Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Infected with zeroaccess rootkit!!!  (Read 21978 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Infected with zeroaccess rootkit!!!
« Reply #15 on: October 06, 2012, 12:34:00 PM »
Quote
I was infected with zeroaccess rootkit and attempted to remove it and it appears that it is gone however now my computer is running extremely slow while on the internet.
Is is just running slowly while on the internet?

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
**********************************************************************
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Logged
Windows 8 and Windows 10 dual boot with two SSD's

tsfc

    Topic Starter


    Rookie

    • Experience: Familiar
    • OS: Windows 7
    Re: Infected with zeroaccess rootkit!!!
    « Reply #16 on: October 07, 2012, 04:46:24 PM »
    Yes, only when I'm on the internet.

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Joshua [Admin rights]
    Mode : Remove -- Date : 10/07/2012 17:12:26

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
    [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
    [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
    [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SD Card +++++
    --- User ---
    [MBR] 83b42057fb3fd1d945874c9bf1406a5b
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Joshua [Admin rights]
    Mode : Remove -- Date : 10/07/2012 17:12:26

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
    [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
    [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
    [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SD Card +++++
    --- User ---
    [MBR] 83b42057fb3fd1d945874c9bf1406a5b
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Joshua [Admin rights]
    Mode : Remove -- Date : 10/07/2012 17:12:26

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
    [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
    [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
    [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SD Card +++++
    --- User ---
    [MBR] 83b42057fb3fd1d945874c9bf1406a5b
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Joshua [Admin rights]
    Mode : Remove -- Date : 10/07/2012 17:12:26

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
    [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
    [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
    [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SD Card +++++
    --- User ---
    [MBR] 83b42057fb3fd1d945874c9bf1406a5b
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Joshua [Admin rights]
    Mode : Remove -- Date : 10/07/2012 17:12:26

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
    [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
    [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
    [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SD Card +++++
    --- User ---
    [MBR] 83b42057fb3fd1d945874c9bf1406a5b
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Joshua [Admin rights]
    Mode : Remove -- Date : 10/07/2012 17:12:26

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
    [TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
    [TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe  -> DELETED
    [TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 50048008bcc35aaa2dd6c553ee8fcf83
    [BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SD Card +++++
    --- User ---
    [MBR] 83b42057fb3fd1d945874c9bf1406a5b
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt


    17:46:09.0625 7552  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    17:46:11.0627 7552  ============================================================
    17:46:11.0627 7552  Current date / time: 2012/10/07 17:46:11.0627
    17:46:11.0627 7552  SystemInfo:
    17:46:11.0627 7552 
    17:46:11.0628 7552  OS Version: 6.1.7601 ServicePack: 1.0
    17:46:11.0628 7552  Product type: Workstation
    17:46:11.0628 7552  ComputerName: JOSHUA-PC
    17:46:11.0628 7552  UserName: Joshua
    17:46:11.0628 7552  Windows directory: C:\Windows
    17:46:11.0628 7552  System windows directory: C:\Windows
    17:46:11.0628 7552  Running under WOW64
    17:46:11.0628 7552  Processor architecture: Intel x64
    17:46:11.0628 7552  Number of processors: 4
    17:46:11.0628 7552  Page size: 0x1000
    17:46:11.0628 7552  Boot type: Normal boot
    17:46:11.0628 7552  ============================================================
    17:46:12.0249 7552  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:46:12.0297 7552  Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:46:12.0303 7552  ============================================================
    17:46:12.0303 7552  \Device\Harddisk0\DR0:
    17:46:12.0304 7552  MBR partitions:
    17:46:12.0304 7552  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
    17:46:12.0304 7552  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
    17:46:12.0304 7552  \Device\Harddisk1\DR1:
    17:46:12.0305 7552  MBR partitions:
    17:46:12.0305 7552  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
    17:46:12.0305 7552  ============================================================
    17:46:12.0337 7552  C: <-> \Device\Harddisk0\DR0\Partition2
    17:46:12.0337 7552  ============================================================
    17:46:12.0338 7552  Initialize success
    17:46:12.0338 7552  ============================================================
    17:46:52.0104 7660  ============================================================
    17:46:52.0104 7660  Scan started
    17:46:52.0104 7660  Mode: Manual;
    17:46:52.0104 7660  ============================================================
    17:46:52.0392 7660  ================ Scan system memory ========================
    17:46:52.0392 7660  System memory - ok
    17:46:52.0393 7660  ================ Scan services =============================
    17:46:52.0601 7660  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
    17:46:52.0664 7660  1394ohci - ok
    17:46:52.0745 7660  [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    17:46:52.0813 7660  AbsoluteNotifier - ok
    17:46:52.0986 7660  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
    17:46:53.0041 7660  ACPI - ok
    17:46:53.0100 7660  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
    17:46:53.0170 7660  AcpiPmi - ok
    17:46:53.0330 7660  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:46:53.0407 7660  AdobeFlashPlayerUpdateSvc - ok
    17:46:53.0462 7660  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
    17:46:53.0481 7660  adp94xx - ok
    17:46:53.0530 7660  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
    17:46:53.0541 7660  adpahci - ok
    17:46:53.0562 7660  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
    17:46:53.0571 7660  adpu320 - ok
    17:46:53.0605 7660  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
    17:46:53.0607 7660  AeLookupSvc - ok
    17:46:53.0711 7660  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
    17:46:53.0774 7660  AESTFilters - ok
    17:46:53.0866 7660  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
    17:46:53.0870 7660  AFD - ok
    17:46:53.0901 7660  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
    17:46:53.0905 7660  agp440 - ok
    17:46:53.0932 7660  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
    17:46:53.0933 7660  ALG - ok
    17:46:53.0956 7660  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
    17:46:53.0960 7660  aliide - ok
    17:46:53.0983 7660  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
    17:46:53.0985 7660  amdide - ok
    17:46:54.0019 7660  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
    17:46:54.0022 7660  AmdK8 - ok
    17:46:54.0054 7660  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
    17:46:54.0057 7660  AmdPPM - ok
    17:46:54.0118 7660  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
    17:46:54.0167 7660  amdsata - ok
    17:46:54.0185 7660  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
    17:46:54.0191 7660  amdsbs - ok
    17:46:54.0220 7660  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
    17:46:54.0267 7660  amdxata - ok
    17:46:54.0299 7660  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
    17:46:54.0343 7660  AppID - ok
    17:46:54.0361 7660  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
    17:46:54.0365 7660  AppIDSvc - ok
    17:46:54.0407 7660  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
    17:46:54.0467 7660  Appinfo - ok
    17:46:54.0499 7660  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
    17:46:54.0502 7660  arc - ok
    17:46:54.0518 7660  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
    17:46:54.0524 7660  arcsas - ok
    17:46:54.0563 7660  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
    17:46:54.0573 7660  AsyncMac - ok
    17:46:54.0633 7660  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
    17:46:54.0634 7660  atapi - ok
    17:46:54.0696 7660  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:46:54.0766 7660  AudioEndpointBuilder - ok
    17:46:54.0793 7660  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
    17:46:54.0835 7660  AudioSrv - ok
    17:46:54.0902 7660  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
    17:46:54.0952 7660  AxInstSV - ok
    17:46:54.0982 7660  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
    17:46:54.0990 7660  b06bdrv - ok
    17:46:55.0008 7660  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:46:55.0014 7660  b57nd60a - ok
    17:46:55.0067 7660  [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
    17:46:55.0115 7660  BCM42RLY - ok
    17:46:55.0754 7660  [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:46:55.0772 7660  BCM43XX - ok
    17:46:55.0927 7660  [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL          C:\Windows\system32\DRIVERS\bcmvwl64.sys
    17:46:55.0992 7660  BcmVWL - ok
    17:46:56.0035 7660  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
    17:46:56.0037 7660  BDESVC - ok
    17:46:56.0334 7660  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
    17:46:56.0340 7660  Beep - ok
    17:46:56.0416 7660  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
    17:46:56.0421 7660  BFE - ok
    17:46:56.0517 7660  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
    17:46:56.0524 7660  BITS - ok
