Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web links redirected - Strange Pop-up add


  • Please log in to reply
9 replies to this topic

#1 MartinMiggs

MartinMiggs

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 13 November 2012 - 01:14 AM

Hello!
I'm having a couple of issues with my web browsers which are worrying me greatly. (I use Google Chrome and Mozilla Firefox.) For some days now, some web links that I click get redirected to sites that are not related to the link I clicked. If I hit 'back' and click the link again, it then takes me to the correct page. Also, today a strange pop-up add began appearing in the top right corner of certain web pages and is greatly interfering with my ability to use those pages. I cannot 'x' out of the pop-up or otherwise make it go away without leaving the page entirely only for it to reappear when I return.

Some additional information:
* Windows 7
* 32-bit
* I use AVG virus protection
* I ran a scan of MBAM, and it turned up no rootkits.
* My problem sounded exactly like the one posted here: http://www.bleepingcomputer.com/forums/topic455591.html so I used TDSS killer (which reported nothing out of the ordinary), and GMER and aswMBR (which both worryingly were interrupted by my computer spontaneously restarting during the scans).

I would greatly appreciate any help you can offer!

Edited by Orange Blossom, 13 November 2012 - 01:43 AM.
Moved to AII from Web-Browsing. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 13 November 2012 - 01:35 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 MartinMiggs

MartinMiggs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 13 November 2012 - 08:08 AM

