FBI moneypak help me please

lecohen123

New Member
Thread author
May 13, 2013
11
HI.

Can someone please help. I have the fbi warning pops on my friends computer. I tried hitman pro and it still doesn't work. Right now im in system recovery options. Not sure what else to do. Thanks for your time and patience.


I couldn't run otl and aswmbr
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi lecohen123 and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:

Fiery

Level 1
Jan 11, 2011
2,007
Your friend's PC may be a 64 bit machine then.

Delete the frst.exe on your USB and download this one.

<li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
 
Last edited by a moderator:

lecohen123

New Member
Thread author
May 13, 2013
11
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-05-2013
Ran by SYSTEM on 13-05-2013 16:27:22
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet005
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [161304 2010-08-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [386584 2010-08-10] (Intel Corporation)
HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [415256 2010-08-10] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SAIICpl.exe" /t [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2011-12-01] (SupportSoft, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Sammy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-14] (Google Inc.)
HKU\Sammy\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4973456 2013-03-14] (Exent Technologies Ltd.)
HKU\Sammy\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-16] ()
HKU\Sammy\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [28467264 2013-01-20] (ooVoo LLC)
HKU\Sammy\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKU\Sammy\...\Run: [Facebook Update] "C:\Users\Sammy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-11-05] (Facebook Inc.)
HKU\Sammy\...\Run: [Akamai NetSession Interface] "C:\Users\Sammy\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\Sammy\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\Sammy\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\Sammy\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)
HKU\Sammy\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sammy\Documents\44bfefeb.exe [30208 2013-05-11] ()
HKU\Sammy\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) =================

S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)
S2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-12-23] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-30] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120113.002\IDSvia64.sys [488568 2012-01-13] (Symantec Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120114.019\ENG64.SYS [117880 2011-12-30] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120114.019\EX64.SYS [2048632 2011-12-30] (Symantec Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-13] (Symantec Corporation)
S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S1 bkmupewq; \??\C:\windows\system32\drivers\bkmupewq.sys [x]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
S1 nnqstaba; \??\C:\windows\system32\drivers\nnqstaba.sys [x]
S1 rvqutugk; \??\C:\windows\system32\drivers\rvqutugk.sys [x]
S3 SRTSP; \SystemRoot\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS; \SystemRoot\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 ubfcdqou; \??\C:\windows\system32\drivers\ubfcdqou.sys [x]
S1 ukcvaboe; \??\C:\windows\system32\drivers\ukcvaboe.sys [x]
S1 vrfghvcz; \??\C:\windows\system32\drivers\vrfghvcz.sys [x]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]
S3 X6va005; \??\C:\Users\Sammy\AppData\Local\Temp\005421F.tmp [x]
S3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-13 16:27 - 2013-05-13 16:27 - 00000000 ____D C:\FRST
2013-05-13 10:45 - 2013-05-13 10:45 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-05-13 09:01 - 2013-05-13 09:01 - 00000000 ____A C:\config.sys
2013-05-13 04:53 - 2013-05-13 04:53 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-12 22:17 - 2013-05-13 05:08 - 00000002 ____A C:\Users\Sammy\Desktop\Rkill.txt
2013-05-12 08:59 - 2013-05-13 10:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-11 11:31 - 2013-05-11 11:31 - 00000000 __SHD C:\found.000
2013-05-11 07:18 - 2013-05-11 07:18 - 01096081 ____A C:\Users\Sammy\AppData\Local\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 01096064 ____A C:\Users\Sammy\AppData\Roaming\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 01096048 ____A C:\ProgramData\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 00030208 ____A C:\Users\Sammy\Documents\44bfefeb.exe
2013-05-04 05:35 - 2013-05-06 23:23 - 00000000 ____D C:\Users\Sammy\Desktop\music 2
2013-05-02 15:21 - 2013-05-02 15:23 - 90130256 ____A (Apple Inc.) C:\Users\Sammy\Downloads\iTunes64Setup.exe
2013-04-26 14:26 - 2013-04-26 14:27 - 86281098 ____A C:\Users\Sammy\Downloads\Lil Wayne & Young Money - YMCMB- The Mixtape[TapeJams.com].zip
2013-04-26 14:23 - 2013-04-26 14:23 - 81655197 ____A C:\Users\Sammy\Downloads\Soulja Boy - Foreign 2[TapeJams.com].zip
2013-04-26 14:18 - 2013-04-26 14:18 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com] (1).zip
2013-04-26 14:17 - 2013-04-26 14:17 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com].zip
2013-04-26 13:11 - 2013-04-26 13:16 - 88638064 ____A C:\Users\Sammy\Downloads\A$AP Rocky - Long Live A$AP - AlbumJams.zip
2013-04-24 10:38 - 2013-04-24 10:39 - 00920234 ____A (Solid State Networks) C:\Users\Sammy\Downloads\Unconfirmed 585497.crdownload
2013-04-23 13:14 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-21 03:48 - 2013-04-21 03:49 - 113130546 ____A C:\Users\Sammy\Documents\DMO_MP_v78_86_20130409.exe
2013-04-21 03:44 - 2013-04-21 03:44 - 00000701 ____A C:\Users\Sammy\Desktop\GDMO.lnk
2013-04-21 03:41 - 2013-04-21 03:41 - 00000000 ____D C:\Joymax
2013-04-21 03:23 - 2013-04-21 03:30 - 760347378 ____A C:\Users\Sammy\Documents\DMO_Install_20130409.exe
2013-04-16 11:35 - 2013-04-16 11:35 - 00006890 ____A C:\AdwCleaner[S2].txt
2013-04-16 11:35 - 2013-04-16 11:35 - 00000172 ____A C:\Windows\DeleteOnReboot.bat
2013-04-16 11:34 - 2013-04-16 11:34 - 00007202 ____A C:\AdwCleaner[R2].txt
2013-04-16 11:33 - 2013-04-16 11:34 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner (1).exe
2013-04-16 11:33 - 2013-04-16 11:33 - 00000320 ____A C:\AdwCleaner[S1].txt
2013-04-16 11:32 - 2013-04-16 11:33 - 00007079 ____A C:\AdwCleaner[R1].txt
2013-04-16 11:32 - 2013-04-16 11:32 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner.exe
2013-04-16 08:00 - 2013-04-16 08:00 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-04-16 07:51 - 2013-04-16 07:51 - 00001945 ____A C:\Windows\epplauncher.mif
2013-04-16 07:49 - 2013-04-16 07:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-16 07:49 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-04-16 07:39 - 2013-04-16 07:39 - 00002085 ____A C:\Users\Public\Desktop\Play Free Games.lnk
2013-04-16 07:39 - 2013-04-16 07:39 - 00001164 ____A C:\Users\Public\Desktop\More FREE games.lnk
2013-04-16 07:38 - 2013-04-16 07:38 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-16 07:38 - 2013-04-16 07:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-15 13:15 - 2013-04-16 07:35 - 00000000 ____A C:\ProgramData\as98213.txt
2013-04-15 13:15 - 2013-04-15 16:07 - 95023320 ___AT C:\ProgramData\1olvg.pad
2013-04-15 13:15 - 2013-04-15 13:15 - 00000151 ____A C:\ProgramData\1olvg.reg
2013-04-15 13:15 - 2013-04-15 13:15 - 00000055 ____A C:\ProgramData\1olvg.bat