    17:46:56.0711 7660  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
    17:46:56.0720 7660  blbdrive - ok
    17:46:56.0916 7660  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
    17:46:56.0918 7660  bowser - ok
    17:46:56.0966 7660  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:46:56.0975 7660  BrFiltLo - ok
    17:46:56.0999 7660  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:46:57.0005 7660  BrFiltUp - ok
    17:46:57.0053 7660  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
    17:46:57.0058 7660  BridgeMP - ok
    17:46:57.0126 7660  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
    17:46:57.0128 7660  Browser - ok
    17:46:57.0249 7660  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
    17:46:57.0264 7660  Brserid - ok
    17:46:57.0305 7660  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
    17:46:57.0310 7660  BrSerWdm - ok
    17:46:57.0351 7660  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:46:57.0358 7660  BrUsbMdm - ok
    17:46:57.0413 7660  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
    17:46:57.0417 7660  BrUsbSer - ok
    17:46:57.0596 7660  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
    17:46:57.0600 7660  BthEnum - ok
    17:46:57.0633 7660  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
    17:46:57.0635 7660  BTHMODEM - ok
    17:46:57.0802 7660  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
    17:46:57.0806 7660  BthPan - ok
    17:46:58.0137 7660  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
    17:46:58.0185 7660  BTHPORT - ok
    17:46:58.0216 7660  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
    17:46:58.0217 7660  bthserv - ok
    17:46:58.0275 7660  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
    17:46:58.0319 7660  BTHUSB - ok
    17:46:58.0366 7660  [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
    17:46:58.0415 7660  btusbflt - ok
    17:46:58.0609 7660  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
    17:46:58.0680 7660  btwaudio - ok
    17:46:58.0729 7660  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
    17:46:58.0779 7660  btwavdt - ok
    17:46:58.0838 7660  [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    17:46:58.0909 7660  btwdins - ok
    17:46:58.0928 7660  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
    17:46:58.0973 7660  btwl2cap - ok
    17:46:59.0033 7660  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
    17:46:59.0101 7660  btwrchid - ok
    17:46:59.0116 7660  catchme - ok
    17:46:59.0142 7660  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
    17:46:59.0147 7660  cdfs - ok
    17:46:59.0182 7660  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
    17:46:59.0227 7660  cdrom - ok
    17:46:59.0269 7660  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
    17:46:59.0271 7660  CertPropSvc - ok
    17:46:59.0314 7660  [ 274CE03459896006F7A5069266E0469E ] cfwids          C:\Windows\system32\drivers\cfwids.sys
    17:46:59.0379 7660  cfwids - ok
    17:46:59.0408 7660  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
    17:46:59.0411 7660  circlass - ok
    17:46:59.0481 7660  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
    17:46:59.0484 7660  CLFS - ok
    17:46:59.0696 7660  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:46:59.0701 7660  clr_optimization_v2.0.50727_32 - ok
    17:46:59.0751 7660  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:46:59.0761 7660  clr_optimization_v2.0.50727_64 - ok
    17:46:59.0834 7660  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:46:59.0894 7660  clr_optimization_v4.0.30319_32 - ok
    17:46:59.0970 7660  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:47:00.0033 7660  clr_optimization_v4.0.30319_64 - ok
    17:47:00.0073 7660  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
    17:47:00.0077 7660  CmBatt - ok
    17:47:00.0092 7660  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
    17:47:00.0095 7660  cmdide - ok
    17:47:00.0137 7660  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
    17:47:00.0140 7660  CNG - ok
    17:47:00.0177 7660  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
    17:47:00.0181 7660  Compbatt - ok
    17:47:00.0223 7660  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
    17:47:00.0276 7660  CompositeBus - ok
    17:47:00.0281 7660  COMSysApp - ok
    17:47:00.0294 7660  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
    17:47:00.0296 7660  crcdisk - ok
    17:47:00.0323 7660  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
    17:47:00.0324 7660  CryptSvc - ok
    17:47:00.0387 7660  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
    17:47:00.0432 7660  CtClsFlt - ok
    17:47:00.0536 7660  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    17:47:00.0547 7660  cvhsvc - ok
    17:47:00.0594 7660  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
    17:47:00.0659 7660  DcomLaunch - ok
    17:47:00.0728 7660  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
    17:47:00.0730 7660  defragsvc - ok
    17:47:00.0835 7660  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
    17:47:00.0838 7660  DfsC - ok
    17:47:00.0870 7660  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
    17:47:00.0873 7660  Dhcp - ok
    17:47:00.0921 7660  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
    17:47:00.0922 7660  discache - ok
    17:47:00.0935 7660  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
    17:47:00.0941 7660  Disk - ok
    17:47:00.0976 7660  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
    17:47:00.0978 7660  Dnscache - ok
    17:47:01.0016 7660  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
    17:47:01.0018 7660  dot3svc - ok
    17:47:01.0055 7660  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
    17:47:01.0057 7660  DPS - ok
    17:47:01.0073 7660  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
    17:47:01.0078 7660  drmkaud - ok
    17:47:01.0134 7660  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
    17:47:01.0207 7660  DXGKrnl - ok
    17:47:01.0248 7660  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
    17:47:01.0252 7660  EapHost - ok
    17:47:01.0356 7660  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
    17:47:01.0395 7660  ebdrv - ok
    17:47:01.0421 7660  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
    17:47:01.0470 7660  EFS - ok
    17:47:01.0576 7660  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
    17:47:01.0638 7660  ehRecvr - ok
    17:47:01.0666 7660  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
    17:47:01.0667 7660  ehSched - ok
    17:47:01.0699 7660  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
    17:47:01.0706 7660  elxstor - ok
    17:47:01.0738 7660  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