TDSS Killer

01:38:36.0073 0604 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:38:36.0521 0604 ============================================================
01:38:36.0521 0604 Current date / time: 2012/11/13 01:38:36.0521
01:38:36.0521 0604 SystemInfo:
01:38:36.0521 0604
01:38:36.0521 0604 OS Version: 6.1.7601 ServicePack: 1.0
01:38:36.0521 0604 Product type: Workstation
01:38:36.0521 0604 ComputerName: ERIN-PC
01:38:36.0521 0604 UserName: Erin
01:38:36.0521 0604 Windows directory: C:\Windows
01:38:36.0521 0604 System windows directory: C:\Windows
01:38:36.0521 0604 Processor architecture: Intel x86
01:38:36.0521 0604 Number of processors: 2
01:38:36.0521 0604 Page size: 0x1000
01:38:36.0521 0604 Boot type: Normal boot
01:38:36.0521 0604 ============================================================
01:38:38.0893 0604 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:38:38.0952 0604 Drive \Device\Harddisk1\DR1 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:38:39.0441 0604 ============================================================
01:38:39.0441 0604 \Device\Harddisk0\DR0:
01:38:39.0464 0604 MBR partitions:
01:38:39.0464 0604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDFC800, BlocksNum 0x166A21B0
01:38:39.0464 0604 \Device\Harddisk1\DR1:
01:38:39.0465 0604 MBR partitions:
01:38:39.0465 0604 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
01:38:39.0465 0604 ============================================================
01:38:39.0497 0604 C: <-> \Device\Harddisk0\DR0\Partition1
01:38:39.0512 0604 F: <-> \Device\Harddisk1\DR1\Partition1
01:38:39.0512 0604 ============================================================
01:38:39.0512 0604 Initialize success
01:38:39.0512 0604 ============================================================
01:39:03.0456 4628 ============================================================
01:39:03.0456 4628 Scan started
01:39:03.0456 4628 Mode: Manual; TDLFS;
01:39:03.0456 4628 ============================================================
01:39:06.0473 4628 ================ Scan system memory ========================
01:39:06.0473 4628 System memory - ok
01:39:06.0474 4628 ================ Scan services =============================
01:39:06.0734 4628 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:39:06.0738 4628 1394ohci - ok
01:39:06.0768 4628 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:39:06.0774 4628 ACPI - ok
01:39:06.0823 4628 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:39:06.0824 4628 AcpiPmi - ok
01:39:06.0989 4628 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
01:39:06.0991 4628 AdobeARMservice - ok
01:39:07.0076 4628 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:39:07.0079 4628 AdobeFlashPlayerUpdateSvc - ok
01:39:07.0164 4628 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:39:07.0174 4628 adp94xx - ok
01:39:07.0203 4628 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:39:07.0210 4628 adpahci - ok
01:39:07.0235 4628 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:39:07.0240 4628 adpu320 - ok
01:39:07.0286 4628 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:39:07.0288 4628 AeLookupSvc - ok
01:39:07.0361 4628 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
01:39:07.0369 4628 AFD - ok
01:39:07.0434 4628 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
01:39:07.0436 4628 agp440 - ok
01:39:07.0494 4628 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
01:39:07.0497 4628 aic78xx - ok
01:39:07.0581 4628 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
01:39:07.0584 4628 ALG - ok
01:39:07.0608 4628 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
01:39:07.0610 4628 aliide - ok
01:39:07.0637 4628 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
01:39:07.0639 4628 amdagp - ok
01:39:07.0669 4628 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
01:39:07.0671 4628 amdide - ok
01:39:07.0731 4628 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:39:07.0733 4628 AmdK8 - ok
01:39:07.0760 4628 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:39:07.0763 4628 AmdPPM - ok
01:39:07.0828 4628 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:39:07.0831 4628 amdsata - ok
01:39:07.0862 4628 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:39:07.0867 4628 amdsbs - ok
01:39:07.0888 4628 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:39:07.0890 4628 amdxata - ok
01:39:07.0935 4628 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
01:39:07.0937 4628 AppID - ok
01:39:08.0006 4628 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:39:08.0008 4628 AppIDSvc - ok
01:39:08.0059 4628 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
01:39:08.0060 4628 Appinfo - ok
01:39:08.0182 4628 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:39:08.0186 4628 Apple Mobile Device - ok
01:39:08.0295 4628 [ 70968A726D9DE0F0259D4AEB965FAD61 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
01:39:08.0311 4628 Application Updater - ok
01:39:08.0382 4628 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
01:39:08.0386 4628 AppMgmt - ok
01:39:08.0445 4628 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
01:39:08.0447 4628 arc - ok
01:39:08.0472 4628 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:39:08.0475 4628 arcsas - ok
01:39:08.0516 4628 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:39:08.0516 4628 AsyncMac - ok
01:39:08.0565 4628 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
01:39:08.0566 4628 atapi - ok
01:39:08.0629 4628 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:39:08.0639 4628 AudioEndpointBuilder - ok
01:39:08.0653 4628 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
01:39:08.0657 4628 Audiosrv - ok
01:39:08.0936 4628 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
01:39:09.0112 4628 AVGIDSAgent - ok
01:39:09.0180 4628 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
01:39:09.0203 4628 AVGIDSDriver - ok
01:39:09.0229 4628 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
01:39:09.0231 4628 AVGIDSFilter - ok
01:39:09.0273 4628 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
01:39:09.0275 4628 AVGIDSHX - ok
01:39:09.0333 4628 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
01:39:09.0336 4628 AVGIDSShim - ok
01:39:09.0390 4628 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
01:39:09.0396 4628 Avgldx86 - ok
01:39:09.0435 4628 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
01:39:09.0437 4628 Avgmfx86 - ok
01:39:09.0484 4628 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
01:39:09.0486 4628 Avgrkx86 - ok
01:39:09.0538 4628 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
01:39:09.0545 4628 Avgtdix - ok
01:39:09.0602 4628 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
01:39:09.0606 4628 avgwd - ok
01:39:09.0653 4628 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:39:09.0656 4628 AxInstSV - ok
01:39:09.0717 4628 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
01:39:09.0727 4628 b06bdrv - ok
01:39:09.0765 4628 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
01:39:09.0771 4628 b57nd60x - ok
01:39:09.0846 4628 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
01:39:09.0849 4628 BDESVC - ok
01:39:09.0859 4628 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
01:39:09.0861 4628 Beep - ok
01:39:09.0927 4628 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
01:39:09.0937 4628 BFE - ok
01:39:09.0999 4628 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
01:39:10.0064 4628 BITS - ok
01:39:10.0089 4628 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:39:10.0092 4628 blbdrive - ok
01:39:10.0201 4628 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:39:10.0210 4628 Bonjour Service - ok
01:39:10.0266 4628 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:39:10.0269 4628 bowser - ok
01:39:10.0302 4628 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:39:10.0304 4628 BrFiltLo - ok
01:39:10.0325 4628 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:39:10.0327 4628 BrFiltUp - ok
01:39:10.0374 4628 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
01:39:10.0377 4628 Browser - ok
01:39:10.0420 4628 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:39:10.0427 4628 Brserid - ok
01:39:10.0450 4628 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:39:10.0453 4628 BrSerWdm - ok
01:39:10.0475 4628 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:39:10.0477 4628 BrUsbMdm - ok
01:39:10.0489 4628 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:39:10.0491 4628 BrUsbSer - ok
01:39:10.0509 4628 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:39:10.0512 4628 BTHMODEM - ok
01:39:10.0567 4628 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
01:39:10.0570 4628 bthserv - ok
01:39:10.0606 4628 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:39:10.0609 4628 cdfs - ok
01:39:10.0686 4628 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:39:10.0690 4628 cdrom - ok
01:39:10.0750 4628 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
01:39:10.0753 4628 CertPropSvc - ok
01:39:10.0795 4628 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:39:10.0798 4628 circlass - ok
01:39:10.0843 4628 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
01:39:10.0849 4628 CLFS - ok
01:39:10.0973 4628 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:39:10.0979 4628 clr_optimization_v2.0.50727_32 - ok
01:39:11.0088 4628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:39:11.0098 4628 clr_optimization_v4.0.30319_32 - ok
