D6DF118E28B ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:57:31.0921 0x05ac isapnp - ok 09:57:32.0109 0x05ac [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe 09:57:32.0203 0x05ac JavaQuickStarterService - ok 09:57:32.0234 0x05ac [ E85095372008A9194C7ED6206CB782DA, 4C19D415D2D35F4A3E173D47C3F9881659C68D98ECB0123450665CD79FF2C001 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:57:32.0312 0x05ac Kbdclass - ok 09:57:32.0421 0x05ac [ 1B280B3B4C10CC2E3EC3AEC17EB6B658, 8540FA4B4E06067ADD9421C8444B0F143970513CEF000CE6899572D4F3B8CA1B ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 09:57:32.0562 0x05ac kmixer - ok 09:57:32.0671 0x05ac [ 66AA4769D5B1EBC1CB35CC65AA3B0A87, 4E7D8C53F44AD726CEADBE2A801E8FB37A403130063EB53A24BCEDABD0FFD050 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 09:57:32.0781 0x05ac KSecDD - ok 09:57:32.0796 0x05ac [ 5CB302B6CAACE41AF70C34B56EB3DB23, DE545B1CF1D37D2A58826665D8694B0F6FAAA293D4DB4D707D32FC726EF42866 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys 09:57:32.0875 0x05ac ksthunk - ok 09:57:32.0953 0x05ac [ EEC592BE9525A3E0D60708D9B317B246, 66A9226843ECB2C68C4A0F0AA5D6B2A41CF5DF9D33B944313CB417DAC5BC4AA5 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 09:57:33.0062 0x05ac lanmanserver - ok 09:57:33.0171 0x05ac [ 591786FE85DF5CEB8CFC86E0DF3BF13A, EDF94A10CD25C6F815F77225B58F517FA106A24998505E852721141FA19FA845 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 09:57:33.0312 0x05ac lanmanworkstation - ok 09:57:33.0343 0x05ac [ 80DB42573F8EF6CBB6A7A0FF6966A352, B2CF856BC3EE206B983C213F476DA040A74C315C45F22867F587BF02C76EC160 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 09:57:33.0421 0x05ac LmHosts - ok 09:57:33.0468 0x05ac [ 4A5FFDF0FE830C448830BD4B02B02B4B, 777603317D35A1FEDFF985A6387A5C9C5E1C42C35513699BCD70A0C7AE762600 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys 09:57:33.0500 0x05ac mbamchameleon - ok 09:57:33.0500 0x05ac MBAMProtector - ok 09:57:33.0515 0x05ac MBAMScheduler - ok 09:57:33.0515 0x05ac MBAMService - ok 09:57:33.0546 0x05ac [ 34EF8CBEA95EF5108A1349FC22D87513, 10BEC2856EAE0CA2B2A7AF147C40805BCC1C24695BCFCA893325EBB340F24276 ] Messenger C:\WINDOWS\System32\msgsvc.dll 09:57:33.0671 0x05ac Messenger - ok 09:57:33.0671 0x05ac [ AD6BC1EFA0C1B53409947F06DE87FC89, A5A32E731151E6A22969A12FB75E64448E3B012CA56AD3FE7E92EE89B89173A3 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 09:57:33.0750 0x05ac mnmdd - ok 09:57:33.0750 0x05ac mnmsrvc - ok 09:57:33.0781 0x05ac [ 9A67A96A0CBC2BC658ABF8C9B5EE065A, BDFC3D82578E049592A273E7247A80495D2BB82B9F2E603164037CBC4B7CA28F ] Modem C:\WINDOWS\system32\drivers\Modem.sys 09:57:33.0859 0x05ac Modem - ok 09:57:34.0734 0x05ac [ CAA4BD0FBF4BBC0C259146E1FFD00C24, 5BFBD2003B8B590A5747A04C4CF8043BB8931BE7805309B6FB68C58197146A80 ] Monfilt64 C:\WINDOWS\system32\drivers\Monft64.sys 09:57:36.0234 0x05ac Monfilt64 - ok 09:57:36.0281 0x05ac [ 12ACF32EDF03E46805347817ACB9F64C, 03549892876175B3FB3C7DFC51460E2576C3CD575C99A173745088E1D38410ED ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:57:36.0343 0x05ac Mouclass - ok 09:57:36.0359 0x05ac [ A0C4E4A79C5D6F418315C33177F2B5BC, AF892EF90545319E9DC68AB1848FF291CE1059A2CD04AA7BD12945C01A1949BA ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 09:57:36.0406 0x05ac mouhid - ok 09:57:36.0453 0x05ac [ 1B06EAAB2818C9FB588091FC8FB3AFE5, 5BBFC7E3454F3638DEFC1EA2537E991E1B8CA03080BDD612F4B1148EFFAEFD2C ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 09:57:36.0500 0x05ac MountMgr - ok 09:57:36.0609 0x05ac [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 09:57:36.0687 0x05ac MozillaMaintenance - ok 09:57:36.0687 0x05ac mraid35x - ok 09:57:36.0812 0x05ac [ 9BD69A8EFD601B1E0740599BE53284BA, 0FBA3AB6E681F5B97F93FF356B32F6DC9D2548A919DCE0BE8D5F75CEBF7852D9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:57:36.0953 0x05ac MRxDAV - ok 09:57:37.0296 0x05ac [ 099D19AFF75912006B17BAFA07FDF4FB, F1AA10815D0BC208249B6BBECC30D75DC8840EE192A5AC844A8D5DB08A1FA50A ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:57:37.0906 0x05ac MRxSmb - ok 09:57:37.0921 0x05ac [ 193202BD0CF4F23B55C092DEB12AA144, 6DE024949E4B7C6D170530912266F37A0DC66B305C28FC9EB26E517C815B0970 ] MSDTC C:\WINDOWS\system32\msdtc.exe 09:57:37.0953 0x05ac MSDTC - ok 09:57:37.0984 0x05ac [ 983F4AB7A50D56CD33E2061EE733BD55, 91F67285564BDD007C56F124E34323B455747D79A1D370690D016316A73A247E ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 09:57:38.0078 0x05ac Msfs - ok 09:57:38.0078 0x05ac MSIServer - ok 09:57:38.0109 0x05ac [ 308EC6FBEF38871CB2C4CACE9C8F4808, BAE1435430A08930207DDA961AE4B62D7657ECA57F84B7C6102C776FBBD327D0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:57:38.0171 0x05ac MSKSSRV - ok 09:57:38.0203 0x05ac [ 8D3226738479719AAB3B6D2617D7A55C, 2C6974639170016C00010CDC49231BD8B10D7B5B5D2775B19065EC9DC32B1CC0 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:57:38.0265 0x05ac MSPCLOCK - ok 09:57:38.0281 0x05ac [ 058D63E8D000AE678D4549BFA8EB0DEB, E3BC297DF7D9C67D235B35B692B7CFE37B38A14A5CD78EB5E7A7652E3BB39AF1 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 09:57:38.0343 0x05ac MSPQM - ok 09:57:38.0359 0x05ac [ 5992D1F9ED64017A76AFEE2B79F5CFB9, 82077C3D5C7C77B923E75A250837BE3E911BCD3ED4A53C8A13E4372429E32721 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:57:38.0437 0x05ac mssmbios - ok 09:57:38.0468 0x05ac [ 6C679FAB17592620DE60DC7700A039EA, 552C41FFFE2F8A0E53DE8AC6BB295ABB7A253E75B3A164FC986AD78C5C722440 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 09:57:38.0531 0x05ac MSTEE - ok 09:57:38.0625 0x05ac [ 9956A293E9440F901299E52B671C6244, E66432B4D967D377CA40D00FD7B1602EFB18B7535392571C7194D332C1145A26 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 09:57:38.0718 0x05ac Mup - ok 09:57:38.0781 0x05ac [ 933012D216D0022A500CC6C0DFA16428, 880D2F6634AE698BE301D49A4F16346CE814070F365FB7EB5D9EE7DBED61D15A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 09:57:38.0890 0x05ac NABTSFEC - ok 09:57:39.0046 0x05ac [ 0A5049725C1AE047CBFB466BBC6BBE79, 58191E96B8F83863B7C108D1814940527572D4B5E8E5E37F648574591E141705 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 09:57:39.0343 0x05ac NDIS - ok 09:57:39.0359 0x05ac [ FEBEB8BF62B229CE9DA98C32BF3D26A3, 21A0170EACF1EB546826F430C3495863451EBC5DA909BFB10DC1F2AF214E3D92 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 09:57:39.0421 0x05ac NdisIP - ok 09:57:39.0437 0x05ac [ 8509E3EADCAB3D8565086AFD1E3D9028, 65CE98AC369F4340AA588374BABA4658672CB2418FC052B34DB431C2755FF10C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:57:39.0453 0x05ac NdisTapi - ok 09:57:39.0484 