==================== One Month Modified Files and Folders =======

2013-05-13 16:27 - 2013-05-13 16:27 - 00000000 ____D C:\FRST
2013-05-13 13:58 - 2010-12-13 00:41 - 00000000 ____D C:\ProgramData\Norton
2013-05-13 13:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-13 11:12 - 2010-10-14 20:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-13 11:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-13 11:12 - 2009-07-13 20:51 - 00061136 ____A C:\Windows\setupact.log
2013-05-13 11:11 - 2010-12-13 00:15 - 01488795 ____A C:\Windows\WindowsUpdate.log
2013-05-13 11:06 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-13 11:06 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-13 10:45 - 2013-05-13 10:45 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-05-13 10:45 - 2013-05-12 08:59 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-13 10:32 - 2013-01-07 15:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-13 10:08 - 2011-02-05 12:47 - 00000000 ____D C:\users\Sammy
2013-05-13 09:01 - 2013-05-13 09:01 - 00000000 ____A C:\config.sys
2013-05-13 05:08 - 2013-05-12 22:17 - 00000002 ____A C:\Users\Sammy\Desktop\Rkill.txt
2013-05-13 04:53 - 2013-05-13 04:53 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-12 06:36 - 2012-11-05 13:31 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2794690405-3217660982-2928238901-1000UA.job
2013-05-11 11:31 - 2013-05-11 11:31 - 00000000 __SHD C:\found.000
2013-05-11 07:48 - 2010-10-14 20:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-11 07:18 - 2013-05-11 07:18 - 01096081 ____A C:\Users\Sammy\AppData\Local\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 01096064 ____A C:\Users\Sammy\AppData\Roaming\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 01096048 ____A C:\ProgramData\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 00030208 ____A C:\Users\Sammy\Documents\44bfefeb.exe
2013-05-11 07:02 - 2011-03-05 18:42 - 00000000 ___HD C:\Users\Sammy\AppData\Local\PMB Files
2013-05-11 07:02 - 2011-03-05 18:42 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-10 22:54 - 2009-07-13 21:08 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-10 12:36 - 2012-11-05 13:31 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2794690405-3217660982-2928238901-1000Core.job
2013-05-10 01:17 - 2009-07-13 21:13 - 00741000 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-06 23:23 - 2013-05-04 05:35 - 00000000 ____D C:\Users\Sammy\Desktop\music 2
2013-05-06 19:53 - 2011-08-06 18:21 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-06 19:49 - 2010-10-14 20:32 - 00848996 ____A C:\Windows\PFRO.log
2013-05-02 15:23 - 2013-05-02 15:21 - 90130256 ____A (Apple Inc.) C:\Users\Sammy\Downloads\iTunes64Setup.exe
2013-05-02 15:08 - 2010-10-14 19:57 - 00000000 ____D C:\ProgramData\Adobe
2013-05-02 15:07 - 2011-02-05 14:21 - 00000000 ___HD C:\Users\Sammy\AppData\Local\Adobe
2013-05-02 15:07 - 2011-02-05 14:15 - 00000000 ____D C:\Users\Sammy\AppData\Roaming\Adobe
2013-05-02 13:24 - 2013-01-31 14:32 - 00000000 ____D C:\Users\Sammy\AppData\Local\Apple Computer
2013-05-02 13:24 - 2012-03-11 14:04 - 00000000 ____D C:\Users\Sammy\AppData\Roaming\Apple Computer
2013-05-02 07:29 - 2011-02-12 15:48 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-27 11:23 - 2011-02-05 12:49 - 00000000 ____D C:\Users\Sammy\AppData\Local\VirtualStore
2013-04-26 14:27 - 2013-04-26 14:26 - 86281098 ____A C:\Users\Sammy\Downloads\Lil Wayne & Young Money - YMCMB- The Mixtape[TapeJams.com].zip
2013-04-26 14:23 - 2013-04-26 14:23 - 81655197 ____A C:\Users\Sammy\Downloads\Soulja Boy - Foreign 2[TapeJams.com].zip
2013-04-26 14:18 - 2013-04-26 14:18 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com] (1).zip
2013-04-26 14:17 - 2013-04-26 14:17 - 90040770 ____A C:\Users\Sammy\Downloads\Future & FreeBand Gang - Black Woodstock- The Soundtrack[TapeJams.com].zip
2013-04-26 13:16 - 2013-04-26 13:11 - 88638064 ____A C:\Users\Sammy\Downloads\A$AP Rocky - Long Live A$AP - AlbumJams.zip
2013-04-24 10:39 - 2013-04-24 10:38 - 00920234 ____A (Solid State Networks) C:\Users\Sammy\Downloads\Unconfirmed 585497.crdownload
2013-04-21 03:49 - 2013-04-21 03:48 - 113130546 ____A C:\Users\Sammy\Documents\DMO_MP_v78_86_20130409.exe
2013-04-21 03:44 - 2013-04-21 03:44 - 00000701 ____A C:\Users\Sammy\Desktop\GDMO.lnk
2013-04-21 03:41 - 2013-04-21 03:41 - 00000000 ____D C:\Joymax
2013-04-21 03:30 - 2013-04-21 03:23 - 760347378 ____A C:\Users\Sammy\Documents\DMO_Install_20130409.exe
2013-04-16 11:35 - 2013-04-16 11:35 - 00006890 ____A C:\AdwCleaner[S2].txt
2013-04-16 11:35 - 2013-04-16 11:35 - 00000172 ____A C:\Windows\DeleteOnReboot.bat
2013-04-16 11:34 - 2013-04-16 11:34 - 00007202 ____A C:\AdwCleaner[R2].txt
2013-04-16 11:34 - 2013-04-16 11:33 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner (1).exe
2013-04-16 11:33 - 2013-04-16 11:33 - 00000320 ____A C:\AdwCleaner[S1].txt
2013-04-16 11:33 - 2013-04-16 11:32 - 00007079 ____A C:\AdwCleaner[R1].txt
2013-04-16 11:32 - 2013-04-16 11:32 - 00613083 ____A C:\Users\Sammy\Downloads\adwcleaner.exe
2013-04-16 08:00 - 2013-04-16 08:00 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-04-16 07:51 - 2013-04-16 07:51 - 00001945 ____A C:\Windows\epplauncher.mif
2013-04-16 07:50 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-16 07:49 - 2013-04-16 07:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-04-16 07:39 - 2013-04-16 07:39 - 00002085 ____A C:\Users\Public\Desktop\Play Free Games.lnk
2013-04-16 07:39 - 2013-04-16 07:39 - 00001164 ____A C:\Users\Public\Desktop\More FREE games.lnk
2013-04-16 07:39 - 2012-01-01 11:05 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-16 07:39 - 2012-01-01 11:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-16 07:39 - 2011-03-18 12:42 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-04-16 07:39 - 2011-03-18 12:42 - 00000000 ____D C:\ProgramData\Free Ride Games
2013-04-16 07:39 - 2011-03-18 12:42 - 00000000 ____D C:\Program Files (x86)\Free Ride Games
2013-04-16 07:38 - 2013-04-16 07:38 - 00002030 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-16 07:38 - 2013-04-16 07:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-16 07:35 - 2013-04-15 13:15 - 00000000 ____A C:\ProgramData\as98213.txt
2013-04-15 16:07 - 2013-04-15 13:15 - 95023320 ___AT C:\ProgramData\1olvg.pad
2013-04-15 13:15 - 2013-04-15 13:15 - 00000151 ____A C:\ProgramData\1olvg.reg
2013-04-15 13:15 - 2013-04-15 13:15 - 00000055 ____A C:\ProgramData\1olvg.bat

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2794690405-3217660982-2928238901-1000\$d0d044e97abb0899018b0676cf8a906a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$d0d044e97abb0899018b0676cf8a906a

Other Malware:
===========
C:\ProgramData\1olvg.bat
C:\ProgramData\1olvg.pad
C:\ProgramData\1olvg.reg
C:\ProgramData\hash.dat
C:\ProgramData\pd6xyAbLq.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-27 15:28:38
Restore point made on: 2013-05-01 12:20:39
Restore point made on: 2013-05-04 15:00:13
Restore point made on: 2013-05-07 16:48:11
Restore point made on: 2013-05-12 21:11:51
Restore point made on: 2013-05-13 10:43:31

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3893.86 MB
Available physical RAM: 3321.43 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3318.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (TI106033W0C) (Fixed) (Total:284.9 GB) (Free:112.43 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:0.96 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (May 12 2013) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF
Drive f: (USB20FD) (Removable) (Total:1.87 GB) (Free:0.59 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 38A39E6A)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


Last Boot: 2013-05-11 08:56

==================== End Of Log ============================
 

Fiery

Level 1
Jan 11, 2011
2,007
Very infected PC, lot's of cleaning to do.