    17:47:01.0741 7660  ErrDev - ok
    17:47:01.0904 7660  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
    17:47:01.0911 7660  EventSystem - ok
    17:47:01.0950 7660  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
    17:47:01.0960 7660  exfat - ok
    17:47:02.0029 7660  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
    17:47:02.0032 7660  fastfat - ok
    17:47:02.0084 7660  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
    17:47:02.0144 7660  Fax - ok
    17:47:02.0172 7660  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
    17:47:02.0176 7660  fdc - ok
    17:47:02.0212 7660  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
    17:47:02.0219 7660  fdPHost - ok
    17:47:02.0232 7660  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
    17:47:02.0234 7660  FDResPub - ok
    17:47:02.0310 7660  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
    17:47:02.0311 7660  FileInfo - ok
    17:47:02.0322 7660  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
    17:47:02.0323 7660  Filetrace - ok
    17:47:02.0362 7660  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
    17:47:02.0369 7660  flpydisk - ok
    17:47:02.0414 7660  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
    17:47:02.0418 7660  FltMgr - ok
    17:47:02.0487 7660  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
    17:47:02.0500 7660  FontCache - ok
    17:47:02.0574 7660  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:47:02.0645 7660  FontCache3.0.0.0 - ok
    17:47:02.0669 7660  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
    17:47:02.0670 7660  FsDepends - ok
    17:47:02.0725 7660  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
    17:47:02.0794 7660  fssfltr - ok
    17:47:02.0994 7660  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    17:47:03.0065 7660  fsssvc - ok
    17:47:03.0124 7660  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
    17:47:03.0192 7660  Fs_Rec - ok
    17:47:03.0251 7660  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
    17:47:03.0255 7660  fvevol - ok
    17:47:03.0276 7660  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:47:03.0285 7660  gagp30kx - ok
    17:47:03.0365 7660  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    17:47:03.0436 7660  GamesAppService - ok
    17:47:03.0490 7660  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    17:47:03.0562 7660  GoToAssist - ok
    17:47:03.0622 7660  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
    17:47:03.0627 7660  gpsvc - ok
    17:47:03.0700 7660  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:47:03.0771 7660  gupdate - ok
    17:47:03.0789 7660  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:47:03.0854 7660  gupdatem - ok
    17:47:03.0884 7660  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    17:47:03.0886 7660  gusvc - ok
    17:47:03.0922 7660  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
    17:47:03.0925 7660  hcw85cir - ok
    17:47:04.0001 7660  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:47:04.0056 7660  HdAudAddService - ok
    17:47:04.0081 7660  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
    17:47:04.0125 7660  HDAudBus - ok
    17:47:04.0243 7660  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
    17:47:04.0288 7660  HECIx64 - ok
    17:47:04.0334 7660  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
    17:47:04.0337 7660  HidBatt - ok
    17:47:04.0342 7660  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
    17:47:04.0346 7660  HidBth - ok
    17:47:04.0350 7660  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
    17:47:04.0353 7660  HidIr - ok
    17:47:04.0373 7660  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
    17:47:04.0374 7660  hidserv - ok
    17:47:04.0412 7660  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
    17:47:04.0461 7660  HidUsb - ok
    17:47:04.0485 7660  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
    17:47:04.0487 7660  hkmsvc - ok
    17:47:04.0527 7660  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:47:04.0587 7660  HomeGroupListener - ok
    17:47:04.0622 7660  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:47:04.0625 7660  HomeGroupProvider - ok
    17:47:04.0660 7660  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
    17:47:04.0712 7660  HpSAMD - ok
    17:47:04.0775 7660  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
    17:47:04.0829 7660  HTTP - ok
    17:47:04.0896 7660  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
    17:47:04.0932 7660  hwpolicy - ok
    17:47:04.0985 7660  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
    17:47:04.0997 7660  i8042prt - ok
    17:47:05.0043 7660  [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
    17:47:05.0049 7660  iaStor - ok
    17:47:05.0102 7660  [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    17:47:05.0103 7660  IAStorDataMgrSvc - ok
    17:47:05.0167 7660  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
    17:47:05.0232 7660  iaStorV - ok
    17:47:05.0386 7660  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:47:05.0454 7660  idsvc - ok
    17:47:05.0772 7660  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:47:05.0859 7660  igfx - ok
    17:47:05.0939 7660  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
    17:47:05.0948 7660  iirsp - ok
    17:47:06.0042 7660  [ 54E0F4CCD6CE99A807459AF928DD64AC ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    17:47:06.0045 7660  IJPLMSVC - ok
    17:47:06.0098 7660  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
    17:47:06.0106 7660  IKEEXT - ok
    17:47:06.0148 7660  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
    17:47:06.0200 7660  Impcd - ok
    17:47:06.0249 7660  [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:47:06.0297 7660  IntcDAud - ok
    17:47:06.0318 7660  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
    17:47:06.0320 7660  intelide - ok
    17:47:06.0431 7660  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
    17:47:06.0432 7660  intelppm - ok
    17:47:06.0503 7660  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
    17:47:06.0505 7660  IPBusEnum - ok
    17:47:06.0558 7660  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:47:06.0625 7660  IpFilterDriver - ok
    17:47:06.0668 7660  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
    17:47:06.0712 7660  iphlpsvc - ok
    17:47:06.0761 7660  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
    17:47:06.0806 7660  IPMIDRV - ok
    17:47:06.0841 7660  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
    17:47:06.0846 7660  IPNAT - ok
    17:47:06.0863 7660  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
    17:47:06.0864 7660  IRENUM - ok
    17:47:06.0906 7660  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
