Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing tr/atraps.gen2


  • Please log in to reply
23 replies to this topic

#1 star rice

star rice

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 22 July 2012 - 03:27 AM

I saw a very very similar problem to this for a computer running windows 7 on a google search that someone here helped with. The site looked great. My avira is freaking out every minute or so saying I have this virus, but it can't open up because I am assuming the Trojan is intervening.

The error I keep getting (when I try to open Avira and run a scan/remove this) is

C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\COMCTL32.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.


I didn't do any of those things because #1 I am not sure if I could uninstall avira if I tried (trojan wont let it open), I am the sytem admin, and avira wont be able to help me, or at least in the way I need.

I run 32 bit Vista. I am not sure what other information you may need other than that. Just ask and I'll tell.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:04 PM

Posted 22 July 2012 - 06:59 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 star rice

star rice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 22 July 2012 - 11:44 PM

1st one:

19:24:41.0836 5932 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:24:42.0328 5932 ============================================================
19:24:42.0328 5932 Current date / time: 2012/07/22 19:24:42.0328
19:24:42.0328 5932 SystemInfo:
19:24:42.0328 5932
19:24:42.0328 5932 OS Version: 6.0.6002 ServicePack: 2.0
19:24:42.0328 5932 Product type: Workstation
19:24:42.0328 5932 ComputerName: KIMBERLY-PC
19:24:42.0330 5932 UserName: Kimberly
19:24:42.0330 5932 Windows directory: C:\Windows
19:24:42.0330 5932 System windows directory: C:\Windows
19:24:42.0330 5932 Processor architecture: Intel x86
19:24:42.0330 5932 Number of processors: 1
19:24:42.0330 5932 Page size: 0x1000
19:24:42.0330 5932 Boot type: Normal boot
19:24:42.0330 5932 ============================================================
19:24:44.0159 5932 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:24:44.0162 5932 ============================================================
19:24:44.0162 5932 \Device\Harddisk0\DR0:
19:24:44.0162 5932 MBR partitions:
19:24:44.0162 5932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11560800
19:24:44.0162 5932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11561000, BlocksNum 0x14B7000
19:24:44.0162 5932 ============================================================
19:24:44.0181 5932 C: <-> \Device\Harddisk0\DR0\Partition0
19:24:44.0228 5932 D: <-> \Device\Harddisk0\DR0\Partition1
19:24:44.0229 5932 ============================================================
19:24:44.0229 5932 Initialize success
19:24:44.0229 5932 ============================================================
19:24:45.0622 4080 ============================================================
19:24:45.0622 4080 Scan started
19:24:45.0622 4080 Mode: Manual;
19:24:45.0622 4080 ============================================================
19:24:47.0259 4080 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:24:47.0260 4080 ACDaemon - ok
19:24:47.0406 4080 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:24:47.0411 4080 ACPI - ok
19:24:47.0540 4080 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:24:47.0542 4080 AdobeFlashPlayerUpdateSvc - ok
19:24:47.0602 4080 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:24:47.0621 4080 adp94xx - ok
19:24:47.0668 4080 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:24:47.0675 4080 adpahci - ok
19:24:47.0688 4080 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:24:47.0690 4080 adpu160m - ok
19:24:47.0706 4080 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:24:47.0710 4080 adpu320 - ok
19:24:47.0754 4080 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:24:47.0756 4080 AeLookupSvc - ok
19:24:47.0815 4080 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:24:47.0824 4080 AFD - ok
19:24:47.0871 4080 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:24:47.0873 4080 agp440 - ok
19:24:47.0897 4080 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:24:47.0901 4080 aic78xx - ok
19:24:47.0947 4080 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:24:47.0948 4080 ALG - ok
19:24:47.0969 4080 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
19:24:47.0971 4080 aliide - ok
19:24:48.0001 4080 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:24:48.0004 4080 amdagp - ok
19:24:48.0011 4080 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
19:24:48.0013 4080 amdide - ok