Open notepad and copy & paste the following:

start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKU\Sammy\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Sammy\Documents\44bfefeb.exe [30208 2013-05-11] ()
C:\Users\Sammy\Documents\44bfefeb.exe
HKU\Sammy\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)
S1 bkmupewq; \??\C:\windows\system32\drivers\bkmupewq.sys [x]
C:\windows\system32\drivers\bkmupewq.sys
S1 nnqstaba; \??\C:\windows\system32\drivers\nnqstaba.sys [x]
S1 rvqutugk; \??\C:\windows\system32\drivers\rvqutugk.sys [x]
C:\windows\system32\drivers\nnqstaba.sys
C:\windows\system32\drivers\rvqutugk.sys
S1 ubfcdqou; \??\C:\windows\system32\drivers\ubfcdqou.sys [x]
S1 ukcvaboe; \??\C:\windows\system32\drivers\ukcvaboe.sys [x]
S1 vrfghvcz; \??\C:\windows\system32\drivers\vrfghvcz.sys [x]
C:\windows\system32\drivers\ubfcdqou.sys
C:\windows\system32\drivers\ukcvaboe.sys
C:\windows\system32\drivers\vrfghvcz.sys
2013-05-11 07:18 - 2013-05-11 07:18 - 01096081 ____A C:\Users\Sammy\AppData\Local\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 01096064 ____A C:\Users\Sammy\AppData\Roaming\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 01096048 ____A C:\ProgramData\2433f433
2013-05-11 07:18 - 2013-05-11 07:18 - 00030208 ____A C:\Users\Sammy\Documents\44bfefeb.exe
2013-04-15 13:15 - 2013-04-16 07:35 - 00000000 ____A C:\ProgramData\as98213.txt
2013-04-15 13:15 - 2013-04-15 16:07 - 95023320 ___AT C:\ProgramData\1olvg.pad
2013-04-15 13:15 - 2013-04-15 13:15 - 00000151 ____A C:\ProgramData\1olvg.reg
2013-04-15 13:15 - 2013-04-15 13:15 - 00000055 ____A C:\ProgramData\1olvg.bat
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2794690405-3217660982-2928238901-1000\$d0d044e97abb0899018b0676cf8a906a
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$d0d044e97abb0899018b0676cf8a906a
C:\ProgramData\hash.dat
C:\ProgramData\pd6xyAbLq.dat
end

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot to normal mode, if successful,

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Attach the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
 

lecohen123

New Member
Thread author
May 13, 2013
11
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-05-2013
Ran by SYSTEM at 2013-05-13 16:46:03 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKEY_USERS\Sammy\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
C:\Users\Sammy\Documents\44bfefeb.exe => Moved successfully.
HKEY_USERS\Sammy\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
bkmupewq => Service deleted successfully.
C:\windows\system32\drivers\bkmupewq.sys => File/Directory not found.
nnqstaba => Service deleted successfully.
rvqutugk => Service deleted successfully.
C:\windows\system32\drivers\nnqstaba.sys => File/Directory not found.
C:\windows\system32\drivers\rvqutugk.sys => File/Directory not found.
ubfcdqou => Service deleted successfully.
ukcvaboe => Service deleted successfully.
vrfghvcz => Service deleted successfully.
C:\windows\system32\drivers\ubfcdqou.sys => File/Directory not found.
C:\windows\system32\drivers\ukcvaboe.sys => File/Directory not found.
C:\windows\system32\drivers\vrfghvcz.sys => File/Directory not found.
C:\Users\Sammy\AppData\Local\2433f433 => Moved successfully.
C:\Users\Sammy\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Sammy\Documents\44bfefeb.exe => File/Directory not found.
C:\ProgramData\as98213.txt => Moved successfully.
C:\ProgramData\1olvg.pad => Moved successfully.
C:\ProgramData\1olvg.reg => Moved successfully.
C:\ProgramData\1olvg.bat => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-2794690405-3217660982-2928238901-1000\$d0d044e97abb0899018b0676cf8a906a => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$d0d044e97abb0899018b0676cf8a906a => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\ProgramData\pd6xyAbLq.dat => Moved successfully.

==== End of Fixlog ====
 

lecohen123

New Member
Thread author
May 13, 2013
11
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sammy [Admin rights]
Mode : Remove -- Date : 05/13/2013 15:59:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\Command Processor : AutoRun ("C:\Users\Sammy\Documents\44bfefeb.exe") -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] ROOT : C:\Users\Sammy\AppData\Roaming\Adobe\plugs --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Users\Sammy\AppData\Roaming\Adobe\shed --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] bbdaf93f309cc543bb17228407f0b1c1
[BSP] 9f57bf37536d79059b5ac6b32edf8a1c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 291742 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 600561664 | Size: 12002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] bc677d79056b94e4fbacf23efdac2d54
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1919 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_05132013_02d1559.txt >>
RKreport[1]_S_05132013_02d1557.txt ; RKreport[2]_D_05132013_02d1559.txt