    17:47:06.0909 7660  isapnp - ok
    17:47:06.0951 7660  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
    17:47:07.0004 7660  iScsiPrt - ok
    17:47:07.0068 7660  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
    17:47:07.0075 7660  kbdclass - ok
    17:47:07.0121 7660  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
    17:47:07.0180 7660  kbdhid - ok
    17:47:07.0198 7660  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
    17:47:07.0246 7660  KeyIso - ok
    17:47:07.0289 7660  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
    17:47:07.0292 7660  KSecDD - ok
    17:47:07.0331 7660  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
    17:47:07.0334 7660  KSecPkg - ok
    17:47:07.0376 7660  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
    17:47:07.0381 7660  ksthunk - ok
    17:47:07.0408 7660  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
    17:47:07.0420 7660  KtmRm - ok
    17:47:07.0473 7660  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
    17:47:07.0515 7660  LanmanServer - ok
    17:47:07.0571 7660  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:47:07.0613 7660  LanmanWorkstation - ok
    17:47:07.0694 7660  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
    17:47:07.0703 7660  lltdio - ok
    17:47:07.0741 7660  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
    17:47:07.0750 7660  lltdsvc - ok
    17:47:07.0762 7660  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
    17:47:07.0769 7660  lmhosts - ok
    17:47:07.0821 7660  [ 23DE5B62B0445A6F874BE633C95B483E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    17:47:07.0905 7660  LMS - ok
    17:47:07.0928 7660  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:47:07.0932 7660  LSI_FC - ok
    17:47:07.0946 7660  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:47:07.0949 7660  LSI_SAS - ok
    17:47:07.0965 7660  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:47:07.0968 7660  LSI_SAS2 - ok
    17:47:07.0973 7660  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:47:07.0977 7660  LSI_SCSI - ok
    17:47:08.0020 7660  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
    17:47:08.0021 7660  luafv - ok
    17:47:08.0060 7660  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
    17:47:08.0106 7660  MBAMProtector - ok
    17:47:08.0163 7660  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    17:47:08.0223 7660  MBAMScheduler - ok
    17:47:08.0253 7660  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    17:47:08.0318 7660  MBAMService - ok
    17:47:08.0461 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    17:47:08.0465 7660  McAfee SiteAdvisor Service - ok
    17:47:08.0477 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    17:47:08.0480 7660  McMPFSvc - ok
    17:47:08.0513 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    17:47:08.0516 7660  mcmscsvc - ok
    17:47:08.0549 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    17:47:08.0552 7660  McNaiAnn - ok
    17:47:08.0559 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    17:47:08.0562 7660  McNASvc - ok
    17:47:08.0637 7660  [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
    17:47:08.0706 7660  McODS - ok
    17:47:08.0750 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    17:47:08.0752 7660  McOobeSv - ok
    17:47:08.0790 7660  [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    17:47:08.0792 7660  McProxy - ok
    17:47:08.0885 7660  [ E998E3B12101288D716558466CBF6AE1 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    17:47:08.0888 7660  McShield - ok
    17:47:08.0923 7660  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
    17:47:08.0969 7660  Mcx2Svc - ok
    17:47:08.0998 7660  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
    17:47:09.0002 7660  megasas - ok
    17:47:09.0023 7660  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
    17:47:09.0030 7660  MegaSR - ok
    17:47:09.0064 7660  [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
    17:47:09.0113 7660  mfeapfk - ok
    17:47:09.0150 7660  [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
    17:47:09.0203 7660  mfeavfk - ok
    17:47:09.0229 7660  mfeavfk01 - ok
    17:47:09.0299 7660  [ B26782C3D6045B4464017D7926877560 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    17:47:09.0301 7660  mfefire - ok
    17:47:09.0362 7660  [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
    17:47:09.0432 7660  mfefirek - ok
    17:47:09.0480 7660  [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
    17:47:09.0489 7660  mfehidk - ok
    17:47:09.0527 7660  [ A8129CFB919347F8533C934B365E9202 ] mfenlfk         C:\Windows\system32\DRIVERS\mfenlfk.sys
    17:47:09.0529 7660  mfenlfk - ok
    17:47:09.0576 7660  [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
    17:47:09.0625 7660  mferkdet - ok
    17:47:09.0690 7660  [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    17:47:09.0691 7660  mfevtp - ok
    17:47:09.0715 7660  [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
    17:47:09.0717 7660  mfewfpk - ok
    17:47:09.0747 7660  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
    17:47:09.0749 7660  MMCSS - ok
    17:47:09.0782 7660  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
    17:47:09.0784 7660  Modem - ok
    17:47:09.0931 7660  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
    17:47:09.0936 7660  monitor - ok
    17:47:09.0953 7660  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
    17:47:09.0957 7660  mouclass - ok
    17:47:09.0973 7660  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
    17:47:09.0977 7660  mouhid - ok
    17:47:10.0007 7660  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
    17:47:10.0008 7660  mountmgr - ok
    17:47:10.0110 7660  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:47:10.0174 7660  MozillaMaintenance - ok
    17:47:10.0208 7660  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
    17:47:10.0256 7660  mpio - ok
    17:47:10.0280 7660  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
    17:47:10.0286 7660  mpsdrv - ok
    17:47:10.0330 7660  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
    17:47:10.0336 7660  MpsSvc - ok
    17:47:10.0373 7660  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
    17:47:10.0441 7660  MRxDAV - ok
    17:47:10.0491 7660  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:47:10.0493 7660  mrxsmb - ok
    17:47:10.0524 7660  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:47:10.0526 7660  mrxsmb10 - ok
    17:47:10.0568 7660  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:47:10.0569
    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Infected with zeroaccess rootkit!!!
    « Reply #17 on: October 07, 2012, 07:54:11 PM »
    Please download MiniToolBox to Desktop and run it.