0x05ac [ 49C1207C1AE8C6958F1C1747132814C2, C1DA17D8A9CC4A93E620E98E52880F7591419145B9C031FF4501794D3B8252F9 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:57:39.0562 0x05ac Ndisuio - ok 09:57:39.0640 0x05ac [ 6157A7AEAE6D2B948FF2E872FFAC765B, 22C28325D50EF4B5C7EB9AAA71BCB72CECE2B6591D380C24285E938DCD15E3BF ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:57:39.0765 0x05ac NdisWan - ok 09:57:39.0812 0x05ac [ F3D27141BEDE53E05D8B44362A62FC2D, BB7281ADDA1D66A09191A9D39DF90D6FBF2E2D4D4DA6CB2990215BBDEADE3D29 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 09:57:39.0890 0x05ac NDProxy - ok 09:57:39.0937 0x05ac [ 9AF784FA65E39C30D04DC941468354D4, 71181055AF8766ADEC86BD2ACCDBA6BA1FB40B0453C80BAFF279A2D45081500D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 09:57:39.0968 0x05ac NetBIOS - ok 09:57:40.0140 0x05ac [ BA4B0391DB3AC6FBF99A71B1759DCA0A, FE21B78EA8ED4C8FDBA6A881DC408CC398DA00FE92CCBF5DBC5983E4B870DEAA ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 09:57:40.0421 0x05ac NetBT - ok 09:57:40.0515 0x05ac [ FB13279D8C89ADD5B0F7497C45BCF1C3, 955E3876C7DD8E5B21834EC827061DB1696CDDF11132F887A0E3EFAAABE2E536 ] NetDDE C:\WINDOWS\system32\netdde.exe 09:57:40.0656 0x05ac NetDDE - ok 09:57:40.0718 0x05ac [ FB13279D8C89ADD5B0F7497C45BCF1C3, 955E3876C7DD8E5B21834EC827061DB1696CDDF11132F887A0E3EFAAABE2E536 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 09:57:40.0781 0x05ac NetDDEdsdm - ok 09:57:40.0812 0x05ac [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] Netlogon C:\WINDOWS\system32\lsass.exe 09:57:40.0859 0x05ac Netlogon - ok 09:57:41.0156 0x05ac [ F28FD9DBA68A85D6EE4225A83F127D2B, 60D97E3FBA76A767C29AE9586E6DCE55EB9F6F696583338DFA58436A00FF78A9 ] Netman C:\WINDOWS\System32\netman.dll 09:57:41.0531 0x05ac Netman - ok 09:57:41.0609 0x05ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 09:57:41.0734 0x05ac NetTcpPortSharing - ok 09:57:41.0953 0x05ac [ 8D266CB350E07AC3B4578817C8CB1049, 0183DB114D5B717391F26D34031FE12A99B29A88676F204578CC24A67AE23550 ] Nla C:\WINDOWS\System32\mswsock.dll 09:57:42.0296 0x05ac Nla - ok 09:57:42.0328 0x05ac [ 81819038621A2C524781EC503D400287, 9CB8DD11863C1AC2CBD2D5A6F4237770A6D864FF11098924D5ECDE07634D6E29 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 09:57:42.0421 0x05ac Npfs - ok 09:57:42.0875 0x05ac [ 9283AF57306CB1ECCAA53D88B936B715, F1E660D0627EBFB18D13CA8131230EA07AEFDDE49790FFE578B59EFD173B313E ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 09:57:43.0687 0x05ac Ntfs - ok 09:57:43.0687 0x05ac [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 09:57:43.0750 0x05ac NtLmSsp - ok 09:57:44.0109 0x05ac [ A6D519D536C8CA9268DBAFAA4853123E, AD1142208BA4A5331F6C6A3745271C724B663099F0C077C8DED8A0E3DF52D069 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 09:57:44.0687 0x05ac NtmsSvc - ok 09:57:44.0718 0x05ac [ 501039187C444FA7AB9D97B6A6C667B3, 96E2D68DEC08A78BC73868DC35DC23E62CDC1D5A91381A90BBAC5866952A6D19 ] Null C:\WINDOWS\system32\drivers\Null.sys 09:57:44.0781 0x05ac Null - ok 09:57:44.0843 0x05ac [ 7DDAA09186DA9F1D304E819B5A6BBC5A, 274FD7391E81642F022045A2472283942CB9278B61D640575942E6D0A2FC2297 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 09:57:44.0968 0x05ac Parport - ok 09:57:44.0984 0x05ac [ 18BA378CE89A896AAEE6D20680F21396, CA7A7C7A5BE8949A0384505DDB6A7F3625EB9FCFD7017F7A2B16FD2C794C0CEA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 09:57:45.0015 0x05ac PartMgr - ok 09:57:45.0078 0x05ac [ 5B2C8D6971D8DF4937C2FA013CD4C00D, DF679B09318EF922DB5F2DD55DEADE60C29C038B70A8EA470BA5C11B041D9CBF ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 09:57:45.0187 0x05ac PCI - ok 09:57:45.0203 0x05ac [ F1978C7849A0047306DB3B8BB94F0764, 4423A89C71CF1C4DE1670B7B8BAAA03E66FEC1F76470E6F1FE3C9BD1F83D87C5 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 09:57:45.0265 0x05ac PCIIde - ok 09:57:45.0359 0x05ac [ 037F3A19F49A4C6A320C4154EBD6EE9D, CEF1860D8DD031FA69A6FADD62A91C11EAF98109082906436CCFCBAC7F32C21B ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 09:57:45.0500 0x05ac Pcmcia - ok 09:57:45.0515 0x05ac PDCOMP - ok 09:57:45.0515 0x05ac PDFRAME - ok 09:57:45.0515 0x05ac PDRELI - ok 09:57:45.0531 0x05ac PDRFRAME - ok 09:57:45.0656 0x05ac [ F45468C29F0F877041C02ABEA981DCDB, 06A1CEABEAA3D8F4314D243AF42C945DF33F3F9F9DAD88D885E311E0A6493D40 ] PlugPlay C:\WINDOWS\system32\services.exe 09:57:45.0671 0x05ac PlugPlay - ok 09:57:45.0687 0x05ac [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 09:57:45.0734 0x05ac PolicyAgent - ok 09:57:45.0812 0x05ac [ E176F640EE6BF550F61FAA9CE9A683F4, 52218543EC0265275C1E47A356EABAA3DD6A4B92D1394B939EB5A061DC8143BD ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:57:45.0937 0x05ac PptpMiniport - ok 09:57:45.0968 0x05ac [ 1F6AFB4D9CCF57FF90EB4932B672D1E6, 6413EB4FC630C4D0C61B1BAE3CED89F5192E0B41C7CDE4B446CC925B5D757131 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 09:57:46.0046 0x05ac Processor - ok 09:57:46.0062 0x05ac [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 09:57:46.0109 0x05ac ProtectedStorage - ok 09:57:46.0203 0x05ac [ 347D335BCE2B97F340507930AB0FF073, A5E1E9B28B28A9B8A49FA1D0EBF2D21DD592A3EC9412DE370F2E32B9DF8689F6 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 09:57:46.0296 0x05ac PSched - ok 09:57:46.0328 0x05ac [ 35E39A969D227C2A56C1DC98361D8E35, A8F6135798D562EF21F8A546CD7C7A48C88AC8CC51BE24DCEA9B3233DDA48F3A ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:57:46.0406 0x05ac Ptilink - ok 09:57:46.0421 0x05ac [ D646A315E6386DAC1D96C8CE8A4BFEE7, 2DCCFDC6A390AD6938957A9CA80CF4B76FC3CE3211D707E43CE2C9AADE101CFD ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:57:46.0484 0x05ac RasAcd - ok 09:57:46.0562 0x05ac [ 3F573D0C001B982C3180860366783BC0, D059C7298717513B5F8086E5C1FC83FB8E1D053E60D4F3A4E1B8BBD668560F3D ] RasAuto C:\WINDOWS\System32\rasauto.dll 09:57:46.0671 0x05ac RasAuto - ok 09:57:46.0750 0x05ac [ D81FDC53EE9C0F68D709E504342D1D74, 9C0224B1D0D3672AD737EE7F15BC32938B37F75840ECAABCCBAE82D6518C0BDB ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:57:46.0859 0x05ac Rasl2tp - ok 09:57:47.0000 0x05ac [ 8503313BADBE481B16776D42EA7D674A, 17F5A924EA76589DB5BFE09932E5AD7F239E3E8C895F7BCF9B181EB4F146AECC ] RasMan C:\WINDOWS\System32\rasmans.dll 09:57:47.0156 0x05ac RasMan - ok 09:57:47.0187 0x05ac [ 31FA5AB662C58CC5CF92396224F6B29A, E6279EF4F6A78EC17F0B10A446AF476C005FC4F9FE41057E540B2505B831EFE2 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:57:47.0281 0x05ac RasPppoe - ok 09:57:47.0296 0x05ac [ 701493F9A6EDE759AF8D3FA7C08BAB3B, 2659B1F99BCECDD760E808439B8AAFE67301CCF0A0B7D581E5950B3515B62E31 