01:39:11.0142 4628 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:39:11.0144 4628 CmBatt - ok
01:39:11.0183 4628 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:39:11.0185 4628 cmdide - ok
01:39:11.0261 4628 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
01:39:11.0270 4628 CNG - ok
01:39:11.0382 4628 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:39:11.0384 4628 Compbatt - ok
01:39:11.0499 4628 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:39:11.0541 4628 CompositeBus - ok
01:39:11.0628 4628 COMSysApp - ok
01:39:11.0675 4628 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:39:11.0677 4628 crcdisk - ok
01:39:11.0740 4628 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:39:11.0745 4628 CryptSvc - ok
01:39:11.0796 4628 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
01:39:11.0805 4628 CSC - ok
01:39:11.0869 4628 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
01:39:11.0881 4628 CscService - ok
01:39:11.0912 4628 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
01:39:11.0922 4628 DcomLaunch - ok
01:39:11.0967 4628 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
01:39:11.0973 4628 defragsvc - ok
01:39:12.0026 4628 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:39:12.0029 4628 DfsC - ok
01:39:12.0097 4628 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
01:39:12.0104 4628 Dhcp - ok
01:39:12.0129 4628 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
01:39:12.0131 4628 discache - ok
01:39:12.0193 4628 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:39:12.0195 4628 Disk - ok
01:39:12.0234 4628 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:39:12.0238 4628 Dnscache - ok
01:39:12.0299 4628 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
01:39:12.0305 4628 dot3svc - ok
01:39:12.0360 4628 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
01:39:12.0365 4628 DPS - ok
01:39:12.0434 4628 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:39:12.0436 4628 drmkaud - ok
01:39:12.0499 4628 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:39:12.0515 4628 DXGKrnl - ok
01:39:12.0565 4628 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
01:39:12.0569 4628 EapHost - ok
01:39:12.0732 4628 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
01:39:12.0793 4628 ebdrv - ok
01:39:12.0847 4628 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
01:39:12.0849 4628 EFS - ok
01:39:12.0948 4628 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:39:12.0962 4628 ehRecvr - ok
01:39:13.0017 4628 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
01:39:13.0021 4628 ehSched - ok
01:39:13.0107 4628 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:39:13.0117 4628 elxstor - ok
01:39:13.0242 4628 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
01:39:13.0247 4628 EPSON_EB_RPCV4_01 - ok
01:39:13.0267 4628 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
01:39:13.0310 4628 EPSON_PM_RPCV4_01 - ok
01:39:13.0347 4628 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:39:13.0348 4628 ErrDev - ok
01:39:13.0419 4628 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
01:39:13.0426 4628 EventSystem - ok
01:39:13.0465 4628 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
01:39:13.0470 4628 exfat - ok
01:39:13.0494 4628 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:39:13.0499 4628 fastfat - ok
01:39:13.0583 4628 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
01:39:13.0596 4628 Fax - ok
01:39:13.0636 4628 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:39:13.0639 4628 fdc - ok
01:39:13.0692 4628 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
01:39:13.0694 4628 fdPHost - ok
01:39:13.0716 4628 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
01:39:13.0719 4628 FDResPub - ok
01:39:13.0741 4628 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:39:13.0744 4628 FileInfo - ok
01:39:13.0761 4628 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:39:13.0763 4628 Filetrace - ok
01:39:13.0778 4628 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:39:13.0780 4628 flpydisk - ok
01:39:13.0816 4628 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:39:13.0821 4628 FltMgr - ok
01:39:13.0898 4628 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
01:39:13.0916 4628 FontCache - ok
01:39:14.0004 4628 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:39:14.0005 4628 FontCache3.0.0.0 - ok
01:39:14.0061 4628 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:39:14.0063 4628 FsDepends - ok
01:39:14.0102 4628 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:39:14.0105 4628 Fs_Rec - ok
01:39:14.0153 4628 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:39:14.0158 4628 fvevol - ok
01:39:14.0189 4628 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:39:14.0192 4628 gagp30kx - ok
01:39:14.0235 4628 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:39:14.0237 4628 GEARAspiWDM - ok
01:39:14.0292 4628 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
01:39:14.0305 4628 gpsvc - ok
01:39:14.0392 4628 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
01:39:14.0395 4628 gupdate - ok
01:39:14.0414 4628 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
01:39:14.0416 4628 gupdatem - ok
01:39:14.0463 4628 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:39:14.0469 4628 gusvc - ok
01:39:14.0544 4628 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:39:14.0546 4628 hcw85cir - ok
01:39:14.0615 4628 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:39:14.0623 4628 HdAudAddService - ok
01:39:14.0671 4628 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:39:14.0674 4628 HDAudBus - ok
01:39:14.0688 4628 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:39:14.0690 4628 HidBatt - ok
01:39:14.0723 4628 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:39:14.0727 4628 HidBth - ok
01:39:14.0777 4628 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:39:14.0779 4628 HidIr - ok
01:39:14.0818 4628 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
01:39:14.0821 4628 hidserv - ok
01:39:14.0883 4628 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
01:39:14.0886 4628 HidUsb - ok
01:39:14.0930 4628 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:39:14.0934 4628 hkmsvc - ok
01:39:14.0993 4628 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:39:14.0998 4628 HomeGroupListener - ok
01:39:15.0046 4628 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:39:15.0052 4628 HomeGroupProvider - ok
01:39:15.0115 4628 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:39:15.0118 4628 HpSAMD - ok
01:39:15.0183 4628 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:39:15.0195 4628 HTTP - ok
01:39:15.0239 4628 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:39:15.0241 4628 hwpolicy - ok
01:39:15.0334 4628 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:39:15.0337 4628 i8042prt - ok
01:39:15.0385 4628 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:39:15.0393 4628 iaStorV - ok
01:39:15.0476 4628 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:39:15.0484 4628 idsvc - ok
01:39:15.0715 4628 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
01:39:15.0893 4628 igfx - ok
01:39:15.0959 4628 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:39:15.0961 4628 iirsp - ok
01:39:16.0044 4628 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
01:39:16.0059 4628 IKEEXT - ok
01:39:16.0104 4628 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
01:39:16.0107 4628 intelide - ok
01:39:16.0129 4628 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:39:16.0131 4628 intelppm - ok
01:39:16.0186 4628 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:39:16.0190 4628 IPBusEnum - ok
01:39:16.0208 4628 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:39:16.0211 4628 IpFilterDriver - ok
01:39:16.0279 4628 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:39:16.0290 4628 iphlpsvc - ok
01:39:16.0342 4628 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:39:16.0345 4628 IPMIDRV - ok
01:39:16.0387 4628 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:39:16.0390 4628 IPNAT - ok
01:39:16.0471 4628 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:39:16.0489 4628 iPod Service - ok
01:39:16.0531 4628 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:39:16.0533 4628 IRENUM - ok
01:39:16.0612 4628 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:39:16.0626 4628 isapnp - ok
01:39:16.0674 4628 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:39:16.0680 4628 iScsiPrt - ok
01:39:16.0718 4628 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:39:16.0721 4628 kbdclass - ok
01:39:16.0757 4628 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:39:16.0759 4628 kbdhid - ok
01:39:16.0790 4628 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
01:39:16.0791 4628 KeyIso - ok
01:39:16.0842 4628 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:39:16.0845 4628 KSecDD - ok
01:39:16.0866 4628 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:39:16.0870 4628 KSecPkg - ok
01:39:16.0931 4628 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
01:39:16.0939 4628 KtmRm - ok
01:39:16.0964 4628 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
01:39:16.0970 4628 LanmanServer - ok
01:39:17.0026 4628 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:39:17.0031 4628 LanmanWorkstation - ok
01:39:17.0106 4628 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:39:17.0108 4628 lltdio - ok