    Checkmark the following boxes:

      • Flush DNS
      • Report IE Proxy Settings
      • Reset IE Proxy Settings
      • List content of Hosts
      • List IP Configuration
      • Lst Last 10 Event Viewer Errors
      • List Users, Partitions and Memory Size
        • [/b]
      Click Go and copy/paste the log (Result.txt) into your next post.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      tsfc

        Topic Starter


        Rookie

        • Experience: Familiar
        • OS: Windows 7
        Re: Infected with zeroaccess rootkit!!!
        « Reply #18 on: October 08, 2012, 10:17:49 AM »
        MiniToolBox by Farbar  Version: 23-07-2012
        Ran by Joshua (administrator) on 08-10-2012 at 11:24:14
        Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
        Boot Mode: Normal
        ***************************************************************************

        ========================= Flush DNS: ===================================

        Windows IP Configuration

        Successfully flushed the DNS Resolver Cache.

        ========================= IE Proxy Settings: ==============================

        Proxy is not enabled.
        No Proxy Server is set.

        "Reset IE Proxy Settings": IE Proxy Settings were reset.
        ========================= Hosts content: =================================

        127.0.0.1       localhost

        ========================= IP Configuration: ================================

        DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
        Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
        Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected)
        Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


        # ----------------------------------
        # IPv4 Configuration
        # ----------------------------------
        pushd interface ipv4

        reset
        set global
        add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.72 metric=1 publish=Yes


        popd
        # End of IPv4 configuration



        Windows IP Configuration

           Host Name . . . . . . . . . . . . : Joshua-PC
           Primary Dns Suffix  . . . . . . . :
           Node Type . . . . . . . . . . . . : Broadcast
           IP Routing Enabled. . . . . . . . : No
           WINS Proxy Enabled. . . . . . . . : No
           DNS Suffix Search List. . . . . . : gateway.2wire.net

        Wireless LAN adapter Wireless Network Connection 2:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
           Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes

        Ethernet adapter Local Area Connection 2:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter
           Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes

        Wireless LAN adapter Wireless Network Connection:

           Connection-specific DNS Suffix  . : gateway.2wire.net
           Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
           Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes
           Link-local IPv6 Address . . . . . : fe80::3d3d:c5a:25ec:b91f%12(Preferred)
           IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
           Subnet Mask . . . . . . . . . . . : 255.255.255.0
           Lease Obtained. . . . . . . . . . : Saturday, October 06, 2012 12:41:46 PM
           Lease Expires . . . . . . . . . . : Tuesday, October 09, 2012 11:17:03 AM
           Default Gateway . . . . . . . . . : 192.168.1.254
           DHCP Server . . . . . . . . . . . : 192.168.1.254
           DHCPv6 IAID . . . . . . . . . . . : 247515960
           DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C2-1D-F5-F0-4D-A2-C8-56-6C
           DNS Servers . . . . . . . . . . . : 192.168.1.254
           NetBIOS over Tcpip. . . . . . . . : Enabled