19:24:48.0038 4080 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:24:48.0040 4080 AmdK7 - ok
19:24:48.0070 4080 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:24:48.0072 4080 AmdK8 - ok
19:24:48.0313 4080 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:24:48.0315 4080 AntiVirSchedulerService - ok
19:24:48.0345 4080 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:24:48.0347 4080 AntiVirService - ok
19:24:48.0372 4080 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:24:48.0373 4080 Appinfo - ok
19:24:48.0476 4080 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:24:48.0477 4080 Apple Mobile Device - ok
19:24:48.0511 4080 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:24:48.0514 4080 arc - ok
19:24:48.0528 4080 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:24:48.0531 4080 arcsas - ok
19:24:48.0603 4080 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:24:48.0605 4080 aspnet_state - ok
19:24:48.0626 4080 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:24:48.0628 4080 AsyncMac - ok
19:24:48.0654 4080 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:24:48.0655 4080 atapi - ok
19:24:48.0800 4080 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
19:24:48.0862 4080 athr - ok
19:24:48.0920 4080 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:24:48.0936 4080 AudioEndpointBuilder - ok
19:24:48.0943 4080 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:24:48.0946 4080 Audiosrv - ok
19:24:49.0059 4080 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:24:49.0060 4080 avgntflt - ok
19:24:49.0098 4080 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:24:49.0099 4080 avipbb - ok
19:24:49.0140 4080 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
19:24:49.0142 4080 avkmgr - ok
19:24:49.0173 4080 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:24:49.0173 4080 Beep - ok
19:24:49.0225 4080 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:24:49.0234 4080 BFE - ok
19:24:49.0299 4080 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:24:49.0301 4080 blbdrive - ok
19:24:49.0472 4080 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:24:49.0492 4080 Bonjour Service - ok
19:24:49.0534 4080 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:24:49.0536 4080 bowser - ok
19:24:49.0556 4080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:24:49.0558 4080 BrFiltLo - ok
19:24:49.0587 4080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:24:49.0588 4080 BrFiltUp - ok
19:24:49.0626 4080 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:24:49.0627 4080 Browser - ok
19:24:49.0793 4080 Browser Defender Update Service (a2e9bde9fc118ae3a4df2c5a7fd6cbcb) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
19:24:49.0800 4080 Browser Defender Update Service - ok
19:24:49.0854 4080 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:24:49.0860 4080 Brserid - ok
19:24:49.0884 4080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:24:49.0887 4080 BrSerWdm - ok
19:24:49.0907 4080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:24:49.0909 4080 BrUsbMdm - ok
19:24:49.0927 4080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:24:49.0929 4080 BrUsbSer - ok
19:24:49.0955 4080 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:24:49.0957 4080 BTHMODEM - ok
19:24:49.0996 4080 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:24:49.0999 4080 cdfs - ok
19:24:50.0029 4080 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:24:50.0032 4080 cdrom - ok
19:24:50.0079 4080 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:24:50.0081 4080 CertPropSvc - ok
19:24:50.0114 4080 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:24:50.0116 4080 circlass - ok
19:24:50.0153 4080 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:24:50.0166 4080 CLFS - ok
19:24:50.0245 4080 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:24:50.0248 4080 clr_optimization_v2.0.50727_32 - ok
19:24:50.0341 4080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:24:50.0353 4080 clr_optimization_v4.0.30319_32 - ok
19:24:50.0376 4080 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:24:50.0378 4080 CmBatt - ok
19:24:50.0390 4080 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
19:24:50.0391 4080 cmdide - ok
19:24:50.0429 4080 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
19:24:50.0441 4080 CnxtHdAudService - ok
19:24:50.0524 4080 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:24:50.0535 4080 Com4QLBEx - ok
19:24:50.0559 4080 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:24:50.0561 4080 Compbatt - ok
19:24:50.0568 4080 COMSysApp - ok
19:24:50.0581 4080 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:24:50.0583 4080 crcdisk - ok