01:39:17.0162 4628 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:39:17.0169 4628 lltdsvc - ok
01:39:17.0181 4628 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
01:39:17.0184 4628 lmhosts - ok
01:39:17.0222 4628 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:39:17.0226 4628 LSI_FC - ok
01:39:17.0244 4628 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:39:17.0247 4628 LSI_SAS - ok
01:39:17.0281 4628 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:39:17.0284 4628 LSI_SAS2 - ok
01:39:17.0311 4628 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:39:17.0314 4628 LSI_SCSI - ok
01:39:17.0339 4628 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
01:39:17.0343 4628 luafv - ok
01:39:17.0378 4628 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:39:17.0380 4628 MBAMProtector - ok
01:39:17.0481 4628 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:39:17.0491 4628 MBAMScheduler - ok
01:39:17.0581 4628 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:39:17.0596 4628 MBAMService - ok
01:39:17.0644 4628 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:39:17.0648 4628 Mcx2Svc - ok
01:39:17.0682 4628 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:39:17.0684 4628 megasas - ok
01:39:17.0727 4628 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:39:17.0733 4628 MegaSR - ok
01:39:17.0772 4628 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
01:39:17.0774 4628 MMCSS - ok
01:39:17.0792 4628 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
01:39:17.0794 4628 Modem - ok
01:39:17.0821 4628 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:39:17.0822 4628 monitor - ok
01:39:17.0894 4628 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
01:39:17.0896 4628 mouclass - ok
01:39:17.0938 4628 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:39:17.0941 4628 mouhid - ok
01:39:18.0003 4628 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:39:18.0006 4628 mountmgr - ok
01:39:18.0100 4628 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:39:18.0104 4628 MozillaMaintenance - ok
01:39:18.0112 4628 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
01:39:18.0116 4628 mpio - ok
01:39:18.0144 4628 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:39:18.0147 4628 mpsdrv - ok
01:39:18.0211 4628 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:39:18.0225 4628 MpsSvc - ok
01:39:18.0268 4628 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:39:18.0272 4628 MRxDAV - ok
01:39:18.0334 4628 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:39:18.0353 4628 mrxsmb - ok
01:39:18.0377 4628 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:39:18.0383 4628 mrxsmb10 - ok
01:39:18.0404 4628 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:39:18.0408 4628 mrxsmb20 - ok
01:39:18.0465 4628 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
01:39:18.0467 4628 msahci - ok
01:39:18.0529 4628 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:39:18.0533 4628 msdsm - ok
01:39:18.0578 4628 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
01:39:18.0584 4628 MSDTC - ok
01:39:18.0629 4628 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:39:18.0632 4628 Msfs - ok
01:39:18.0648 4628 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:39:18.0650 4628 mshidkmdf - ok
01:39:18.0665 4628 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:39:18.0667 4628 msisadrv - ok
01:39:18.0723 4628 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:39:18.0727 4628 MSiSCSI - ok
01:39:18.0733 4628 msiserver - ok
01:39:18.0776 4628 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:39:18.0778 4628 MSKSSRV - ok
01:39:18.0793 4628 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:39:18.0795 4628 MSPCLOCK - ok
01:39:18.0817 4628 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:39:18.0819 4628 MSPQM - ok
01:39:18.0846 4628 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:39:18.0851 4628 MsRPC - ok
01:39:18.0904 4628 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:39:18.0905 4628 mssmbios - ok
01:39:18.0942 4628 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:39:18.0944 4628 MSTEE - ok
01:39:18.0969 4628 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:39:18.0971 4628 MTConfig - ok
01:39:18.0995 4628 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
01:39:18.0997 4628 Mup - ok
01:39:19.0046 4628 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
01:39:19.0055 4628 napagent - ok
01:39:19.0105 4628 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:39:19.0112 4628 NativeWifiP - ok
01:39:19.0192 4628 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:39:19.0206 4628 NDIS - ok
01:39:19.0240 4628 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:39:19.0243 4628 NdisCap - ok
01:39:19.0303 4628 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:39:19.0305 4628 NdisTapi - ok
01:39:19.0369 4628 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:39:19.0371 4628 Ndisuio - ok
01:39:19.0413 4628 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:39:19.0417 4628 NdisWan - ok
01:39:19.0435 4628 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:39:19.0438 4628 NDProxy - ok
01:39:19.0477 4628 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:39:19.0480 4628 NetBIOS - ok
01:39:19.0534 4628 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:39:19.0539 4628 NetBT - ok
01:39:19.0561 4628 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
01:39:19.0563 4628 Netlogon - ok
01:39:19.0624 4628 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
01:39:19.0632 4628 Netman - ok
01:39:19.0646 4628 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
01:39:19.0656 4628 netprofm - ok
01:39:19.0700 4628 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:39:19.0701 4628 NetTcpPortSharing - ok
01:39:19.0871 4628 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
01:39:20.0023 4628 netw5v32 - ok
01:39:20.0083 4628 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:39:20.0085 4628 nfrd960 - ok
01:39:20.0130 4628 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:39:20.0137 4628 NlaSvc - ok
01:39:20.0154 4628 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:39:20.0156 4628 Npfs - ok
01:39:20.0192 4628 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
01:39:20.0195 4628 nsi - ok
01:39:20.0214 4628 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:39:20.0216 4628 nsiproxy - ok
01:39:20.0310 4628 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:39:20.0350 4628 Ntfs - ok
01:39:20.0381 4628 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
01:39:20.0383 4628 Null - ok
01:39:20.0428 4628 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:39:20.0432 4628 nvraid - ok
01:39:20.0457 4628 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:39:20.0461 4628 nvstor - ok
01:39:20.0501 4628 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:39:20.0504 4628 nv_agp - ok
01:39:20.0610 4628 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:39:20.0621 4628 odserv - ok
01:39:20.0662 4628 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:39:20.0665 4628 ohci1394 - ok
01:39:20.0721 4628 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:39:20.0727 4628 ose - ok
01:39:20.0778 4628 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:39:20.0786 4628 p2pimsvc - ok
01:39:20.0833 4628 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
01:39:20.0843 4628 p2psvc - ok
01:39:20.0894 4628 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:39:20.0897 4628 Parport - ok
01:39:20.0942 4628 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:39:20.0945 4628 partmgr - ok
01:39:20.0967 4628 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
01:39:20.0969 4628 Parvdm - ok
01:39:20.0996 4628 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:39:21.0002 4628 PcaSvc - ok
01:39:21.0082 4628 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
01:39:21.0086 4628 pci - ok
01:39:21.0120 4628 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
01:39:21.0122 4628 pciide - ok
01:39:21.0173 4628 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:39:21.0178 4628 pcmcia - ok
01:39:21.0198 4628 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
01:39:21.0201 4628 pcw - ok
01:39:21.0248 4628 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:39:21.0261 4628 PEAUTH - ok
01:39:21.0346 4628 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
01:39:21.0382 4628 PeerDistSvc - ok
01:39:21.0492 4628 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
01:39:21.0524 4628 pla - ok
01:39:21.0589 4628 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:39:21.0598 4628 PlugPlay - ok
01:39:21.0637 4628 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:39:21.0651 4628 PNRPAutoReg - ok
01:39:21.0678 4628 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:39:21.0682 4628 PNRPsvc - ok
01:39:21.0745 4628 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:39:21.0754 4628 PolicyAgent - ok
01:39:21.0803 4628 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
01:39:21.0808 4628 Power - ok
01:39:21.0866 4628 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:39:21.0869 4628 PptpMiniport - ok
01:39:21.0891 4628 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:39:21.0893 4628 Processor - ok
01:39:21.0946 4628 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
01:39:21.0952 4628 ProfSvc - ok
01:39:21.0975 4628 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:39:21.0977 4628 ProtectedStorage - ok