16:04:01.0182 3428 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:04:01.0244 3428 ============================================================
16:04:01.0244 3428 Current date / time: 2013/05/13 16:04:01.0244
16:04:01.0244 3428 SystemInfo:
16:04:01.0244 3428
16:04:01.0244 3428 OS Version: 6.1.7601 ServicePack: 1.0
16:04:01.0244 3428 Product type: Workstation
16:04:01.0244 3428 ComputerName: SAMMY-PC
16:04:01.0244 3428 UserName: Sammy
16:04:01.0244 3428 Windows directory: C:\windows
16:04:01.0244 3428 System windows directory: C:\windows
16:04:01.0244 3428 Running under WOW64
16:04:01.0244 3428 Processor architecture: Intel x64
16:04:01.0244 3428 Number of processors: 2
16:04:01.0244 3428 Page size: 0x1000
16:04:01.0244 3428 Boot type: Normal boot
16:04:01.0244 3428 ============================================================
16:04:01.0837 3428 BG loaded
16:04:02.0835 3428 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:03.0163 3428 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:04:03.0163 3428 ============================================================
16:04:03.0163 3428 \Device\Harddisk0\DR0:
16:04:03.0194 3428 MBR partitions:
16:04:03.0194 3428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x239CF000
16:04:03.0194 3428 \Device\Harddisk1\DR1:
16:04:03.0194 3428 MBR partitions:
16:04:03.0194 3428 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0
16:04:03.0194 3428 ============================================================
16:04:03.0381 3428 C: <-> \Device\Harddisk0\DR0\Partition1
16:04:03.0381 3428 ============================================================
16:04:03.0381 3428 Initialize success
16:04:03.0381 3428 ============================================================
16:04:12.0382 3932 ============================================================
16:04:12.0382 3932 Scan started
16:04:12.0382 3932 Mode: Manual;
16:04:12.0382 3932 ============================================================
16:04:27.0795 3932 ================ Scan system memory ========================
16:04:27.0795 3932 System memory - ok
16:04:27.0811 3932 ================ Scan services =============================
16:04:33.0115 3932 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:04:33.0271 3932 1394ohci - ok
16:04:34.0784 3932 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:04:35.0034 3932 ACPI - ok
16:04:35.0237 3932 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:04:35.0315 3932 AcpiPmi - ok
16:04:35.0970 3932 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:04:35.0985 3932 AdobeARMservice - ok
16:04:42.0832 3932 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:04:43.0004 3932 AdobeFlashPlayerUpdateSvc - ok
16:04:43.0285 3932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
16:04:43.0846 3932 adp94xx - ok
16:04:44.0673 3932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
16:04:44.0829 3932 adpahci - ok
16:04:45.0079 3932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
16:04:45.0484 3932 adpu320 - ok
16:04:46.0077 3932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:04:46.0077 3932 AeLookupSvc - ok
16:04:47.0216 3932 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
16:04:47.0294 3932 AFD - ok
16:04:47.0668 3932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
16:04:47.0949 3932 agp440 - ok
16:04:48.0136 3932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
16:04:48.0167 3932 ALG - ok
16:04:48.0573 3932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
16:04:48.0667 3932 aliide - ok
16:04:48.0994 3932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
16:04:50.0008 3932 amdide - ok
16:04:50.0414 3932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
16:04:50.0585 3932 AmdK8 - ok
16:04:50.0866 3932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
16:04:51.0490 3932 AmdPPM - ok
16:04:51.0709 3932 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:04:51.0818 3932 amdsata - ok
16:04:52.0379 3932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
16:04:52.0707 3932 amdsbs - ok
16:04:52.0816 3932 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:04:52.0972 3932 amdxata - ok
16:04:53.0331 3932 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
16:04:54.0844 3932 AppID - ok
16:04:55.0125 3932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:04:55.0156 3932 AppIDSvc - ok
16:04:55.0624 3932 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
16:04:55.0624 3932 Appinfo - ok
16:04:58.0760 3932 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:04:59.0041 3932 Apple Mobile Device - ok
16:04:59.0212 3932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
16:04:59.0399 3932 arc - ok
16:05:01.0271 3932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
16:05:01.0427 3932 arcsas - ok
16:05:06.0263 3932 aspnet_state - ok
16:05:06.0841 3932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:05:07.0589 3932 AsyncMac - ok
16:05:08.0619 3932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
16:05:09.0009 3932 atapi - ok
16:05:10.0226 3932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:05:10.0226 3932 AudioEndpointBuilder - ok
16:05:10.0429 3932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
16:05:10.0444 3932 AudioSrv - ok
16:05:10.0787 3932 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
16:05:11.0209 3932 AxInstSV - ok
16:05:12.0035 3932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
16:05:12.0597 3932 b06bdrv - ok
16:05:13.0377 3932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:05:13.0845 3932 b57nd60a - ok
16:05:15.0889 3932 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:05:15.0889 3932 BBSvc - ok
16:05:16.0684 3932 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:05:16.0949 3932 BBUpdate - ok
16:05:17.0433 3932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
16:05:17.0870 3932 BDESVC - ok
16:05:18.0775 3932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
16:05:18.0806 3932 Beep - ok
16:05:22.0308 3932 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
16:05:22.0338 3932 BFE - ok
16:05:28.0947 3932 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
16:05:28.0963 3932 BHDrvx64 - ok
16:05:30.0491 3932 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
16:05:30.0507 3932 BITS - ok
16:05:31.0131 3932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:05:31.0131 3932 blbdrive - ok
16:05:31.0880 3932 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:05:31.0880 3932 Bonjour Service - ok
16:05:32.0707 3932 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:05:32.0738 3932 bowser - ok
16:05:32.0800 3932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
16:05:33.0533 3932 BrFiltLo - ok
16:05:33.0767 3932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
16:05:33.0845 3932 BrFiltUp - ok
16:05:34.0798 3932 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
16:05:34.0798 3932 Browser - ok
16:05:38.0154 3932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:05:39.0028 3932 Brserid - ok
16:05:39.0511 3932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:05:39.0698 3932 BrSerWdm - ok
16:05:40.0026 3932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:05:41.0524 3932 BrUsbMdm - ok
16:05:41.0555 3932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:05:41.0726 3932 BrUsbSer - ok
16:05:42.0272 3932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
16:05:42.0319 3932 BTHMODEM - ok
16:05:42.0600 3932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
16:05:42.0943 3932 bthserv - ok
16:05:44.0441 3932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:05:44.0909 3932 cdfs - ok
16:05:45.0502 3932 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:05:45.0502 3932 cdrom - ok
16:05:45.0876 3932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
16:05:45.0892 3932 CertPropSvc - ok
16:05:46.0765 3932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
16:05:47.0311 3932 circlass - ok
16:05:48.0980 3932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
16:05:49.0558 3932 CLFS - ok
16:05:49.0682 3932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:51.0305 3932 clr_optimization_v2.0.50727_32 - ok
16:05:54.0456 3932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:55.0096 3932 clr_optimization_v2.0.50727_64 - ok
16:05:57.0576 3932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:59.0386 3932 clr_optimization_v4.0.30319_32 - ok
16:06:01.0757 3932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:06:01.0991 3932 clr_optimization_v4.0.30319_64 - ok
16:06:02.0350 3932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:06:02.0350 3932 CmBatt - ok
16:06:03.0067 3932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
16:06:03.0582 3932 cmdide - ok
16:06:04.0861 3932 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
16:06:05.0969 3932 CNG - ok
16:06:07.0857 3932 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
16:06:08.0122 3932 CnxtHdAudService - ok
16:06:08.0215 3932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
16:06:08.0247 3932 Compbatt - ok
16:06:09.0401 3932 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
16:06:09.0401 3932 CompositeBus - ok
16:06:09.0401 3932 COMSysApp - ok
16:06:09.0838 3932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
16:06:09.0900 3932 crcdisk - ok
16:06:11.0850 3932 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
16:06:11.0897 3932 CryptSvc - ok
16:06:13.0831 3932 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:06:16.0483 3932 cvhsvc - ok
16:06:16.0920 3932 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
16:06:17.0529 3932 dc3d - ok
16:06:18.0621 3932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
16:06:18.0621 3932 DcomLaunch - ok
16:06:18.0745 3932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
16:06:19.0057 3932 defragsvc - ok
16:06:20.0867 3932 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:06:21.0179 3932 DfsC - ok
16:06:21.0897 3932 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
16:06:21.0897 3932 Dhcp - ok
16:06:22.0255 3932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
16:06:22.0255 3932 discache - ok
16:06:23.0082 3932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
16:06:23.0753 3932 Disk - ok
16:06:24.0393 3932 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:06:24.0393 3932 Dnscache - ok
16:06:24.0829 3932 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
16:06:24.0954 3932 dot3svc - ok
16:06:26.0031 3932 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
16:06:26.0031 3932 DPS - ok
16:06:26.0109 3932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:06:26.0561 3932 drmkaud - ok
16:06:27.0123 3932 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:06:27.0123 3932 DXGKrnl - ok
16:06:27.0279 3932 EagleX64 - ok
16:06:27.0996 3932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
16:06:28.0012 3932 EapHost - ok
16:06:38.0947 3932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
16:06:39.0291 3932 ebdrv - ok
16:06:40.0648 3932 [ 5CCF1BE80930AEB1CDEBF561666325E8 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:06:40.0648 3932 eeCtrl - ok
16:06:40.0741 3932 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
16:06:40.0741 3932 EFS - ok
16:06:43.0722 3932 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:06:44.0705 3932 ehRecvr - ok