        Ethernet adapter Local Area Connection:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
           Physical Address. . . . . . . . . : F0-4D-A2-C8-56-6C
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes

        Tunnel adapter isatap.gateway.2wire.net:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . : gateway.2wire.net
           Description . . . . . . . . . . . : Microsoft ISATAP Adapter
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes

        Tunnel adapter Teredo Tunneling Pseudo-Interface:

           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes
           IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1856:282a:b973:6c43(Preferred)
           Link-local IPv6 Address . . . . . : fe80::1856:282a:b973:6c43%19(Preferred)
           Default Gateway . . . . . . . . . : ::
           NetBIOS over Tcpip. . . . . . . . : Disabled

        Tunnel adapter isatap.{78D026F0-6BF5-439A-BB4F-3D506194B4E6}:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes

        Tunnel adapter isatap.{92522764-F5CA-4CE5-A3A1-22D349C2C0C4}:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes

        Tunnel adapter isatap.{C39F09A7-04CC-403D-9070-C7E8AADE3F77}:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes
        Server:  homeportal
        Address:  192.168.1.254

        Name:    google.com
        Addresses:  2607:f8b0:4000:801::1007
             74.125.227.0
             74.125.227.1
             74.125.227.2
             74.125.227.3
             74.125.227.4
             74.125.227.5
             74.125.227.6
             74.125.227.7
             74.125.227.8
             74.125.227.9
             74.125.227.14


        Pinging google.com [74.125.227.66] with 32 bytes of data:
        Reply from 74.125.227.66: bytes=32 time=90ms TTL=52
        Reply from 74.125.227.66: bytes=32 time=120ms TTL=52

        Ping statistics for 74.125.227.66:
            Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
        Approximate round trip times in milli-seconds:
            Minimum = 90ms, Maximum = 120ms, Average = 105ms
        Server:  homeportal
        Address:  192.168.1.254

        Name:    yahoo.com
        Addresses:  72.30.38.140
             98.138.253.109
             98.139.183.24


        Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
        Reply from 72.30.38.140: bytes=32 time=966ms TTL=48
        Reply from 72.30.38.140: bytes=32 time=1146ms TTL=48

        Ping statistics for 72.30.38.140:
            Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
        Approximate round trip times in milli-seconds:
            Minimum = 966ms, Maximum = 1146ms, Average = 1056ms
        Server:  homeportal
        Address:  192.168.1.254

        Name:    bleepingcomputer.com
        Address:  208.43.87.2


        Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
        Reply from 208.43.87.2: Destination host unreachable.
        Reply from 208.43.87.2: Destination host unreachable.

        Ping statistics for 208.43.87.2:
            Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

        Pinging 127.0.0.1 with 32 bytes of data:
        Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
        Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

        Ping statistics for 127.0.0.1:
            Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
        Approximate round trip times in milli-seconds:
            Minimum = 0ms, Maximum = 0ms, Average = 0ms
        ===========================================================================
        Interface List
         17...c0 cb 38 95 c5 6c ......Microsoft Virtual WiFi Miniport Adapter
         13...c0 cb 38 95 c5 6c ......Broadcom Virtual Wireless Adapter
         12...c0 cb 38 95 c5 6c ......DW1501 Wireless-N WLAN Half-Mini Card
         10...f0 4d a2 c8 56 6c ......Realtek PCIe FE Family Controller
          1...........................Software Loopback Interface 1
         18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
         19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
         20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
         21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
         22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
        ===========================================================================

        IPv4 Route Table
        ===========================================================================
        Active Routes:
        Network Destination        Netmask          Gateway       Interface  Metric
                  0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.72     25
                127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
                127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
          127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
              169.254.0.0      255.255.0.0         On-link      192.168.1.72     26
          169.254.255.255  255.255.255.255         On-link      192.168.1.72    281
              192.168.1.0    255.255.255.0         On-link      192.168.1.72    281
             192.168.1.72  255.255.255.255         On-link      192.168.1.72    281
            192.168.1.255  255.255.255.255         On-link      192.168.1.72    281
                224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
                224.0.0.0        240.0.0.0         On-link      192.168.1.72    281
          255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          255.255.255.255  255.255.255.255         On-link      192.168.1.72    281
        ===========================================================================
        Persistent Routes:
          Network Address          Netmask  Gateway Address  Metric
              169.254.0.0      255.255.0.0     192.168.1.72       1
        ===========================================================================