01:39:22.0056 4628 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:39:22.0060 4628 Psched - ok
01:39:22.0128 4628 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:39:22.0157 4628 ql2300 - ok
01:39:22.0184 4628 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:39:22.0188 4628 ql40xx - ok
01:39:22.0240 4628 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
01:39:22.0247 4628 QWAVE - ok
01:39:22.0259 4628 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:39:22.0261 4628 QWAVEdrv - ok
01:39:22.0283 4628 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:39:22.0284 4628 RasAcd - ok
01:39:22.0333 4628 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:39:22.0336 4628 RasAgileVpn - ok
01:39:22.0354 4628 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
01:39:22.0359 4628 RasAuto - ok
01:39:22.0408 4628 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:39:22.0411 4628 Rasl2tp - ok
01:39:22.0462 4628 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
01:39:22.0470 4628 RasMan - ok
01:39:22.0490 4628 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:39:22.0493 4628 RasPppoe - ok
01:39:22.0507 4628 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:39:22.0509 4628 RasSstp - ok
01:39:22.0560 4628 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:39:22.0566 4628 rdbss - ok
01:39:22.0643 4628 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:39:22.0645 4628 rdpbus - ok
01:39:22.0697 4628 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:39:22.0699 4628 RDPCDD - ok
01:39:22.0752 4628 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
01:39:22.0757 4628 RDPDR - ok
01:39:22.0814 4628 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:39:22.0816 4628 RDPENCDD - ok
01:39:22.0837 4628 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:39:22.0839 4628 RDPREFMP - ok
01:39:22.0881 4628 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:39:22.0887 4628 RDPWD - ok
01:39:22.0958 4628 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:39:22.0963 4628 rdyboost - ok
01:39:23.0012 4628 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
01:39:23.0016 4628 RemoteAccess - ok
01:39:23.0069 4628 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:39:23.0074 4628 RemoteRegistry - ok
01:39:23.0105 4628 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:39:23.0109 4628 RpcEptMapper - ok
01:39:23.0161 4628 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
01:39:23.0165 4628 RpcLocator - ok
01:39:23.0199 4628 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
01:39:23.0203 4628 RpcSs - ok
01:39:23.0247 4628 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:39:23.0250 4628 rspndr - ok
01:39:23.0362 4628 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
01:39:23.0364 4628 s3cap - ok
01:39:23.0390 4628 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
01:39:23.0392 4628 SamSs - ok
01:39:23.0432 4628 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:39:23.0435 4628 sbp2port - ok
01:39:23.0484 4628 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:39:23.0490 4628 SCardSvr - ok
01:39:23.0504 4628 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:39:23.0506 4628 scfilter - ok
01:39:23.0576 4628 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
01:39:23.0593 4628 Schedule - ok
01:39:23.0608 4628 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:39:23.0609 4628 SCPolicySvc - ok
01:39:23.0655 4628 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:39:23.0661 4628 SDRSVC - ok
01:39:23.0710 4628 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:39:23.0712 4628 secdrv - ok
01:39:23.0747 4628 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
01:39:23.0751 4628 seclogon - ok
01:39:23.0772 4628 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
01:39:23.0776 4628 SENS - ok
01:39:23.0822 4628 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:39:23.0826 4628 SensrSvc - ok
01:39:23.0849 4628 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:39:23.0850 4628 Serenum - ok
01:39:23.0881 4628 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:39:23.0884 4628 Serial - ok
01:39:23.0906 4628 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:39:23.0908 4628 sermouse - ok
01:39:23.0965 4628 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
01:39:23.0970 4628 SessionEnv - ok
01:39:24.0031 4628 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
01:39:24.0033 4628 SFEP - ok
01:39:24.0087 4628 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:39:24.0089 4628 sffdisk - ok
01:39:24.0112 4628 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:39:24.0114 4628 sffp_mmc - ok
01:39:24.0128 4628 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:39:24.0130 4628 sffp_sd - ok
01:39:24.0173 4628 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:39:24.0175 4628 sfloppy - ok
01:39:24.0224 4628 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:39:24.0232 4628 SharedAccess - ok
01:39:24.0275 4628 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:39:24.0284 4628 ShellHWDetection - ok
01:39:24.0317 4628 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
01:39:24.0320 4628 sisagp - ok
01:39:24.0362 4628 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:39:24.0365 4628 SiSRaid2 - ok
01:39:24.0390 4628 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:39:24.0393 4628 SiSRaid4 - ok
01:39:24.0427 4628 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:39:24.0430 4628 Smb - ok
01:39:24.0502 4628 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:39:24.0505 4628 SNMPTRAP - ok
01:39:24.0551 4628 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
01:39:24.0553 4628 spldr - ok
01:39:24.0605 4628 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
01:39:24.0614 4628 Spooler - ok
01:39:24.0742 4628 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
01:39:24.0768 4628 sppsvc - ok
01:39:24.0817 4628 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:39:24.0821 4628 sppuinotify - ok
01:39:24.0879 4628 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:39:24.0887 4628 srv - ok
01:39:24.0906 4628 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:39:24.0913 4628 srv2 - ok
01:39:24.0968 4628 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
01:39:24.0973 4628 SrvHsfHDA - ok
01:39:25.0030 4628 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
01:39:25.0050 4628 SrvHsfV92 - ok
01:39:25.0095 4628 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
01:39:25.0109 4628 SrvHsfWinac - ok
01:39:25.0159 4628 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:39:25.0162 4628 srvnet - ok
01:39:25.0208 4628 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:39:25.0214 4628 SSDPSRV - ok
01:39:25.0231 4628 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:39:25.0236 4628 SstpSvc - ok
01:39:25.0300 4628 Steam Client Service - ok
01:39:25.0343 4628 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:39:25.0345 4628 stexstor - ok
01:39:25.0404 4628 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
01:39:25.0416 4628 StiSvc - ok
01:39:25.0458 4628 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
01:39:25.0460 4628 storflt - ok
01:39:25.0512 4628 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
01:39:25.0516 4628 StorSvc - ok
01:39:25.0554 4628 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
01:39:25.0556 4628 storvsc - ok
01:39:25.0582 4628 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
01:39:25.0584 4628 swenum - ok
01:39:25.0634 4628 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
01:39:25.0643 4628 swprv - ok
01:39:25.0716 4628 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
01:39:25.0741 4628 SysMain - ok
01:39:25.0791 4628 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:39:25.0795 4628 TabletInputService - ok
01:39:25.0847 4628 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
01:39:25.0854 4628 TapiSrv - ok
01:39:25.0895 4628 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
01:39:25.0900 4628 TBS - ok
01:39:25.0987 4628 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:39:26.0013 4628 Tcpip - ok
01:39:26.0054 4628 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:39:26.0063 4628 TCPIP6 - ok
01:39:26.0117 4628 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:39:26.0119 4628 tcpipreg - ok
01:39:26.0163 4628 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:39:26.0165 4628 TDPIPE - ok
01:39:26.0180 4628 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:39:26.0182 4628 TDTCP - ok
01:39:26.0227 4628 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:39:26.0230 4628 tdx - ok
01:39:26.0249 4628 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:39:26.0252 4628 TermDD - ok
01:39:26.0310 4628 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
01:39:26.0323 4628 TermService - ok
01:39:26.0377 4628 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
01:39:26.0380 4628 Themes - ok
01:39:26.0401 4628 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
01:39:26.0403 4628 THREADORDER - ok
01:39:26.0441 4628 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
01:39:26.0446 4628 TrkWks - ok
01:39:26.0528 4628 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:39:26.0534 4628 TrustedInstaller - ok
01:39:26.0557 4628 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:39:26.0559 4628 tssecsrv - ok
01:39:26.0614 4628 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:39:26.0617 4628 TsUsbFlt - ok