16:06:44.0923 3932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
16:06:45.0859 3932 ehSched - ok
16:06:46.0780 3932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
16:06:47.0279 3932 elxstor - ok
16:06:47.0513 3932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
16:06:47.0638 3932 ErrDev - ok
16:06:48.0574 3932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
16:06:48.0574 3932 EventSystem - ok
16:06:48.0995 3932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
16:06:49.0151 3932 exfat - ok
16:06:50.0680 3932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
16:06:50.0680 3932 fastfat - ok
16:06:51.0397 3932 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
16:06:51.0413 3932 Fax - ok
16:06:51.0865 3932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
16:06:52.0068 3932 fdc - ok
16:06:52.0302 3932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
16:06:52.0520 3932 fdPHost - ok
16:06:52.0786 3932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
16:06:53.0238 3932 FDResPub - ok
16:06:54.0205 3932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:06:55.0126 3932 FileInfo - ok
16:06:55.0313 3932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:06:55.0547 3932 Filetrace - ok
16:06:55.0796 3932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
16:06:55.0828 3932 flpydisk - ok
16:06:56.0296 3932 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:06:56.0327 3932 FltMgr - ok
16:06:57.0809 3932 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
16:06:57.0824 3932 FontCache - ok
16:06:58.0058 3932 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:06:58.0760 3932 FontCache3.0.0.0 - ok
16:06:58.0901 3932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:06:59.0150 3932 FsDepends - ok
16:06:59.0650 3932 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:06:59.0962 3932 Fs_Rec - ok
16:07:00.0258 3932 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:07:00.0445 3932 fvevol - ok
16:07:00.0554 3932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
16:07:00.0586 3932 gagp30kx - ok
16:07:00.0710 3932 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:07:00.0710 3932 GEARAspiWDM - ok
16:07:01.0163 3932 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
16:07:01.0163 3932 gpsvc - ok
16:07:01.0834 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:07:01.0834 3932 gupdate - ok
16:07:01.0958 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:07:01.0974 3932 gupdatem - ok
16:07:02.0910 3932 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:07:03.0955 3932 gusvc - ok
16:07:04.0392 3932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:07:04.0610 3932 hcw85cir - ok
16:07:05.0016 3932 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:07:05.0328 3932 HdAudAddService - ok
16:07:05.0780 3932 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
16:07:05.0780 3932 HDAudBus - ok
16:07:06.0342 3932 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
16:07:06.0342 3932 HECIx64 - ok
16:07:06.0436 3932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
16:07:06.0560 3932 HidBatt - ok
16:07:06.0841 3932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
16:07:07.0138 3932 HidBth - ok
16:07:07.0434 3932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
16:07:07.0621 3932 HidIr - ok
16:07:08.0276 3932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
16:07:08.0386 3932 hidserv - ok
16:07:08.0885 3932 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:07:09.0400 3932 HidUsb - ok
16:07:09.0618 3932 [ A89E5C6CD383458D6ADA9A85F1878010 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
16:07:09.0727 3932 HiPatchService - ok
16:07:10.0507 3932 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
16:07:10.0616 3932 hkmsvc - ok
16:07:11.0396 3932 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:07:11.0615 3932 HomeGroupListener - ok
16:07:12.0176 3932 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:07:12.0192 3932 HomeGroupProvider - ok
16:07:12.0442 3932 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:07:12.0520 3932 HpSAMD - ok
16:07:13.0019 3932 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:07:13.0034 3932 HTTP - ok
16:07:13.0331 3932 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:07:13.0346 3932 hwpolicy - ok
16:07:13.0518 3932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
16:07:13.0518 3932 i8042prt - ok
16:07:13.0783 3932 [ 5E60DD5F090AB4A563C7204C289C4650 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
16:07:13.0783 3932 iaStor - ok
16:07:14.0033 3932 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:07:14.0111 3932 iaStorV - ok
16:07:14.0579 3932 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:07:15.0172 3932 IDriverT - ok
16:07:16.0435 3932 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:07:16.0654 3932 idsvc - ok
16:07:17.0418 3932 [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120113.002\IDSvia64.sys
16:07:17.0434 3932 IDSVia64 - ok
16:07:25.0748 3932 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
16:07:25.0811 3932 igfx - ok
16:07:26.0606 3932 [ C135BFF15563592B8EA070EA109967F7 ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
16:07:26.0762 3932 IHA_MessageCenter - ok
16:07:27.0012 3932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
16:07:27.0121 3932 iirsp - ok
16:07:27.0776 3932 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
16:07:27.0776 3932 IKEEXT - ok
16:07:28.0260 3932 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
16:07:28.0276 3932 Impcd - ok
16:07:28.0525 3932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
16:07:28.0619 3932 intelide - ok
16:07:28.0946 3932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:07:28.0946 3932 intelppm - ok
16:07:29.0149 3932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:07:29.0227 3932 IPBusEnum - ok
16:07:29.0477 3932 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:07:29.0617 3932 IpFilterDriver - ok
16:07:30.0163 3932 [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc C:\windows\System32\iphlpsvc.dll
16:07:30.0179 3932 IpHlpSvc - ok
16:07:30.0382 3932 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:07:30.0538 3932 IPMIDRV - ok
16:07:30.0756 3932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:07:30.0881 3932 IPNAT - ok
16:07:31.0427 3932 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:07:31.0442 3932 iPod Service - ok
16:07:31.0505 3932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
16:07:31.0552 3932 IRENUM - ok
16:07:31.0692 3932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:07:31.0723 3932 isapnp - ok
16:07:32.0035 3932 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:07:32.0144 3932 iScsiPrt - ok
16:07:32.0363 3932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:07:32.0363 3932 kbdclass - ok
16:07:32.0722 3932 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
16:07:32.0784 3932 kbdhid - ok
16:07:32.0987 3932 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
16:07:33.0002 3932 KeyIso - ok
16:07:33.0127 3932 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:07:33.0205 3932 KSecDD - ok
16:07:33.0377 3932 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:07:33.0455 3932 KSecPkg - ok
16:07:33.0595 3932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:07:33.0595 3932 ksthunk - ok
16:07:33.0907 3932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
16:07:34.0016 3932 KtmRm - ok
16:07:34.0484 3932 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
16:07:34.0500 3932 L1C - ok
16:07:34.0843 3932 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
16:07:34.0859 3932 LanmanServer - ok
16:07:34.0968 3932 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:07:34.0984 3932 LanmanWorkstation - ok
16:07:35.0467 3932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:07:35.0467 3932 lltdio - ok
16:07:35.0779 3932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
16:07:36.0138 3932 lltdsvc - ok
16:07:36.0278 3932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
16:07:36.0294 3932 lmhosts - ok
16:07:37.0074 3932 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:07:37.0090 3932 LMS - ok
16:07:37.0152 3932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
16:07:37.0261 3932 LSI_FC - ok
16:07:37.0370 3932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
16:07:37.0511 3932 LSI_SAS - ok
16:07:37.0558 3932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
16:07:37.0745 3932 LSI_SAS2 - ok
16:07:37.0994 3932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
16:07:38.0182 3932 LSI_SCSI - ok
16:07:38.0416 3932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
16:07:38.0416 3932 luafv - ok
16:07:38.0806 3932 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
16:07:38.0837 3932 MBAMProtector - ok
16:07:39.0414 3932 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:07:39.0414 3932 MBAMScheduler - ok
16:07:39.0913 3932 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:07:39.0929 3932 MBAMService - ok
16:07:40.0085 3932 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:07:40.0163 3932 Mcx2Svc - ok
16:07:40.0319 3932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
16:07:40.0428 3932 megasas - ok
16:07:40.0740 3932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
16:07:40.0943 3932 MegaSR - ok
16:07:41.0208 3932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
16:07:41.0208 3932 MMCSS - ok
16:07:41.0286 3932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
16:07:41.0395 3932 Modem - ok
16:07:41.0910 3932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:07:41.0910 3932 monitor - ok
16:07:42.0050 3932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:07:42.0050 3932 mouclass - ok
16:07:42.0565 3932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:07:42.0628 3932 mouhid - ok
16:07:43.0220 3932 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:07:43.0236 3932 mountmgr - ok
16:07:43.0657 3932 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
16:07:43.0657 3932 MpFilter - ok
16:07:43.0922 3932 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
16:07:44.0032 3932 mpio - ok
16:07:44.0312 3932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:07:44.0312 3932 mpsdrv - ok
16:07:45.0295 3932 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
16:07:45.0295 3932 MpsSvc - ok
16:07:45.0701 3932 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:07:45.0763 3932 MRxDAV - ok
16:07:46.0153 3932 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:07:46.0153 3932 mrxsmb - ok
16:07:47.0152 3932 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:07:47.0152 3932 mrxsmb10 - ok
16:07:47.0526 3932 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:07:47.0526 3932 mrxsmb20 - ok
16:07:47.0666 3932 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
16:07:47.0760 3932 msahci - ok
16:07:48.0119 3932 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:07:48.0166 3932 msdsm - ok
16:07:48.0290 3932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
16:07:48.0634 3932 MSDTC - ok
16:07:48.0883 3932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:07:48.0883 3932 Msfs - ok
16:07:49.0039 3932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:07:49.0102 3932 mshidkmdf - ok
16:07:49.0211 3932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:07:49.0273 3932 msisadrv - ok