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 09:57:47.0375 0x05ac Raspti - ok 09:57:47.0515 0x05ac [ 8F2B792C67012DB4CD4DFBDAE481FB9F, 9001481C296C1CB158785C781CA92F316576C6511784B07DD177B3BB6C50499A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:57:47.0656 0x05ac Rdbss - ok 09:57:47.0671 0x05ac [ C013379D04060318C3B2E4967D82739A, DB7092052C44D103C4AF4792742F9701A33BBF0C8FFEF29A86CBDBCF470B2F75 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:57:47.0734 0x05ac RDPCDD - ok 09:57:47.0890 0x05ac [ C739D66DDA7AEEA6F27F3AE0C30AEEBB, BAE47298CA3837B6082F84DAC03757545192E6C7C10CAF1FA49AFC5D0C12D6B6 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:57:48.0187 0x05ac rdpdr - ok 09:57:48.0312 0x05ac [ C48502EC12E239B9362CFA9E774E42A1, 5C1960DC9D193773797027701472F5F0A6A3538B21C935AF2FE408654BB8F7B4 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 09:57:48.0437 0x05ac RDPWD - ok 09:57:48.0546 0x05ac [ A72BE0B07655141AB4EABECF0D66528A, F92EAD99AA7B903442EB22150D5C6ABE50347C843005A6C4DD47D025E4FBD905 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 09:57:48.0828 0x05ac RDSessMgr - ok 09:57:48.0859 0x05ac [ 1D793394201000D2D56E848C18FE9A62, 18B876699CEBA83A1926E04C9C4EDEC9982D8C79A419EA0E181AC9588F391A07 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 09:57:48.0937 0x05ac redbook - ok 09:57:49.0000 0x05ac [ 60C8A5D4954CCE7D280369DFF5068019, 1F7E437B3CD0A576875863A945B6015899B63A29FADB7B74D7091C8F5044C395 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 09:57:49.0093 0x05ac RemoteAccess - ok 09:57:49.0187 0x05ac [ BA88075E443EE4D0D829EB922169C908, 9CC6B6B95E92151FFA7E2731B93A339BE41D1BDE6C3D84F1DF51C0DF2C669BFB ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 09:57:49.0281 0x05ac RemoteRegistry - ok 09:57:49.0375 0x05ac [ 809785CF7BE1B857F3B52D9B1AF10817, BB37B37F0B31FD0C3CE6159C7D7615FE3C27B2B1DE6847DBC20993EB11CB142E ] RpcLocator C:\WINDOWS\system32\locator.exe 09:57:49.0500 0x05ac RpcLocator - ok 09:57:49.0875 0x05ac [ 51362C5BF89F4CE5FAE7826E8079ED18, 11689A42A27B93E27E168E71CD00B26AB2BDEE0896B3692B9BFA4CED724BCD29 ] RpcSs C:\WINDOWS\system32\rpcss.dll 09:57:50.0125 0x05ac RpcSs - ok 09:57:50.0312 0x05ac [ 62D82829E80DC7E364F5764DE457E571, 5A09AF5A713925A46E4C3EC6746D302EE68887D8AF5DAF0926677CC441A72E80 ] RTLE8023x64 C:\WINDOWS\system32\DRIVERS\Rtenic64.sys 09:57:50.0671 0x05ac RTLE8023x64 - ok 09:57:50.0687 0x05ac [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] SamSs C:\WINDOWS\system32\lsass.exe 09:57:50.0750 0x05ac SamSs - ok 09:57:50.0843 0x05ac [ A2069FFA2A6FEBB3818F180373C84A89, 5BA399793247AF1BC2B8C8A417211EF5D4FC9C126496E5692E5D0C08BD38D512 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 09:57:50.0968 0x05ac SCardSvr - ok 09:57:51.0125 0x05ac [ 26F3D50B2CFE9EDC10ED98E727A0BE29, FA18159FE97D3BDE9E6480A1EBF44D548AB8BE16E01A43505BCF3FB2AB8DF42E ] Schedule C:\WINDOWS\system32\schedsvc.dll 09:57:51.0328 0x05ac Schedule - ok 09:57:51.0359 0x05ac [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:57:51.0390 0x05ac Secdrv - ok 09:57:51.0421 0x05ac [ 04F73624D4812CF7B0CD29B655D80C62, 9EF1E96ECAAA23FA93F30796A9BF871CF7E887A095069AFD5CD6148D9766BEBB ] seclogon C:\WINDOWS\System32\seclogon.dll 09:57:51.0453 0x05ac seclogon - ok 09:57:51.0500 0x05ac [ 7FF1B39B71D2B8DAB916DB99BA7AFB62, FD0CA336327B285EDC74B8525C2C7F419E874B41243F191417B832C12CECCA17 ] SENS C:\WINDOWS\system32\sens.dll 09:57:51.0546 0x05ac SENS - ok 09:57:51.0578 0x05ac [ 111B29F3FCF9FB61C903A01E3706F7DC, EB872B6769806170E26BEC23F689B38D0779A1219353B0DA47F52F747DC4120A ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 09:57:51.0671 0x05ac serenum - ok 09:57:51.0734 0x05ac [ C0DC97399576FCCFF5FE877EC2D8DACC, 0AED50A4D99161FC66B323606D13F08ED4556ACD18E5EDE1E030EB5FECF03D1E ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 09:57:51.0843 0x05ac Serial - ok 09:57:51.0890 0x05ac [ C6EACC8920A31B8D5842D1F7A28E2113, 8883115F406A4A8588DD9E8ED6E9ED7ED4AFF9DFDBE8B391C0D9AEBE187DD27D ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 09:57:51.0953 0x05ac Sfloppy - ok 09:57:52.0203 0x05ac [ D71A8153D3CF0ED527F6BA1F087FAA22, 1EEB6A8D379EE51A17C9E7DC01467EA283F2B60DA8167EB1DD0EB8A60E25FFD6 ] SharedAccess C:\WINDOWS\system32\ipnathlp.dll 09:57:52.0656 0x05ac SharedAccess - ok 09:57:52.0765 0x05ac [ 2848A9079415D1D5B3D38890C59CB43B, B3DC009CA9978826AE1F948EF23831D49EB68C7E511AC4F5DD2E554830A2BA2A ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 09:57:52.0890 0x05ac ShellHWDetection - ok 09:57:52.0890 0x05ac Simbad - ok 09:57:52.0906 0x05ac [ 6763442AF574D3D42CBFB8008B7A140F, 153E1BF01180CFEA7D01996D37DA59C43E8C410DFC195F6B621709CCB287E08B ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 09:57:52.0968 0x05ac SLIP - ok 09:57:53.0000 0x05ac [ 17EC29105989101DB536C49E1279A0EB, 7B8D96703584DCBF94802B18C8A601D806DB2D3DA4EA0D33AA4C268C9C06467F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 09:57:53.0078 0x05ac splitter - ok 09:57:53.0140 0x05ac [ 3295C10575FC9FB2E28B164F8F098C75, 191F41C28A815BF242F82AA68027B599763C7A76532E2F8DCE0A2DEF45F7B635 ] Spooler C:\WINDOWS\system32\spoolsv.exe 09:57:53.0218 0x05ac Spooler - ok 09:57:53.0281 0x05ac [ DAE1D5553D42A06034001D6EF4F5CB36, CAD426CCD2BFE81F7B13D2777F699CFE9F7708FFE768BBB618C78601D4AD99CA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 09:57:53.0375 0x05ac sr - ok 09:57:53.0484 0x05ac [ 7B6DA719973755BD091131E53AD6EC23, 2C0D2191ACDF2BA7D5711C6088F28D9478396B6144FBFFECE5B688646A701C62 ] srservice C:\WINDOWS\system32\srsvc.dll 09:57:53.0640 0x05ac srservice - ok 09:57:53.0937 0x05ac [ B036A5371DA7155EF7873CC81B313F68, 25C18DFDAAC14A2E099A38109980A21D8BC7946FE329510BFB9BCBB7460D056A ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 09:57:54.0453 0x05ac Srv - ok 09:57:54.0515 0x05ac [ 94AD81C8EE2385EDDB08C7E34FEDB7A8, 86565EC29AC5CB84B6BA3B482ED2EB743EF11BD53A93EAEDA2400DFCF3F88440 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 09:57:54.0640 0x05ac SSDPSRV - ok 09:57:54.0921 0x05ac [ DE91B37732DDC1724CC11845E8C84168, E65EE7A0CF52D550344C1975BB07113B78688AF7E851BFCE1FD802413F429F18 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 09:57:55.0312 0x05ac Steam Client Service - detected UnsignedFile.Multi.Generic ( 1 ) 09:57:55.0453 0x05ac Steam Client Service ( UnsignedFile.Multi.Generic ) - warning 09:57:55.0734 0x05ac [ 80308CE34BEF9C72FB71822AC7BABF5C, C6D38183ADD36CEE39A0EE39EE346F3DBF71E04B44CBABF16516611492457B6C ] stisvc C:\WINDOWS\system32\wiaservc.dll 09:57:56.0125 0x05ac stisvc - ok 09:57:56.0156 0x05ac [ 90C7874FF6BABF98A801C7AEBE3AD5A6, 0D9A3F915D0482E17BEF1F62CD5447BFB24FA8C324E6A58F46E6C266B4D2EA24 