01:39:26.0673 4628 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:39:26.0677 4628 tunnel - ok
01:39:26.0719 4628 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:39:26.0722 4628 uagp35 - ok
01:39:26.0783 4628 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:39:26.0790 4628 udfs - ok
01:39:26.0835 4628 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:39:26.0840 4628 UI0Detect - ok
01:39:26.0896 4628 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:39:26.0899 4628 uliagpkx - ok
01:39:26.0927 4628 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
01:39:26.0929 4628 umbus - ok
01:39:26.0949 4628 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:39:26.0951 4628 UmPass - ok
01:39:27.0090 4628 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
01:39:27.0134 4628 UmRdpService - ok
01:39:27.0398 4628 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
01:39:27.0414 4628 UnlockerDriver5 - ok
01:39:27.0487 4628 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
01:39:27.0494 4628 upnphost - ok
01:39:27.0547 4628 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
01:39:27.0550 4628 USBAAPL - ok
01:39:27.0595 4628 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:39:27.0598 4628 usbccgp - ok
01:39:27.0637 4628 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:39:27.0640 4628 usbcir - ok
01:39:27.0658 4628 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:39:27.0661 4628 usbehci - ok
01:39:27.0710 4628 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:39:27.0716 4628 usbhub - ok
01:39:27.0740 4628 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:39:27.0742 4628 usbohci - ok
01:39:27.0787 4628 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:39:27.0790 4628 usbprint - ok
01:39:27.0848 4628 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:39:27.0851 4628 usbscan - ok
01:39:27.0877 4628 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
01:39:27.0880 4628 USBSTOR - ok
01:39:27.0934 4628 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:39:27.0936 4628 usbuhci - ok
01:39:27.0993 4628 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
01:39:27.0997 4628 usbvideo - ok
01:39:28.0055 4628 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
01:39:28.0057 4628 usb_rndisx - ok
01:39:28.0098 4628 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
01:39:28.0102 4628 UxSms - ok
01:39:28.0119 4628 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
01:39:28.0120 4628 VaultSvc - ok
01:39:28.0162 4628 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:39:28.0165 4628 vdrvroot - ok
01:39:28.0228 4628 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
01:39:28.0240 4628 vds - ok
01:39:28.0276 4628 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:39:28.0278 4628 vga - ok
01:39:28.0303 4628 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
01:39:28.0305 4628 VgaSave - ok
01:39:28.0358 4628 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:39:28.0362 4628 vhdmp - ok
01:39:28.0434 4628 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
01:39:28.0437 4628 viaagp - ok
01:39:28.0450 4628 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
01:39:28.0452 4628 ViaC7 - ok
01:39:28.0492 4628 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
01:39:28.0494 4628 viaide - ok
01:39:28.0523 4628 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
01:39:28.0528 4628 vmbus - ok
01:39:28.0543 4628 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
01:39:28.0545 4628 VMBusHID - ok
01:39:28.0561 4628 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:39:28.0564 4628 volmgr - ok
01:39:28.0614 4628 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:39:28.0621 4628 volmgrx - ok
01:39:28.0681 4628 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:39:28.0687 4628 volsnap - ok
01:39:28.0722 4628 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:39:28.0726 4628 vsmraid - ok
01:39:28.0811 4628 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
01:39:28.0821 4628 VSS - ok
01:39:28.0837 4628 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:39:28.0839 4628 vwifibus - ok
01:39:28.0910 4628 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
01:39:28.0919 4628 W32Time - ok
01:39:28.0973 4628 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:39:28.0975 4628 WacomPen - ok
01:39:29.0043 4628 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:39:29.0046 4628 WANARP - ok
01:39:29.0051 4628 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:39:29.0053 4628 Wanarpv6 - ok
01:39:29.0146 4628 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:39:29.0173 4628 WatAdminSvc - ok
01:39:29.0263 4628 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
01:39:29.0274 4628 wbengine - ok
01:39:29.0317 4628 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:39:29.0321 4628 WbioSrvc - ok
01:39:29.0382 4628 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:39:29.0387 4628 wcncsvc - ok
01:39:29.0405 4628 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:39:29.0408 4628 WcsPlugInService - ok
01:39:29.0452 4628 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:39:29.0454 4628 Wd - ok
01:39:29.0495 4628 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
01:39:29.0497 4628 WDC_SAM - ok
01:39:29.0531 4628 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:39:29.0540 4628 Wdf01000 - ok
01:39:29.0597 4628 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:39:29.0600 4628 WdiServiceHost - ok
01:39:29.0606 4628 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:39:29.0609 4628 WdiSystemHost - ok
01:39:29.0664 4628 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
01:39:29.0668 4628 WebClient - ok
01:39:29.0689 4628 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:39:29.0696 4628 Wecsvc - ok
01:39:29.0712 4628 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:39:29.0716 4628 wercplsupport - ok
01:39:29.0739 4628 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
01:39:29.0744 4628 WerSvc - ok
01:39:29.0789 4628 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:39:29.0791 4628 WfpLwf - ok
01:39:29.0817 4628 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:39:29.0819 4628 WIMMount - ok
01:39:29.0920 4628 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
01:39:29.0934 4628 WinDefend - ok
01:39:29.0942 4628 WinHttpAutoProxySvc - ok
01:39:30.0039 4628 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:39:30.0044 4628 Winmgmt - ok
01:39:30.0119 4628 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
01:39:30.0145 4628 WinRM - ok
01:39:30.0236 4628 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:39:30.0255 4628 Wlansvc - ok
01:39:30.0303 4628 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:39:30.0305 4628 WmiAcpi - ok
01:39:30.0365 4628 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:39:30.0369 4628 wmiApSrv - ok
01:39:30.0516 4628 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
01:39:30.0538 4628 WMPNetworkSvc - ok
01:39:30.0590 4628 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:39:30.0594 4628 WPCSvc - ok
01:39:30.0631 4628 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:39:30.0636 4628 WPDBusEnum - ok
01:39:30.0723 4628 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:39:30.0725 4628 ws2ifsl - ok
01:39:30.0747 4628 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
01:39:30.0750 4628 wscsvc - ok
01:39:30.0756 4628 WSearch - ok
01:39:30.0865 4628 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
01:39:30.0881 4628 wuauserv - ok
01:39:30.0930 4628 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:39:30.0933 4628 WudfPf - ok
01:39:30.0967 4628 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:39:30.0971 4628 WUDFRd - ok
01:39:31.0016 4628 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:39:31.0021 4628 wudfsvc - ok
01:39:31.0077 4628 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
01:39:31.0097 4628 WwanSvc - ok
01:39:31.0162 4628 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
01:39:31.0169 4628 yukonw7 - ok
01:39:31.0201 4628 ================ Scan global ===============================
01:39:31.0236 4628 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
01:39:31.0297 4628 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
01:39:31.0309 4628 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
01:39:31.0347 4628 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
01:39:31.0404 4628 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
01:39:31.0411 4628 [Global] - ok
01:39:31.0412 4628 ================ Scan MBR ==================================
01:39:31.0423 4628 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:39:33.0039 4628 \Device\Harddisk0\DR0 - ok
01:39:33.0044 4628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
01:39:33.0151 4628 \Device\Harddisk1\DR1 - ok
01:39:33.0152 4628 ================ Scan VBR ==================================
01:39:33.0189 4628 [ 14DBA9338C3DC438657DBFBCEA29A87F ] \Device\Harddisk0\DR0\Partition1
01:39:33.0192 4628 \Device\Harddisk0\DR0\Partition1 - ok
01:39:33.0196 4628 [ EE3DC49BBC7BDFB67117D318E9B51AA1 ] \Device\Harddisk1\DR1\Partition1
01:39:33.0199 4628 \Device\Harddisk1\DR1\Partition1 - ok
01:39:33.0199 4628 ============================================================
01:39:33.0199 4628 Scan finished
01:39:33.0199 4628 ============================================================
01:39:33.0216 5064 Detected object count: 0
01:39:33.0216 5064 Actual detected object count: 0
01:41:35.0501 6136 Deinitialize success