16:07:49.0616 3932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:07:50.0022 3932 MSiSCSI - ok
16:07:50.0038 3932 msiserver - ok
16:07:50.0303 3932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:07:50.0773 3932 MSKSSRV - ok
16:07:51.0600 3932 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:07:51.0600 3932 MsMpSvc - ok
16:07:51.0724 3932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:07:51.0912 3932 MSPCLOCK - ok
16:07:52.0255 3932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:07:52.0395 3932 MSPQM - ok
16:07:53.0362 3932 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:07:53.0612 3932 MsRPC - ok
16:07:53.0940 3932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
16:07:53.0940 3932 mssmbios - ok
16:07:54.0595 3932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:07:54.0735 3932 MSTEE - ok
16:07:55.0110 3932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
16:07:55.0188 3932 MTConfig - ok
16:07:59.0259 3932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
16:07:59.0415 3932 Mup - ok
16:07:59.0883 3932 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
16:07:59.0946 3932 N360 - ok
16:08:00.0086 3932 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
16:08:00.0117 3932 napagent - ok
16:08:00.0320 3932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:08:00.0320 3932 NativeWifiP - ok
16:08:00.0632 3932 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120114.019\ENG64.SYS
16:08:00.0718 3932 NAVENG - ok
16:08:01.0199 3932 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120114.019\EX64.SYS
16:08:01.0355 3932 NAVEX15 - ok
16:08:01.0620 3932 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
16:08:01.0636 3932 NDIS - ok
16:08:01.0792 3932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:08:01.0823 3932 NdisCap - ok
16:08:01.0870 3932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:08:01.0901 3932 NdisTapi - ok
16:08:02.0073 3932 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:08:02.0104 3932 Ndisuio - ok
16:08:02.0213 3932 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:08:02.0276 3932 NdisWan - ok
16:08:02.0354 3932 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:08:02.0354 3932 NDProxy - ok
16:08:02.0416 3932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:08:02.0416 3932 NetBIOS - ok
16:08:02.0541 3932 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:08:02.0541 3932 NetBT - ok
16:08:02.0759 3932 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
16:08:02.0759 3932 Netlogon - ok
16:08:03.0290 3932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
16:08:03.0305 3932 Netman - ok
16:08:03.0664 3932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
16:08:03.0664 3932 netprofm - ok
16:08:03.0836 3932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:08:04.0194 3932 NetTcpPortSharing - ok
16:08:04.0491 3932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
16:08:04.0553 3932 nfrd960 - ok
16:08:04.0631 3932 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
16:08:04.0631 3932 NisDrv - ok
16:08:05.0130 3932 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:08:05.0146 3932 NisSrv - ok
16:08:05.0318 3932 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
16:08:05.0318 3932 NlaSvc - ok
16:08:05.0505 3932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:08:05.0505 3932 Npfs - ok
16:08:05.0645 3932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
16:08:05.0645 3932 nsi - ok
16:08:06.0269 3932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:08:06.0269 3932 nsiproxy - ok
16:08:07.0611 3932 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:08:07.0767 3932 Ntfs - ok
16:08:07.0907 3932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
16:08:07.0907 3932 Null - ok
16:08:08.0048 3932 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
16:08:08.0079 3932 nvraid - ok
16:08:08.0126 3932 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
16:08:08.0188 3932 nvstor - ok
16:08:08.0266 3932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:08:08.0391 3932 nv_agp - ok
16:08:08.0453 3932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:08:08.0594 3932 ohci1394 - ok
16:08:08.0859 3932 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:08:08.0921 3932 ose - ok
16:08:11.0012 3932 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:08:11.0448 3932 osppsvc - ok
16:08:11.0885 3932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:08:11.0901 3932 p2pimsvc - ok
16:08:12.0104 3932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
16:08:12.0135 3932 p2psvc - ok
16:08:12.0275 3932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
16:08:12.0322 3932 Parport - ok
16:08:12.0447 3932 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
16:08:12.0556 3932 partmgr - ok
16:08:12.0899 3932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:08:12.0899 3932 PcaSvc - ok
16:08:13.0071 3932 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
16:08:13.0102 3932 pci - ok
16:08:13.0211 3932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
16:08:13.0242 3932 pciide - ok
16:08:13.0492 3932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
16:08:13.0523 3932 pcmcia - ok
16:08:13.0570 3932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
16:08:13.0601 3932 pcw - ok
16:08:14.0022 3932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:08:14.0022 3932 PEAUTH - ok
16:08:24.0392 3932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
16:08:24.0439 3932 PerfHost - ok
16:08:24.0798 3932 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
16:08:24.0891 3932 PGEffect - ok
16:08:25.0749 3932 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
16:08:26.0155 3932 pla - ok
16:08:26.0670 3932 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:08:26.0685 3932 PlugPlay - ok
16:08:27.0122 3932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:08:27.0184 3932 PNRPAutoReg - ok
16:08:27.0434 3932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:08:27.0450 3932 PNRPsvc - ok
16:08:27.0980 3932 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:08:27.0980 3932 PolicyAgent - ok
16:08:28.0448 3932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
16:08:28.0448 3932 Power - ok
16:08:28.0666 3932 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:08:28.0776 3932 PptpMiniport - ok
16:08:29.0025 3932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
16:08:29.0290 3932 Processor - ok
16:08:29.0509 3932 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
16:08:29.0556 3932 ProfSvc - ok
16:08:29.0680 3932 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:08:29.0680 3932 ProtectedStorage - ok
16:08:29.0883 3932 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:08:29.0883 3932 Psched - ok
16:08:30.0070 3932 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
16:08:30.0133 3932 QIOMem - ok
16:08:30.0679 3932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
16:08:30.0835 3932 ql2300 - ok
16:08:30.0928 3932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
16:08:31.0038 3932 ql40xx - ok
16:08:31.0396 3932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
16:08:31.0412 3932 QWAVE - ok
16:08:31.0506 3932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:08:31.0521 3932 QWAVEdrv - ok
16:08:31.0599 3932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:08:31.0646 3932 RasAcd - ok
16:08:31.0740 3932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:08:31.0771 3932 RasAgileVpn - ok
16:08:31.0833 3932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
16:08:31.0864 3932 RasAuto - ok
16:08:31.0974 3932 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:08:32.0052 3932 Rasl2tp - ok
16:08:32.0223 3932 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
16:08:32.0317 3932 RasMan - ok
16:08:32.0348 3932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:08:32.0426 3932 RasPppoe - ok
16:08:32.0535 3932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:08:32.0629 3932 RasSstp - ok
16:08:32.0800 3932 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:08:32.0894 3932 rdbss - ok
16:08:33.0050 3932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
16:08:33.0097 3932 rdpbus - ok
16:08:33.0206 3932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:08:33.0206 3932 RDPCDD - ok
16:08:33.0284 3932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:08:33.0378 3932 RDPENCDD - ok
16:08:33.0393 3932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:08:33.0424 3932 RDPREFMP - ok
16:08:33.0534 3932 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:08:33.0643 3932 RDPWD - ok
16:08:33.0705 3932 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:08:33.0783 3932 rdyboost - ok
16:08:33.0877 3932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:08:33.0986 3932 RemoteAccess - ok
16:08:34.0204 3932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:08:34.0282 3932 RemoteRegistry - ok
16:08:34.0407 3932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:08:34.0485 3932 RpcEptMapper - ok
16:08:34.0626 3932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
16:08:34.0719 3932 RpcLocator - ok
16:08:35.0000 3932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
16:08:35.0000 3932 RpcSs - ok
16:08:35.0172 3932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:08:35.0250 3932 rspndr - ok
16:08:35.0718 3932 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
16:08:35.0811 3932 RSUSBSTOR - ok
16:08:36.0139 3932 [ FFC748D848740D1BC8F330A8879C2674 ] rtl8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:08:36.0217 3932 rtl8192Ce - ok
16:08:36.0310 3932 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
16:08:36.0326 3932 SamSs - ok
16:08:36.0404 3932 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:08:36.0498 3932 sbp2port - ok
16:08:36.0544 3932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
16:08:36.0591 3932 SCardSvr - ok
16:08:36.0716 3932 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:08:36.0778 3932 scfilter - ok
16:08:37.0480 3932 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
16:08:37.0480 3932 Schedule - ok
16:08:37.0683 3932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
16:08:37.0683 3932 SCPolicySvc - ok
16:08:37.0964 3932 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:08:38.0198 3932 SDRSVC - ok
16:08:38.0463 3932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:08:38.0572 3932 secdrv - ok
16:08:38.0650 3932 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
16:08:38.0822 3932 seclogon - ok
16:08:38.0947 3932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
16:08:38.0947 3932 SENS - ok
16:08:39.0009 3932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:08:39.0134 3932 SensrSvc - ok
16:08:39.0181 3932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
16:08:39.0259 3932 Serenum - ok
16:08:39.0415 3932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
16:08:39.0540 3932 Serial - ok
16:08:39.0664 3932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
16:08:39.0805 3932 sermouse - ok
16:08:40.0070 3932 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
16:08:40.0195 3932 SessionEnv - ok
16:08:40.0242 3932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:08:40.0398 3932 sffdisk - ok