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 09:57:56.0234 0x05ac streamip - ok 09:57:56.0234 0x05ac [ B6536185FEEB8F0C86AD3BF2FBAB4F2F, D9E2935B3C1D3326E5BCC2F8C8D65D72B453D60E5E702812383256606B69D414 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 09:57:56.0343 0x05ac swenum - ok 09:57:56.0390 0x05ac [ 8E9E35B36A27AD154A5F92397CDE343C, EDB9F8B366D8CDEB26CB0C669559829D7D7522F8EC673CE5F53A7858B78AA17B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 09:57:56.0500 0x05ac swmidi - ok 09:57:56.0828 0x05ac [ 1CEB8AE659B201BD1C1A5A6CB0E9B257, 1644D78A5EDF8423522B101A7F34B1A90FF0D4E10E2866A320D819807FFF2F22 ] swprv C:\WINDOWS\System32\swprv.dll 09:57:57.0359 0x05ac swprv - ok 09:57:57.0359 0x05ac symc8xx - ok 09:57:57.0375 0x05ac symmpi - ok 09:57:57.0375 0x05ac sym_hi - ok 09:57:57.0390 0x05ac sym_u3 - ok 09:57:57.0453 0x05ac [ 2E843F129DAF4C789DF7ACD40E26208F, A7B8B46AA5E72B43142E2D59E49DE908FEF3FFBD2E54D1AF1B0CCA8142462009 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 09:57:57.0578 0x05ac sysaudio - ok 09:57:57.0671 0x05ac [ 8AEE2B49560B6297261E831F6087BB61, 777453B607E4ED202B877A11E9AFB969CC05E6B7D024AFFD1387CF2B271C8482 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 09:57:57.0750 0x05ac SysmonLog - ok 09:57:57.0953 0x05ac [ 798FD4BBB8FC75519178D70EE15E897D, A68A349EE350704F1C7225957B9496968044B6896057AE5AE3C8F4D5DA2F8554 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 09:57:58.0265 0x05ac TapiSrv - ok 09:57:58.0656 0x05ac [ 5CC6633ED680906BDCC9FBE70CB64516, 4AC1705D04FE4688500C04907D3DC7399B85F8AD4DB6DFA5AA145149D9CBBB69 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:57:59.0234 0x05ac Tcpip - ok 09:57:59.0250 0x05ac [ DA1E9CD22238FA4DB565EF41C7312E1B, 5E858462DBD7557CC8CADA0E5A26F11F1F22829FD29D8A91916F7A384A1D7543 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 09:57:59.0328 0x05ac TDPIPE - ok 09:57:59.0343 0x05ac [ 47D24EBB1C442DCC18D89B8B89BAFB49, BD906AB7C17AC9CCCB551DE51B7354597B9676276C65CBF9F8C9FC97451C6AFF ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 09:57:59.0421 0x05ac TDTCP - ok 09:57:59.0484 0x05ac [ 3C73159CA39830E3144A83A8C65630F7, DCBCE9FB5162689028EA202E9998E365C25AF8AE4DFB789C344319A6DA2C4A92 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 09:57:59.0515 0x05ac TermDD - ok 09:57:59.0687 0x05ac [ 1294EF39BF9F5311E954751C974D0C1D, 0B93912BD526381A2A37EBE8CE26EAAE4D33DE3228DCBC7BF16A042516825164 ] TermService C:\WINDOWS\System32\termsrv.dll 09:58:00.0000 0x05ac TermService - ok 09:58:00.0093 0x05ac [ 2848A9079415D1D5B3D38890C59CB43B, B3DC009CA9978826AE1F948EF23831D49EB68C7E511AC4F5DD2E554830A2BA2A ] Themes C:\WINDOWS\System32\shsvcs.dll 09:58:00.0125 0x05ac Themes - ok 09:58:00.0187 0x05ac [ 0FDF294D30CA53391485132854151B26, 6CD8BDDEC3B712C65E71964375565EE7DB60E77D1809FBDA85DE3B0C0B190F34 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 09:58:00.0265 0x05ac TlntSvr - ok 09:58:00.0265 0x05ac TosIde - ok 09:58:00.0359 0x05ac [ 483FFCD8E5080198D87EEED44246E6A9, 769748087408A515B865079BE3FAE3BF1F483A750EB376509844FC787AB6ADEC ] TrkWks C:\WINDOWS\system32\trkwks.dll 09:58:00.0500 0x05ac TrkWks - ok 09:58:00.0562 0x05ac [ A6DD2DFCC44EC61D18AA645620CD8F63, 74B4BBBAD1955CED21F14C9AAB19805689FA077B6BFACDD4C12B45D4C78A9DBB ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 09:58:00.0703 0x05ac Udfs - ok 09:58:00.0703 0x05ac ultra - ok 09:58:00.0781 0x05ac [ 2288385C3326F956A578F24C15DA26DA, 008ADD0B36427E24DD3CE1A282A188A99B6D06DEDDA29877AC5872074E554FBC ] Update C:\WINDOWS\system32\DRIVERS\update.sys 09:58:00.0875 0x05ac Update - ok 09:58:01.0031 0x05ac [ BD30D0B4B041B7D2C7006A25DA43A5A8, 32FE8193573747D800AB90AC23396EB478B2D46226085F265ECCAA4C47F8E67F ] upnphost C:\WINDOWS\System32\upnphost.dll 09:58:01.0203 0x05ac upnphost - ok 09:58:01.0218 0x05ac [ 3EC1501AA03CECD66ED093428FBC8B0E, A54797051FF44765BA62BA9F71B3F4D6E0E3494DBA193930AE88D7A3CCBEE503 ] UPS C:\WINDOWS\System32\ups.exe 09:58:01.0328 0x05ac UPS - ok 09:58:01.0406 0x05ac [ 07495FD89CBE07BF2CACBEC77FA9821B, FD19B77CFE7943EC42493E4E11242B9C8F17E794FBB7F9E9C41DBAC0EA03F834 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 09:58:01.0468 0x05ac usbaudio - ok 09:58:01.0500 0x05ac [ 35AA2A9FFD53B0704A2B9F96AD8A499F, 2874A3232D01A1306335A39F028C5C63BAFF72089A36EE75E33F1CBB0D3A4203 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 09:58:01.0546 0x05ac usbccgp - ok 09:58:01.0593 0x05ac [ C98711361F5A79E891B223256CF77333, 7772D20E1A62AE7A6A4A8CEB0B7975ED327473D68B6D0532C098BA9F1A392C48 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:58:01.0640 0x05ac usbehci - ok 09:58:01.0703 0x05ac [ B411E38E729F84F6E7D7E0D65FD04C98, 370A1297148571CF438EB6EC8CB73B7B8C049720F4A3FCD2F6FD0AD787500899 ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys 09:58:01.0718 0x05ac usbfilter - ok 09:58:01.0765 0x05ac [ 755F0898121141322007AC08156AA4CB, 0E8431F4702660D3854D01F4C69E04EDBA84D4FAA543FDC905CB66745315B249 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:58:01.0828 0x05ac usbhub - ok 09:58:01.0859 0x05ac [ 5E49C7923AB1101A2729B5B201ADB064, 44233A13F08A4A00FFC064F5F965FADFA3A7F9E5C8F98E1326C81171603C8ECE ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 09:58:01.0890 0x05ac usbohci - ok 09:58:01.0937 0x05ac [ EDCE8A162E8023FD1751E08E23E41948, 6BFCEC240F243FA213D844D0A0A736BC96DDC57CE2FF5AB0A93A70FE5B91CDCA ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:58:02.0015 0x05ac USBSTOR - ok 09:58:02.0125 0x05ac [ 56425FF3A2D605D8B7320D56DDEA26B2, AA42DD951979B930A5858DF2C763A0B94FBC54079BF3ED1FC576B01079D840A1 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 09:58:02.0234 0x05ac usbvideo - ok 09:58:02.0515 0x05ac [ 6330D6ED756C0F7746F59C067C52CE7B, 602B470C2BE448F5BA8BB20253EA4FCF92CAFBF7FF609A8DC51011773647A192 ] vds C:\WINDOWS\System32\vds.exe 09:58:03.0093 0x05ac vds - ok 09:58:03.0109 0x05ac [ B40CFD2FFDD838B0CE0C35EE449407BD, E5ABAA0DC1E55B71522A908287820FB91B2ED554A1F1D45CA3FBEE59C674F77E ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys 09:58:03.0187 0x05ac vga - ok 09:58:03.0203 0x05ac [ 78EBFE6F11F10DB8237B910E9158CA91, E2F6EC862C80F6C6CEAEE586659A99C725B9EB8C786CB0A9E51F36946523D8BD ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 09:58:03.0281 0x05ac VgaSave - ok 09:58:03.0281 0x05ac ViaIde - ok 09:58:03.0437 0x05ac [ 6066EE12AA0066BA3184C71B34414448, 01BED4E92D397CF335FD95B4179F762CCB3F25C7BC488A55F9F80991A3C353A7 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys 09:58:03.0656 0x05ac VolSnap - ok 09:58:04.0546 0x05ac [ BED4FD37BAA73666F419D5BB535710C9, 1C08F6BAE550364C494C63F00EFD1A912CCF3E40EBEBA29CCDF1003A3007D16F ] VSS