aswMBR

0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 02:08:50
-----------------------------
02:08:50.330 OS Version: Windows 6.1.7601 Service Pack 1
02:08:50.330 Number of processors: 2 586 0xF0D
02:08:50.330 ComputerName: ERIN-PC UserName: Erin
02:08:52.000 Initialize success
02:09:05.572 AVAST engine defs: 12111201
02:09:08.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
02:09:08.052 Disk 0 Vendor: TOSHIBA_MK2035GSS DK022A Size: 190782MB BusType: 11
02:09:08.099 Disk 0 MBR read successfully
02:09:08.099 Disk 0 MBR scan
02:09:08.130 Disk 0 Windows 7 default MBR code
02:09:08.146 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7160 MB offset 2048
02:09:08.161 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 183620 MB offset 14665728
02:09:08.177 Disk 0 scanning sectors +390719920
02:09:08.255 Disk 0 scanning C:\Windows\system32\drivers
02:09:21.921 Service scanning
02:09:51.717 Modules scanning
02:10:00.484 Disk 0 trace - called modules:
02:10:00.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
02:10:01.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a68a30]
02:10:01.045 3 CLASSPNP.SYS[87fc559e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84970908]
02:10:02.746 AVAST engine scan C:\Windows
02:10:05.523 AVAST engine scan C:\Windows\system32
02:13:36.388 AVAST engine scan C:\Windows\system32\drivers
02:14:00.038 AVAST engine scan C:\Users\Erin
02:37:25.195 AVAST engine scan C:\ProgramData
02:38:02.869 Scan finished successfully
02:40:39.477 Disk 0 MBR has been saved successfully to "C:\Users\Erin\Desktop\MBR.dat"
02:40:39.477 The log file has been saved successfully to "C:\Users\Erin\Desktop\aswMBR.txt"


ESET

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\IE\6.5\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Default\aadegbgdgcdhgedgdadaggdcdedadbge\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Erin\AppData\Local\Temp\ICReinstall\cnet2_Unlocker1_9_1_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Erin\AppData\Local\Temp\is1598539481\482275476_Setup.DAT a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Erin\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats cleaned by deleting - quarantined
C:\Windows\Installer\MSIE9B8.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\YouTube Downloader\ytd_installer.exe probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows.old\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows.old\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows.old\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 13 November 2012 - 09:11 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 MartinMiggs

MartinMiggs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 14 November 2012 - 02:33 AM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.12.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Erin :: ERIN-PC [administrator]

Protection: Enabled

11/13/2012 12:11:48 PM
mbam-log-2012-11-13 (12-11-48).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 441841
Time elapsed: 4 hour(s), 3 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Erin (administrator) on 13-11-2012 at 21:48:33
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Erin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : neo.rr.com

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-12-72-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : neo.rr.com
Description . . . . . . . . . . . : Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-13-A9-BF-E0-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9565:ea4e:fd86:4d82%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 13, 2012 11:49:50 AM
Lease Expires . . . . . . . . . . : Wednesday, November 14, 2012 11:49:50 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886057
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A5-40-C9-00-13-A9-BF-E0-6D
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.neo.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : neo.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2426:139f:47c4:4190(Preferred)
Link-local IPv6 Address . . . . . : fe80::2426:139f:47c4:4190%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{3E3195CC-06DE-4912-B5B3-DCF34BA7C1EF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4009:802::1006
74.125.225.133
74.125.225.134
74.125.225.135
74.125.225.136
74.125.225.137
74.125.225.142
74.125.225.128
74.125.225.129
74.125.225.130
74.125.225.131
74.125.225.132


Pinging google.com [74.125.225.65] with 32 bytes of data:
Reply from 74.125.225.65: bytes=32 time=40ms TTL=55
Reply from 74.125.225.65: bytes=32 time=42ms TTL=55

Ping statistics for 74.125.225.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 42ms, Average = 41ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=99ms TTL=50
Reply from 98.139.183.24: bytes=32 time=136ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 99ms, Maximum = 136ms, Average = 117ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=12ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 12ms, Average = 7ms
===========================================================================
Interface List
13...00 13 e8 12 72 e7 ......Intel® Wireless WiFi Link 4965AGN
10...00 13 a9 bf e0 6d ......Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:2426:139f:47c4:4190/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2426:139f:47c4:4190/128
On-link
10 276 fe80::9565:ea4e:fd86:4d82/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/12/2012 01:28:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28813

Error: (11/12/2012 01:28:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28813

Error: (11/12/2012 01:28:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 01:28:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27799

Error: (11/12/2012 01:28:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27799

Error: (11/12/2012 01:28:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 01:28:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26801

Error: (11/12/2012 01:28:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26801

Error: (11/12/2012 01:28:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 01:28:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25802