16:08:40.0429 3932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:08:40.0507 3932 sffp_mmc - ok
16:08:40.0522 3932 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:08:40.0616 3932 sffp_sd - ok
16:08:40.0725 3932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
16:08:40.0897 3932 sfloppy - ok
16:08:41.0318 3932 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
16:08:41.0365 3932 Sftfs - ok
16:08:41.0911 3932 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:08:41.0989 3932 sftlist - ok
16:08:42.0316 3932 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
16:08:42.0394 3932 Sftplay - ok
16:08:42.0706 3932 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
16:08:42.0831 3932 Sftredir - ok
16:08:42.0894 3932 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
16:08:42.0940 3932 Sftvol - ok
16:08:43.0237 3932 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:08:43.0299 3932 sftvsa - ok
16:08:43.0627 3932 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
16:08:43.0658 3932 SharedAccess - ok
16:08:44.0079 3932 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:08:44.0095 3932 ShellHWDetection - ok
16:08:44.0173 3932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
16:08:44.0266 3932 SiSRaid2 - ok
16:08:44.0298 3932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
16:08:44.0376 3932 SiSRaid4 - ok
16:08:44.0438 3932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:08:44.0547 3932 Smb - ok
16:08:44.0656 3932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:08:44.0766 3932 SNMPTRAP - ok
16:08:44.0828 3932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
16:08:44.0890 3932 spldr - ok
16:08:45.0452 3932 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
16:08:45.0499 3932 Spooler - ok
16:08:47.0090 3932 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
16:08:47.0184 3932 sppsvc - ok
16:08:47.0277 3932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:08:47.0324 3932 sppuinotify - ok
16:08:47.0464 3932 sprtsvc_verizondm - ok
16:08:47.0854 3932 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
16:08:47.0901 3932 SRTSP - ok
16:08:48.0026 3932 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
16:08:48.0026 3932 SRTSPX - ok
16:08:48.0229 3932 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
16:08:48.0229 3932 srv - ok
16:08:48.0432 3932 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:08:48.0432 3932 srv2 - ok
16:08:48.0650 3932 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
16:08:48.0681 3932 SrvHsfHDA - ok
16:08:48.0868 3932 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
16:08:48.0900 3932 SrvHsfV92 - ok
16:08:48.0993 3932 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
16:08:49.0009 3932 SrvHsfWinac - ok
16:08:49.0087 3932 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:08:49.0102 3932 srvnet - ok
16:08:49.0258 3932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:08:49.0258 3932 SSDPSRV - ok
16:08:49.0399 3932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
16:08:49.0399 3932 SstpSvc - ok
16:08:49.0508 3932 Steam Client Service - ok
16:08:49.0555 3932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
16:08:49.0602 3932 stexstor - ok
16:08:49.0851 3932 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
16:08:49.0851 3932 stisvc - ok
16:08:49.0914 3932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
16:08:49.0914 3932 swenum - ok
16:08:50.0007 3932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
16:08:50.0023 3932 swprv - ok
16:08:50.0132 3932 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
16:08:50.0163 3932 SymDS - ok
16:08:50.0257 3932 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
16:08:50.0288 3932 SymEFA - ok
16:08:50.0350 3932 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
16:08:50.0350 3932 SymEvent - ok
16:08:50.0397 3932 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
16:08:50.0397 3932 SymIRON - ok
16:08:50.0444 3932 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS
16:08:50.0444 3932 SymNetS - ok
16:08:50.0522 3932 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:08:50.0538 3932 SynTP - ok
16:08:50.0787 3932 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
16:08:50.0803 3932 SysMain - ok
16:08:50.0943 3932 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:08:50.0943 3932 TabletInputService - ok
16:08:51.0068 3932 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
16:08:51.0115 3932 TapiSrv - ok
16:08:51.0193 3932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
16:08:51.0193 3932 TBS - ok
16:08:51.0318 3932 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:08:51.0349 3932 Tcpip - ok
16:08:51.0614 3932 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:08:51.0630 3932 TCPIP6 - ok
16:08:51.0692 3932 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:08:51.0692 3932 tcpipreg - ok
16:08:51.0770 3932 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
16:08:51.0770 3932 tdcmdpst - ok
16:08:51.0864 3932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:08:51.0879 3932 TDPIPE - ok
16:08:51.0942 3932 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:08:51.0957 3932 TDTCP - ok
16:08:52.0020 3932 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:08:52.0020 3932 tdx - ok
16:08:52.0098 3932 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
16:08:52.0098 3932 TermDD - ok
16:08:52.0207 3932 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
16:08:52.0222 3932 TermService - ok
16:08:52.0254 3932 tgsrvc_verizondm - ok
16:08:52.0269 3932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
16:08:52.0285 3932 Themes - ok
16:08:52.0363 3932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
16:08:52.0363 3932 THREADORDER - ok
16:08:52.0456 3932 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:08:52.0456 3932 TMachInfo - ok
16:08:52.0488 3932 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
16:08:52.0503 3932 TODDSrv - ok
16:08:52.0784 3932 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:08:52.0800 3932 TosCoSrv - ok
16:08:52.0862 3932 [ BAE96AD126F4EED4D361B092BA2E61FE ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:08:53.0002 3932 TOSHIBA eco Utility Service - ok
16:08:53.0127 3932 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:08:53.0127 3932 TOSHIBA HDD SSD Alert Service - ok
16:08:53.0486 3932 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:08:53.0486 3932 TPCHSrv - ok
16:08:53.0580 3932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
16:08:53.0580 3932 TrkWks - ok
16:08:53.0782 3932 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:08:53.0860 3932 TrustedInstaller - ok
16:08:53.0892 3932 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:08:53.0923 3932 tssecsrv - ok
16:08:53.0954 3932 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:08:53.0970 3932 TsUsbFlt - ok
16:08:54.0001 3932 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:08:54.0001 3932 tunnel - ok
16:08:54.0063 3932 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:08:54.0063 3932 TVALZ - ok
16:08:54.0079 3932 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
16:08:54.0079 3932 TVALZFL - ok
16:08:54.0141 3932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
16:08:54.0172 3932 uagp35 - ok
16:08:54.0250 3932 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:08:54.0250 3932 udfs - ok
16:08:54.0344 3932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:08:54.0375 3932 UI0Detect - ok
16:08:54.0406 3932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:08:54.0406 3932 uliagpkx - ok
16:08:54.0453 3932 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
16:08:54.0453 3932 umbus - ok
16:08:54.0484 3932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
16:08:54.0484 3932 UmPass - ok
16:08:54.0843 3932 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:08:54.0859 3932 UNS - ok
16:08:54.0906 3932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
16:08:54.0921 3932 upnphost - ok
16:08:54.0999 3932 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
16:08:55.0015 3932 USBAAPL64 - ok
16:08:55.0046 3932 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:08:55.0046 3932 usbccgp - ok
16:08:55.0093 3932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:08:55.0093 3932 usbcir - ok
16:08:55.0108 3932 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
16:08:55.0108 3932 usbehci - ok
16:08:55.0171 3932 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:08:55.0171 3932 usbhub - ok
16:08:55.0218 3932 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
16:08:55.0218 3932 usbohci - ok
16:08:55.0233 3932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
16:08:55.0249 3932 usbprint - ok
16:08:55.0280 3932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
16:08:55.0280 3932 usbscan - ok
16:08:55.0311 3932 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:08:55.0342 3932 USBSTOR - ok
16:08:55.0374 3932 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:08:55.0374 3932 usbuhci - ok
16:08:55.0420 3932 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
16:08:55.0420 3932 usbvideo - ok
16:08:55.0498 3932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
16:08:55.0498 3932 UxSms - ok
16:08:55.0545 3932 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
16:08:55.0561 3932 VaultSvc - ok
16:08:55.0608 3932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:08:55.0623 3932 vdrvroot - ok
16:08:55.0670 3932 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
16:08:55.0686 3932 vds - ok
16:08:55.0717 3932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:08:55.0717 3932 vga - ok
16:08:55.0732 3932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
16:08:55.0732 3932 VgaSave - ok
16:08:55.0826 3932 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:08:55.0842 3932 vhdmp - ok
16:08:55.0857 3932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
16:08:55.0873 3932 viaide - ok
16:08:55.0888 3932 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:08:55.0888 3932 volmgr - ok
16:08:55.0951 3932 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:08:55.0951 3932 volmgrx - ok
16:08:56.0044 3932 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
16:08:56.0107 3932 volsnap - ok
16:08:56.0138 3932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
16:08:56.0154 3932 vsmraid - ok
16:08:56.0746 3932 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
16:08:56.0809 3932 VSS - ok
16:08:56.0856 3932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:08:56.0856 3932 vwifibus - ok
16:08:56.0902 3932 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:08:56.0902 3932 vwififlt - ok
16:08:56.0965 3932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
16:08:56.0980 3932 W32Time - ok
16:08:56.0996 3932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
16:08:56.0996 3932 WacomPen - ok
16:08:57.0043 3932 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:08:57.0043 3932 WANARP - ok
16:08:57.0090 3932 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:08:57.0090 3932 Wanarpv6 - ok
16:08:57.0277 3932 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:08:57.0324 3932 WatAdminSvc - ok
16:08:57.0729 3932 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
16:08:57.0807 3932 wbengine - ok
16:08:57.0870 3932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbi
 