C:\WINDOWS\System32\vssvc.exe 09:58:06.0234 0x05ac VSS - ok 09:58:06.0265 0x05ac [ 73E1B04E3F8A6EEC98B58637CAB24998, 17540C81874BD150482650855888A5A53EF7A218E0C20EBADA86C172FB280DB2 ] vzandnetdiag C:\WINDOWS\system32\DRIVERS\lgvzandnetdiag64.sys 09:58:06.0437 0x05ac vzandnetdiag - ok 09:58:06.0468 0x05ac [ 4C42D3454DFE2B485BAE2B2D079BB491, 728E42B6BE5C85606636D160DFCACEFAE7886A5058D95AB0936C8CF666F90B15 ] vzandnetmodem C:\WINDOWS\system32\DRIVERS\lgvzandnetmdm64.sys 09:58:06.0515 0x05ac vzandnetmodem - ok 09:58:06.0578 0x05ac [ EAEAB2E53178C19BB862F158D4DF9D81, 10F3AF0E4125692DCC2CB557B979B43CEEADA3B698A9E22C321AD19937C30445 ] vzandnetndis C:\WINDOWS\system32\DRIVERS\lgvzandnetndis64.sys 09:58:06.0640 0x05ac vzandnetndis - ok 09:58:06.0828 0x05ac [ C4E1B9CC2BCBD6756B3F3BF4D45E5F68, 6F7630A6DC8AEE73AC0BC61654920C7E853C249779A456BA1FF9E731EA39CD80 ] W32Time C:\WINDOWS\system32\w32time.dll 09:58:07.0156 0x05ac W32Time - ok 09:58:07.0187 0x05ac [ D2A01D73FE4A455C1D741B48C56763B2, 4BE09FF135A64A17C505C15C8F5DCB04C61BF43CA5C0C6530AD25B46C91B7C1D ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:58:07.0265 0x05ac Wanarp - ok 09:58:07.0265 0x05ac WDICA - ok 09:58:07.0359 0x05ac [ DAFF7E89C84079022B9606F83E1BD29A, 7DEB90751776F6BD5578746738531FD8F1E5E149689D8766620DC1383559EAF9 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 09:58:07.0515 0x05ac wdmaud - ok 09:58:07.0578 0x05ac [ 9F191E38BFDF9EACC150E876671695DA, B0436D1FB157F1A62A40724BB1C303EBBA1C5217B2619C1FE7D71CFCF55EC1FD ] WebClient C:\WINDOWS\System32\webclnt.dll 09:58:07.0656 0x05ac WebClient - ok 09:58:07.0687 0x05ac WinHttpAutoProxySvc - ok 09:58:07.0843 0x05ac [ 881271D649E778690A365D73B8958509, 33450D9174FDABEC3D504AA4B8E7C3F051A97976E24276047F9A6758837F90A1 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 09:58:07.0984 0x05ac winmgmt - ok 09:58:08.0031 0x05ac [ 4D32F7BDBF325792AE28D5380DDF6BCF, 56D5B1E1C809E6C8E03514ECB4E7E53A4C18B263201B46BCCEB8A1EA83521D66 ] WmdmPmSN C:\WINDOWS\SysWOW64\mspmsnsv.dll 09:58:08.0218 0x05ac WmdmPmSN - ok 09:58:08.0687 0x05ac [ 9B420512EB2033C2CD61DCA13CC763F7, 5A7D4DE86D1E5C2C96CA90DAE39C52C50735DC1754EBB29DD6693A34F0755A0F ] Wmi C:\WINDOWS\System32\advapi32.dll 09:58:09.0531 0x05ac Wmi - ok 09:58:09.0656 0x05ac [ 56980BE8B5A6861B5D9175EABA8AC7DC, BC47558AA9C9F282A9EFAADF9DC2D9C454FBE48A87AF9AE9EF5EA07139354061 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 09:58:09.0812 0x05ac WmiApSrv - ok 09:58:09.0859 0x05ac [ 26C038B5F723EE2A433CBFBB12CACFFC, A314F063B9752CF91E8E69AED8052A4238E7FB7B2007467D9B12F96482F30E16 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys 09:58:09.0906 0x05ac WpdUsb - ok 09:58:10.0375 0x05ac [ B42B9D8ABC18DFBCD6044BC10B3A9B99, FD00756DADD3BFC382FC80D7D1D25592385E647C7EAC318C154E949A51D9DC27 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 09:58:11.0171 0x05ac WPFFontCache_v0400 - ok 09:58:11.0234 0x05ac [ 82960CE97C1898C28D7AE62BA6721D27, 1FDB191D274E7E228B4D78A7EA9106B95BABCED23488D5DE7D74F5B321CF60AC ] wscsvc C:\WINDOWS\system32\wscsvc.dll 09:58:11.0406 0x05ac wscsvc - ok 09:58:11.0437 0x05ac [ 478A0C5CC7DC817269654804E495B81A, 1BD9C1A85FF0299F98F2C42D011CD8C78F00CF14F800E0BBC42FBE1A63FEEB0B ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 09:58:11.0500 0x05ac WSTCODEC - ok 09:58:11.0531 0x05ac [ 6916EAA85E66053E9904F45764DFE5EA, 15E31448429F601D8403286724116D5E68B8191C58AB686461114062720BE5E6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 09:58:11.0546 0x05ac wuauserv - ok 09:58:11.0609 0x05ac [ 3F98A4E57933963CF2A941BB48F9D47A, 5AF120657C2AEA3D749D97D0CD1F7500873A39B685FA8A2046A94004DF7A17A7 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:58:11.0671 0x05ac WudfPf - ok 09:58:11.0734 0x05ac [ 881C0C35CDD09077B0E95EC2269CB44C, 43E1847031666789885747A3537E5B76BE8122070646A8A58942C5E39EF69C01 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:58:11.0796 0x05ac WudfRd - ok 09:58:11.0843 0x05ac [ 9DCF6C499773B709DE8F70CD5013CB38, AD63481DCCD8B78A81E87C79644300E18392C50512A979DD80704F1922CF8FCE ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 09:58:11.0906 0x05ac WudfSvc - ok 09:58:12.0203 0x05ac [ F4EC5C736BBA9A27F9C36412C930B386, 51820C6FC8E865D4927EC8DADC435A70B2554195CF8DC226CE6A7FBDDA697CD4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 09:58:12.0812 0x05ac WZCSVC - ok 09:58:12.0953 0x05ac [ A1ABA5A0B4F1FF9B83C50F92F8C080A2, 757A3F939DA878921BB23CD9560A33AD15E91A9718A132EECB61EF3D45506959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 09:58:13.0203 0x05ac xmlprov - ok 09:58:13.0218 0x05ac ================ Scan global =============================== 09:58:13.0265 0x05ac [ 7634018F2F2F1818F77557F64C78331E, 15DA4B9E7C20BF79840788D89D3D841E97BDD84E97DF4BB900250FD17BB92E7C ] C:\WINDOWS\system32\basesrv.dll 09:58:13.0531 0x05ac [ 7565BAF0AA60F536FD3714BBEFC9DB8B, BABE0380F2356CA4ADD49E739A7047208ABB2974FA5A177447ADC8F62C6EFFE6 ] C:\WINDOWS\system32\winsrv.dll 09:58:13.0984 0x05ac [ 7565BAF0AA60F536FD3714BBEFC9DB8B, BABE0380F2356CA4ADD49E739A7047208ABB2974FA5A177447ADC8F62C6EFFE6 ] C:\WINDOWS\system32\winsrv.dll 09:58:14.0093 0x05ac [ F45468C29F0F877041C02ABEA981DCDB, 06A1CEABEAA3D8F4314D243AF42C945DF33F3F9F9DAD88D885E311E0A6493D40 ] C:\WINDOWS\system32\services.exe 09:58:14.0109 0x05ac [ Global ] - ok 09:58:14.0109 0x05ac ================ Scan MBR ================================== 09:58:14.0140 0x05ac [ 2B7091CA91E2218C922AD5EFD64677B6 ] \Device\Harddisk0\DR0 09:58:15.0031 0x05ac \Device\Harddisk0\DR0 - ok 09:58:15.0031 0x05ac ================ Scan VBR ================================== 09:58:15.0046 0x05ac [ 578D1342D72683B40234BBBC74440937 ] \Device\Harddisk0\DR0\Partition1 09:58:15.0093 0x05ac \Device\Harddisk0\DR0\Partition1 - ok 09:58:15.0093 0x05ac ================ Scan generic autorun ====================== 09:58:23.0828 0x05ac [ CF414215FF475E1D49312D8176670011, CB8CE94552BB8D644FECCD4B625760EF9293E7EF90F5EF36AD9201A01B135909 ] C:\WINDOWS\RTHDCPL.EXE 09:58:40.0796 0x05ac RTHDCPL - ok 09:58:40.0875 0x05ac [ 798C0C1FF4E0FCE646CA82AE0379CCB0, 54D08331F511823755CBBAC3AAD698BBCDFCDE71F47B827DCFC6ADA89E753D80 ] C:\WINDOWS\SOUNDMAN.EXE 09:58:40.0921 0x05ac SoundMan - ok 09:58:42.0156 0x05ac [ 39C913873B3AB8593116BD4A7B9BB82B, 190227920185B9EAC3B966AF7A1E5C90276B9E93D42A274DDDCB6DC11E86C940 ] C:\WINDOWS\ALCWZRD.EXE 09:58:44.0468 0x05ac AlcWzrd - ok 09:58:44.0515 0x05ac [ EEB2E393B7EB8EBC1E9E56ED005806EC, 27F2937E5D1008539FF2D046EA489A751080EC6B8EA1B2BDA2FC703120A3615A ] C:\WINDOWS\ALCMTR.EXE 09:58:44.0546 0x05ac Alcmtr - ok 09:58:44.0546 0x05ac KernelFaultCheck - ok 09:58:44.0562 0x05ac vProt - ok 09:58:44.0718 0x05ac [ AEC5DDCD0D4AF409FB864F636D8B4BC8, BA5C69F09CEC1F5D46661AA1EFA93241A8B7423F7A4E6C1645B86F5AE4DE2D4E ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 09:58:44.0953 0x05ac StartCCC - detected UnsignedFile.Multi.Generic ( 1 ) 09:58:44.0953 0x05ac StartCCC ( UnsignedFile.Multi.Generic ) - warning 09:58:45.0093 0x05ac [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 09:58:45.0218 0x05ac SunJavaUpdateSched - ok 09:58:45.0359 0x05ac [ B4C6E3889BB310CA7E974A04EC6E46AC, 522F2D5AEC8707D071A1F95C90EFC5EE87755DBF41461FB0E8B14F4B989C046F ] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe 09:58:45.0468 0x05ac 0 - ok 09:58:45.0562 0x05ac [ B4C6E3889BB310CA7E974A04EC6E46AC, 522F2D5AEC8707D071A1F95C90EFC5EE87755DBF41461FB0E8B14F4B989C046F ] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe 09:58:45.0578 0x05ac 1 - ok 09:58:45.0640 0x05ac [ 20F0FD2AF9C3C9BDE39BEE469F5A9928, DD829A6B75C79854139112AC08BFD7BA26225EE44A1FF1124CA23481A5576CBE ] C:\WINDOWS\system32\tscupgrd.exe 09:58:45.0734 0x05ac tscuninstall - ok 09:58:45.0734 0x05ac TSClientMSIUninstaller - ok 09:58:45.0765 0x05ac [ 20F0FD2AF9C3C9BDE39BEE469F5A9928, DD829A6B75C79854139112AC08BFD7BA26225EE44A1FF1124CA23481A5576CBE ] C:\WINDOWS\system32\tscupgrd.exe 09:58:45.0828 0x05ac tscuninstall - ok 09:58:45.0828 0x05ac TSClientMSIUninstaller - ok 09:58:45.0859 0x05ac AVG-Secure-Search-Update_1113a - ok 09:58:45.0890 0x05ac [ 5017CAC616D0215AD82E63500CD7CB76, 2C64903C0A71C0D0F90188B3223ECC1AA149A0ED4868B19280689859899FC0A2 ] C:\WINDOWS\system32\ctfmon.exe 09:58:45.0968 0x05ac ctfmon.exe - ok 09:58:47.0078 0x05ac [ 659E41FF694DEE4EA0968402AB90036C, A43B964A1A192B407F5AD7921E678371DD8707F031836213C1FC572BAE373C32 ] C:\Program Files\PeerBlock\peerblock.exe 09:58:49.0125 0x05ac PeerBlock - ok 09:58:49.0218 0x05ac [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe 09:58:49.0281 0x05ac Google Update - ok 09:58:50.0140 0x05ac AV detected via SS1: AVG AntiVirus Free Edition 2015, 2015.0, enabled, updated 09:58:50.0187 0x05ac ============================================================ 09:58:50.0187 0x05ac Scan finished 09:58:50.0187 0x05ac ============================================================ 09:58:50.0218 0x05a4 Detected object count: 2 09:58:50.0218 0x05a4 Actual detected object count: 2 09:59:13.0062 0x05a4 Steam Client Service ( UnsignedFile.Multi.Generic ) - skipped by user 09:59:13.0062 0x05a4 Steam Client Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:59:13.0062 0x05a4 StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user 09:59:13.0062 0x05a4 StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:00:50.0562 0x051c Deinitialize success -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Yay! Alright, so after having to dig AVG out by the roots when I uninstalled and removed it, and it STILL had files floating around, I tried to scan with MBAM both regular and Chameleon, no dice. VanillaBAM crashed with error 13, and Chameleon couldn't disable the protection driver. I also ran FRST again, if you'd like the logs from that I can post them. -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
*Goes into normal startup* [windows boot sound] -on a frozen welcome screen "Welp, to Safe Mode and Scans!" *Malwarebytes non-chameleon version crashes with no given reason* *Chameleon gets further than it did before when it tried to scan, but gets Runtime Error 13* -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
No worries, life and other such distractions happen. Is that what the Zoek scan was supposed to do, fix things? I haven't tried using XP out of safe mode yet, lemme go find out. -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Mk, so the first time I ran Zoek it failed with "DaS21 has encountered a problem...". And the program was frozen with this much done; Zoek.exe v5.0.0.0 Updated 05-March-2015 Tool run by Administrator on Sat 04/04/2015 at 19:32:26.62. Microsoft® Windows® XP Professional x64 Edition 5.2.3790 Service Pack 2 x64 Running in: Safe Mode MINIMAL No Internet Access Detected Launched: C:\Documents and Settings\Administrator\My Documents\Downloads\zoek.exe [scan all users] [script inserted] ===== Runcheck 19:42:51.85 ===== --- Create Environment Variables 19:42:55.79 --- Create System Restore Point 19:43:19.15 --- Checking Input 19:43:19.60 --- AU AppData Check 19:51:26.42 --- Remove From Windows Installer 19:51:31.01 So I closed it, and ran it again, and it completed with this; Zoek.exe v5.0.0.0 Updated 05-March-2015 Tool run by Administrator on Sat 04/04/2015 at 19:32:26.62. Microsoft® Windows® XP Professional x64 Edition 5.2.3790 Service Pack 2 x64 Running in: Safe Mode MINIMAL No Internet Access Detected Launched: C:\Documents and Settings\Administrator\My Documents\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== Failed to create System Restore Point. ==== Empty Folders Check ====================== C:\PROGRA~2\dumps deleted successfully C:\Documents and Settings\Administrator\Application Data\Awesomium deleted successfully C:\Documents and Settings\Administrator\Application Data\ghc deleted successfully C:\Documents and Settings\Administrator\Application Data\Kits deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe deleted successfully C:\Documents and Settings\Trisscar\Local Settings\Application Data\Adobe deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3672941455-1464248776-2028469470-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3672941455-1464248776-2028469470-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3672941455-1464248776-2028469470-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3672941455-1464248776-2028469470-500\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Running Processes ====================== C:\Documents and Settings\Administrator\My Documents\Downloads\zoek.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.3.