System errors:
=============
Error: (11/13/2012 09:00:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 09:00:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 09:00:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 08:55:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 08:55:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 08:55:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 08:53:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 08:53:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 08:53:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/13/2012 08:48:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-11-13 16:04:47.517
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 16:04:47.450
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 16:04:47.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 16:04:47.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 16:04:47.210
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 16:04:47.144
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 15:54:12.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 15:54:12.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 15:54:12.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-13 15:54:12.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
Bonjour (Version: 3.0.0.10)
ConvertHelper 2.2
DVDVideoSoftTB Toolbar (Version: 6.8.5.1)
EPSON NX410 Series Printer Uninstall
EPSON Scan
ESET Online Scanner v3
Free YouTube to iPod Converter version 3.10.32.918 (Version: 3.10.32.918)
Google Chrome (Version: 23.0.1271.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Guild Wars 2
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iTunes (Version: 10.6.1.7)
IZArc 4.1.6 (Version: 4.1.6)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
PESTERCHUM
QuickTime (Version: 7.72.80.56)
Skype™ 5.5 (Version: 5.5.124)
Steam (Version: 1.0.0.0)
TeamSpeak 3 Client
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
uTorrentControl2 Toolbar (Version: 6.8.11.4)
VLC media player 1.1.11 (Version: 1.1.11)
YTD Toolbar v6.5 (Version: 6.5)
YTD Video Downloader 3.9

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 2038.43 MB
Available physical RAM: 993.6 MB
Total Pagefile: 4076.86 MB
Available Pagefile: 2555.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:179.32 GB) (Free:99.18 GB) NTFS
2 Drive d: (PsykTrek 3.0) (CDROM) (Total:0.35 GB) (Free:0 GB) CDFS
3 Drive e: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
4 Drive f: (My Book) (Fixed) (Total:930.86 GB) (Free:789.72 GB) NTFS

========================= Users: ========================================

User accounts for \\ERIN-PC

Administrator Erin Guest

========================= Restore Points ==================================

16-08-2012 07:00:21 Windows Update
29-08-2012 13:42:35 Scheduled Checkpoint
12-09-2012 17:48:46 Scheduled Checkpoint
13-09-2012 11:47:23 Windows Update
20-09-2012 12:28:20 Scheduled Checkpoint
23-09-2012 07:00:24 Windows Update
24-09-2012 14:12:49 Windows Update
27-09-2012 16:42:13 Windows Update
10-10-2012 09:14:10 Windows Update
17-10-2012 11:42:47 Scheduled Checkpoint
26-10-2012 05:43:24 Scheduled Checkpoint
03-11-2012 17:24:42 Scheduled Checkpoint
11-11-2012 19:07:38 Scheduled Checkpoint

**** End of log ****


Farbar Service Scanner Version: 09-11-2012
Ran by Erin (administrator) on 13-11-2012 at 21:51:33
Running from "C:\Users\Erin\Downloads"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-12 10:18] - [2012-08-22 12:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-09 17:37] - [2012-06-01 23:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 02:25:52
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Erin - ERIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Erin\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Erin\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\zzsdwdog.default\ConduitCommon
Folder Deleted : C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\zzsdwdog.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04617B4A-75B9-4A14-8354-40C81153F7B8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C90718A-33E9-41DF-A614-4CEB407E902D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{528D58EC-79BA-4630-B62D-1019D48D00A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CCD31DE-7B78-4B11-9D7F-57DF8E07566B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\uTorrentControl2

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\zzsdwdog.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3526 octets] - [14/11/2012 02:25:52]

########## EOF - C:\AdwCleaner[S1].txt - [3586 octets] ##########


Junkware Removal Tool (JRT) by Thisisu
Version: 3.0.9 (11.13.2012)
OS: Windows 7 Professional x86
Ran by Erin on Tue 11/13/2012 at 21:53:01.20
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] Application Updater
Successfully deleted: [Service] Application Updater



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f3fee66e-e034-436a-86e4-9690573bee8a}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{f3fee66e-e034-436a-86e4-9690573bee8a}



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\pricegong"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\search settings"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\smartbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\toolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] "hkey_local_machine\software\search settings"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{f3fee66e-e034-436a-86e4-9690573bee8a}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Erin\AppData\Roaming\dvdvideosoft"
Successfully deleted: [Folder] "C:\Users\Erin\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files\Common Files\dvdvideosoft"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"
Successfully deleted: [Folder] "C:\Users\Erin\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Erin\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Erin\appdata\locallow\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Users\Erin\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Erin\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\dvdvideosoft"
Successfully deleted: [Folder] "C:\Program Files\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Failed to delete: [Folder] C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\zzsdwdog.default\extensions\[email protected]
Failed to delete: [Folder] C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\zzsdwdog.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\zzsdwdog.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Successfully deleted: [Folder] C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\zzsdwdog.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Tracur] C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\zzsdwdog.default\extensions\[email protected]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/13/2012 at 21:56:31.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 14 November 2012 - 06:10 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Current issues?

#7 MartinMiggs

MartinMiggs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 14 November 2012 - 11:30 AM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/14/2012 11:21:03 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/14/2012 11:21:32 AM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\erin\appdata\local\google\update\googleupdate.exe"
+ "Skype" "Skype" "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "Steam" "Steam" "Valve Corporation" "c:\program files\steam\steam.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "IZArcCM" "" "" "c:\program files\izarc\izarccm.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "IZArcCM" "" "" "c:\program files\izarc\izarccm.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "IZArcCM" "" "" "c:\program files\izarc\izarccm.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "IZArcCM" "" "" "c:\program files\izarc\izarccm.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1696740302-2604297258-2227091898-1001Core" "Google Installer" "Google Inc." "c:\users\erin\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-1696740302-2604297258-2227091898-1001UA" "Google Installer" "Google Inc." "c:\users\erin\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "EPSON_EB_RPCV4_01" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\programdata\epson\epw!3 ssrp\e_s40st7.exe"
+ "EPSON_PM_RPCV4_01" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\programdata\epson\epw!3 ssrp\e_s40rp7.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files\common files\steam\steamservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "netw5v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v32.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SFEP" "Sony Firmware Extension Parser driver" "Sony Corporation" "c:\windows\system32\drivers\sfep.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x86.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON NX410 Series 32MonitorBA" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbfca.dll"


I went to some sites that were getting redirected regularly, but it isn't happening now, as far as I can tell. Also, I'm not seeing the strange pop-up anymore, and my Internet browsers are moving much faster!

Thank you so much for your help! :D

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 14 November 2012 - 01:00 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 MartinMiggs

MartinMiggs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 14 November 2012 - 05:09 PM

Thank you for all of your help, and for the reading material! Hopefully I can prevent this from happening again... >_>

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 14 November 2012 - 05:35 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users