Fiery

Level 1
Jan 11, 2011
2,007
The TDSSKiller log can't be fitted into one reply, you have to attach it as an attachment.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
 

Fiery

Level 1
Jan 11, 2011
2,007
Ok, it's looking good. Let me know what Malwarebyets find. A few more steps to go, depending on what these tools find :)
 

lecohen123

New Member
Thread author
May 13, 2013
11
Ok.. Malware finished. It says nothing found. It didn't give me a report though. I hope thats okay. lol.. It was a long process.
 

Fiery

Level 1
Jan 11, 2011
2,007
Yes, no log is fine, as long as nothing was detected. Please let me know how the PC is doing after running the tools below. It's another Malwarebytes tool.

Please download Malwarebytes' Anti-Malware from here to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A notepad document should open automatically called checkup.txt.
  • Please post the contents of that document in your next reply. Please do not attach i
 

lecohen123

New Member
Thread author
May 13, 2013
11
sofar I ran this program. The other program is now running.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Sammy :: SAMMY-PC [administrator]

5/13/2013 10:57:23 PM
mbam-log-2013-05-13 (22-57-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288659
Time elapsed: 53 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

lecohen123

New Member
Thread author
May 13, 2013
11
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 17
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

lecohen123

New Member
Thread author
May 13, 2013
11
C:\FRST\Quarantine\1olvg.bat Win32/Reveton.M trojan
C:\FRST\Quarantine\44bfefeb.exe Win32/Moure.A trojan
C:\Users\Sammy\AppData\Roaming\97E1B7A238248452817A662D7435BCA4\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Users\Sammy\AppData\Roaming\97E1B7A238248452817A662D7435BCA4\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
 

Fiery

Level 1
Jan 11, 2011
2,007
Those 4 files are ok, they are false positive.

If you are no longer experiencing any other issues, your PC is now clean!

Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall




Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link




Keep your system updated
Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:
  • Download and install Update Checker. It will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

Other steps that you may want to do to further protect your system/files:
  • Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
  • Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top