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.3.0 deleted successfully ==== Deleting Files \ Folders ====================== C:\PROGRA~2\dumps not found C:\PROGRA~2\accessible deleted C:\PROGRA~2\platforms deleted C:\PROGRA~2\soundbackends deleted C:\PROGRA~2\sqldrivers deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted C:\PROGRA~2\AVG Security Toolbar deleted C:\PROGRA~2\AVG SafeGuard toolbar deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\found.000 deleted C:\Documents and Settings\Administrator\Application Data\AVG SafeGuard toolbar deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\LaunchURL.bat deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avg_Update_0215tb deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avg_Update_0814tb deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avg_Update_1114tb deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avg_Update_1214tb deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AVG Security Toolbar deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AVG Secure Search deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AVG SafeGuard toolbar deleted C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Package Cache deleted C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search deleted C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG SafeGuard toolbar deleted C:\WINDOWS\SET3.tmp deleted C:\WINDOWS\SET4.tmp deleted C:\WINDOWS\SET6.tmp deleted C:\WINDOWS\Syswow64\AUTOEXEC.TMP deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\sxx5vke9.default\searchplugins\safeguard-secure-search.xml deleted C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\sxx5vke9.default\jetpack deleted ==== System Specs ====================== Operating System: Microsoft® Windows® XP Professional x64 Edition 5.2.3790 Service Pack 2 Manufacturer: Gigabyte Technology Co., Ltd. - Model: To be filled by O.E.M. Install Date: 11/23/2013 3:19:45 PM Last Boot: 4/4/2015 7:26:10 PM Processor: AMD A4-5300 APU with Radeon HD Graphics Number of Processors: 2 Work Station Bootmode: Fail-safe boot Total RAM: 8136 MB (free 7468 MB - 91) Computername: FAUXGLASS Domain: WORKGROUP User: Administrator (Administrator account) Local Disk: C:\ - NTFS - 97 GB (free 15 GB) CD \ DVD Drive: D:\ Local Disk: F:\ - NTFS - 465 GB (free 396 GB) Bootdevice: \Device\HarddiskVolume1 Windows update: Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning enabled (Updated) Default Browser: Firefox 36.0.4 Internet Explorer version: 8.0.6001.18702 Mozilla Firefox version: 36.0.4 (x86 en-US) Google Chrome version: 41.0.2272.101 Sun Java version: 1.7.0_71 (32-bit) Sun Java version: 1.7.0_45 (64-bit) Flash Player version: 17.0.0.134 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-03-28 09:09:11 22AABBE27349CFCE71706F082CF31664 7168 --sha-w- C:\WINDOWS\Thumbs.db ====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ==== 2015-04-01 05:36:23 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Temp\GUR2.exe 2015-03-26 16:54:18 5647170CF24A08A03619C8EFD7772676 196608 ------w- C:\Documents and Settings\Administrator\Local Settings\Temp\jna4567225690003361225.dll 2015-03-26 16:44:26 5647170CF24A08A03619C8EFD7772676 196608 ------w- C:\Documents and Settings\Administrator\Local Settings\Temp\jna902821260636678088.dll 2015-03-26 16:37:36 5647170CF24A08A03619C8EFD7772676 196608 ------w- C:\Documents and Settings\Administrator\Local Settings\Temp\jna533384800677996437.dll 2015-03-26 16:10:23 5647170CF24A08A03619C8EFD7772676 196608 ------w- C:\Documents and Settings\Administrator\Local Settings\Temp\jna2380359607746082389.dll 2015-03-26 16:09:28 5647170CF24A08A03619C8EFD7772676 196608 ------w- C:\Documents and Settings\Administrator\Local Settings\Temp\jna6725876268375095406.dll 2015-03-24 22:17:06 5647170CF24A08A03619C8EFD7772676 196608 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Temp\jna3667900515545008488.dll 2015-03-22 16:50:49 5647170CF24A08A03619C8EFD7772676 196608 ------w- C:\Documents and Settings\Administrator\Local Settings\Temp\jna5432587800982684807.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2015-04-01 06:22:35 4A5FFDF0FE830C448830BD4B02B02B4B 35144 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-03-10 04:57:47 -------- d-----w- C:\PROGRA~2\Regrowth ======= C: ===== 2015-03-28 09:09:12 6F455ECEA0582D32B44FB2A11355982F 15360 --sha-w- C:\Thumbs.db 2015-03-27 06:25:37 94020B827C1AAC0601D671CDFDDE5730 110 ----a-w- C:\Regrowth points of interest.txt ====== C:\Documents and Settings\Administrator\Application Data ====== ====== C:\Documents and Settings\Administrator ====== ====== C: exe-files == 2015-04-03 08:15:42 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Documents and Settings\Administrator\My Documents\Downloads\FRST64.exe 2015-04-01 05:36:23 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Temp\GUR2.exe 2015-03-31 16:44:49 85EA06E302FCB8332E279344FE5B471C 24016 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe 2015-03-31 16:44:48 AF3F12BD23C0F248995E53B96B4D9A76 70096 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avguirux.exe 2015-03-31 16:44:48 67CC44B392217B6E8DDF2F3277257290 22992 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe 2015-03-31 16:44:48 20E969D3E7990BD96941E1AA97842DC9 6325528 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe === C: other files == 2015-04-01 06:22:35 4A5FFDF0FE830C448830BD4B02B02B4B 35144 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys 2015-03-31 12:38:06 2873B0718A70F7DCB0BFC106906A6CF2 10020 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-31_05.37.39.zip 2015-03-31 02:56:06 090212BE49F14CB708686F9CFA8A7C42 92196683 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\saves\Garden Oasis-20150330-195606.zip 2015-03-31 02:53:28 9B3D36F41D775319E77694705913F63F 11051 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-30_19.53.01.zip 2015-03-31 02:25:58 EF78FFDA65BBC8AE05F6AAD5FA04F8D4 11080 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-30_19.25.30.zip 2015-03-31 00:19:48 D16882298CCC7F3EBA4E4E5B2A1E2476 10931 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-30_17.19.22.zip 2015-03-30 11:36:36 A5FF98FBB0101A60A48140245D314AF7 10664 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-30_04.36.10.zip 2015-03-30 11:27:24 A0937681791217AE21655D6D4148BAC1 10196 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-30_04.26.57.zip 2015-03-30 04:46:12 7E5DDF657665831FB80069CA5378F644 11079 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-29_21.45.40.zip 2015-03-30 03:05:37 F6B2FF853E8E14DFB1A83FB123974F85 7838 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-29_20.05.12.zip 2015-03-29 21:02:39 CC0B54D662E8DA8596EFC127DFA29B40 7838 ----a-w- C:\Program Files (x86)\Regrowth\minecraft\reports\2015-03-29_14.02.08.