        IPv6 Route Table
        ===========================================================================
        Active Routes:
         If Metric Network Destination      Gateway
         19     58 ::/0                     On-link
          1    306 ::1/128                  On-link
         19     58 2001::/32                On-link
         19    306 2001:0:4137:9e76:1856:282a:b973:6c43/128
                                            On-link
         12    281 fe80::/64                On-link
         19    306 fe80::/64                On-link
         19    306 fe80::1856:282a:b973:6c43/128
                                            On-link
         12    281 fe80::3d3d:c5a:25ec:b91f/128
                                            On-link
          1    306 ff00::/8                 On-link
         19    306 ff00::/8                 On-link
         12    281 ff00::/8                 On-link
        ===========================================================================
        Persistent Routes:
          None

        ========================= Event log errors: ===============================

        Application errors:
        ==================
        Error: (10/05/2012 10:04:41 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (10/05/2012 10:03:23 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (10/04/2012 10:06:30 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (10/04/2012 10:06:30 AM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (10/03/2012 10:47:19 PM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (10/03/2012 10:44:01 PM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (10/03/2012 10:42:51 PM) (Source: Microsoft-Windows-Defrag) (User: )
        Description: The volume (H:) was not defragmented because an error was encountered: The disk was disconnected from the system. (0x89000011)

        Error: (10/03/2012 10:42:38 PM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (10/03/2012 07:35:03 PM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

        Error: (10/03/2012 07:34:58 PM) (Source: SideBySide) (User: )
        Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
        A component version required by the application conflicts with another component version already active.
        Conflicting components are:.
        Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
        Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


        System errors:
        =============
        Error: (10/04/2012 10:46:03 AM) (Source: Service Control Manager) (User: )
        Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

        Error: (10/04/2012 10:45:33 AM) (Source: Service Control Manager) (User: )
        Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

        Error: (10/04/2012 08:09:13 AM) (Source: Service Control Manager) (User: )
        Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

        Error: (10/02/2012 10:09:26 PM) (Source: Service Control Manager) (User: )
        Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

        Error: (10/02/2012 10:08:56 PM) (Source: Service Control Manager) (User: )
        Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

        Error: (10/02/2012 10:05:28 PM) (Source: DCOM) (User: )
        Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

        Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
        Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
        %%1068

        Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
        Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
        %%1068

        Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
        Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
        %%1068

        Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
        Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
        %%1068


        Microsoft Office Sessions:
        =========================
        Error: (10/05/2012 10:04:41 AM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

        Error: (10/05/2012 10:03:23 AM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

        Error: (10/04/2012 10:06:30 AM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

        Error: (10/04/2012 10:06:30 AM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

        Error: (10/03/2012 10:47:19 PM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe

        Error: (10/03/2012 10:44:01 PM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

        Error: (10/03/2012 10:42:51 PM) (Source: Microsoft-Windows-Defrag)(User: )
        Description: (H:)The disk was disconnected from the system. (0x89000011)

        Error: (10/03/2012 10:42:38 PM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

        Error: (10/03/2012 07:35:03 PM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe

        Error: (10/03/2012 07:34:58 PM) (Source: SideBySide)(User: )
        Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe


        ========================= Memory info: ===================================

        Percentage of memory in use: 34%
        Total physical RAM: 3894.68 MB
        Available physical RAM: 2536.79 MB
        Total Pagefile: 7787.56 MB
        Available Pagefile: 5084.63 MB
        Total Virtual: 4095.88 MB
        Available Virtual: 3963.11 MB

        ========================= Partitions: =====================================

        1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:364.94 GB) NTFS
        4 Drive h: () (Removable) (Total:3.69 GB) (Free:0.02 GB) FAT32

        ========================= Users: ========================================

        User accounts for \\JOSHUA-PC

        Administrator            Guest                    Joshua                   


        **** End of log ****
        Logged

        SuperDave

        • Malware Removal Specialist


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Infected with zeroaccess rootkit!!!
        « Reply #19 on: October 08, 2012, 04:34:44 PM »
        The internet speed seems acceptable. I really can't see what would cause the slowness you speak of. Did you try another browser?
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        tsfc

          Topic Starter


          Rookie

          • Experience: Familiar
          • OS: Windows 7
          Re: Infected with zeroaccess rootkit!!!
          « Reply #20 on: October 21, 2012, 11:16:12 PM »
          I tried another browser and it is working alittle better but I seem to be have a problem loading videos.
          Logged

          SuperDave

          • Malware Removal Specialist


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Infected with zeroaccess rootkit!!!
          « Reply #21 on: October 22, 2012, 04:10:44 PM »
          Please try disabling all your add-ons to see if that makes any difference.
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's
          Pages: 1 [2]  All   Go Up
          « previous next »