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3672941455-1464248776-2028469470-500\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_1113a"="C:\Documents and Settings\Administrator\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=773fc5da4aa147d380294597c69f08d7-6a994120716954f0a8437465a30b00dcbb42de97 /CMPID=1113a" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "PeerBlock"="C:\Program Files\PeerBlock\peerblock.exe" "Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="cmd.exe /C cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe " [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="cmd.exe /C cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe " [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="cmd.exe /C cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "vProt"="C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "0"="C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /bootscan /p" "1"="C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_1113a"="C:\Documents and Settings\Administrator\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=773fc5da4aa147d380294597c69f08d7-6a994120716954f0a8437465a30b00dcbb42de97 /CMPID=1113a" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "PeerBlock"="C:\Program Files\PeerBlock\peerblock.exe" "Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" "SoundMan"="SOUNDMAN.EXE" "AlcWzrd"="ALCWZRD.EXE" "Alcmtr"="ALCMTR.EXE" "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/23/2013 05:48 PM] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/23/2013 05:48 PM] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3672941455-1464248776-2028469470-500Core.job --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [11/12/2014 07:34 PM] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3672941455-1464248776-2028469470-500UA.job --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [11/12/2014 07:34 PM] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\sxx5vke9.default user_pref("browser.startup.homepage", "https://www.google.com/"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.defaultenginename.US", "Google"); user_pref("keyword.URL", ""); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG SafeGuard toolbar\FireFoxExt\18.3.0.885" [] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\sxx5vke9.default - Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - Undetermined - {20a82645-c095-46ed-80e3-08825760534b} - Undetermined - {73a6fe31-595d-460b-a920-fcc0f8843232} - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Documents and Settings\Trisscar\Application Data\Mozilla\Firefox\Profiles\c3b5tf13.default - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sxx5vke9.default AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 43583AB4DFD406F4C188342F41B1F91C - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash 98137411B9C632095F919E2CE70B288A - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update 2D684F0DDF782C73847BED9503250991 - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin 6C3E34E303DBDCB9F7EC1F7A7F6B1629 - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer ==== Chromium Look ====================== Google Chrome Version: 31.0.1650.57 (Could not determine latest Stable Version) Google Chrome Version: 41.0.2272.101 (Could not determine latest Stable Version) Google Docs - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Hangouts - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl Chrome Hotword Shared Module - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg {scripts [scripts/common.jsscripts/background.js]}content_scripts:[{all_frames:falsejs:[scripts/content.jsscripts/contentInit.js]matches:[<all_urls>]run_at:document_end}]description:Search the web safely using the AVG SafeGuard toolbar.icons:{128:icons/avg_icon_128.png}key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQABmanifest_version:2name:AVG SafeGuardpermissions:[<all_urls>tabsnativeMessaginghistory]update_url:https://clients2.google.com/service/update2/crxversion:18.1.5.514}- Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Google Wallet - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Changes to sync - Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla Google Docs - Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Mail Checker - Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff Google Wallet - Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://mysearch.avg.com?cid={D97AB8BB-09E7-4C68-830F-4CDF362B7CCA}&mid=773fc5da4aa147d380294597c69f08d7-6a994120716954f0a8437465a30b00dcbb42de97〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-10-2423:36:32&v=18.3.0.885&pid=safeguard&sg=0&sap=hp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [0] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /bootscan /p O4 - HKLM\..\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1113a] C:\Documents and Settings\Administrator\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=773fc5da4aa147d380294597c69f08d7-6a994120716954f0a8437465a30b00dcbb42de97 /CMPID=1113a O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://runonce.msn.com O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: MBAMScheduler - Unknown owner - \mbamscheduler.exe (file missing) O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Trisscar\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sxx5vke9.default\cache2 emptied successfully C:\Documents and Settings\Trisscar\Local Settings\Application Data\Mozilla\Firefox\Profiles\c3b5tf13.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Trisscar\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=470 folders=218 175644913 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp emptied successfully C:\Documents and Settings\Trisscar\Local Settings\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on Sat 04/04/2015 at 20:38:39.50 ====================== -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
It seems that AVG, when I click on the icon on the desktop, only has the option to run a command line scan while in safe mode, and a curosry look around it's various file locations revealed no way to either disable it manually or access it's options menu where you supposedly can do so. Shall I run Zoek anyway? -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Wait, did that work?.... I see no attachments on my end, the heck, lemme try that again.... FRST.txt Addition.txt -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Heh. Here ya go. -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Kk, I'll let you know how that goes. -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
Also dangit forum, lemme edit my posts so that I can fix you messing with my formatting. XD -
Malware is blocking me from even scanning :(
Trisscar replied to Trisscar's topic in Resolved Malware Removal Logs
*Goes and tests things* -VLC media player won't open, it just creates a process in task manager that never does anything -Age of Wonders (old game), Brings up a window, which stays black -Firefox, can't connect to the net, otherwise seems fine -Open Office, also seems fine