19:24:50.0641 4080 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:24:50.0643 4080 Crusoe - ok
19:24:50.0705 4080 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:24:50.0717 4080 CryptSvc - ok
19:24:50.0809 4080 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:24:50.0821 4080 DcomLaunch - ok
19:24:50.0877 4080 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:24:50.0880 4080 DfsC - ok
19:24:51.0133 4080 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:24:51.0191 4080 DFSR - ok
19:24:51.0307 4080 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:24:51.0317 4080 Dhcp - ok
19:24:51.0355 4080 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:24:51.0357 4080 disk - ok
19:24:51.0400 4080 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:24:51.0403 4080 Dnscache - ok
19:24:51.0448 4080 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:24:51.0450 4080 dot3svc - ok
19:24:51.0542 4080 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
19:24:51.0546 4080 Dot4 - ok
19:24:51.0587 4080 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:24:51.0590 4080 Dot4Print - ok
19:24:51.0635 4080 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
19:24:51.0637 4080 dot4usb - ok
19:24:51.0662 4080 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:24:51.0666 4080 DPS - ok
19:24:51.0698 4080 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:24:51.0699 4080 drmkaud - ok
19:24:51.0781 4080 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:24:51.0833 4080 DXGKrnl - ok
19:24:51.0861 4080 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:24:51.0864 4080 E1G60 - ok
19:24:51.0884 4080 EagleNT - ok
19:24:51.0918 4080 EagleXNt - ok
19:24:51.0953 4080 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:24:51.0956 4080 EapHost - ok
19:24:51.0991 4080 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:24:52.0005 4080 Ecache - ok
19:24:52.0056 4080 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:24:52.0064 4080 elxstor - ok
19:24:52.0151 4080 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:24:52.0174 4080 EMDMgmt - ok
19:24:52.0198 4080 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:24:52.0199 4080 ErrDev - ok
19:24:52.0281 4080 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:24:52.0298 4080 EventSystem - ok
19:24:52.0350 4080 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:24:52.0355 4080 exfat - ok
19:24:52.0408 4080 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:24:52.0419 4080 fastfat - ok
19:24:52.0448 4080 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:24:52.0450 4080 fdc - ok
19:24:52.0472 4080 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:24:52.0474 4080 fdPHost - ok
19:24:52.0488 4080 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:24:52.0490 4080 FDResPub - ok
19:24:52.0512 4080 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:24:52.0515 4080 FileInfo - ok
19:24:52.0557 4080 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:24:52.0559 4080 Filetrace - ok
19:24:52.0586 4080 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:24:52.0588 4080 flpydisk - ok
19:24:52.0622 4080 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:24:52.0627 4080 FltMgr - ok
19:24:52.0754 4080 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:24:52.0784 4080 FontCache - ok
19:24:52.0858 4080 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:24:52.0859 4080 FontCache3.0.0.0 - ok
19:24:52.0898 4080 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:24:52.0900 4080 Fs_Rec - ok
19:24:52.0937 4080 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:24:52.0939 4080 gagp30kx - ok
19:24:53.0023 4080 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
19:24:53.0036 4080 GameConsoleService - ok
19:24:53.0055 4080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:24:53.0056 4080 GEARAspiWDM - ok
19:24:53.0131 4080 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:24:53.0146 4080 gpsvc - ok
19:24:53.0281 4080 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:24:53.0283 4080 gupdate - ok
19:24:53.0307 4080 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:24:53.0308 4080 gupdatem - ok
19:24:53.0371 4080 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:24:53.0373 4080 gusvc - ok
19:24:53.0428 4080 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:24:53.0441 4080 HdAudAddService - ok
19:24:53.0506 4080 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:24:53.0521 4080 HDAudBus - ok
19:24:53.0569 4080 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:24:53.0571 4080 HidBth - ok
19:24:53.0600 4080 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:24:53.0601 4080 HidIr - ok
19:24:53.0658 4080 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:24:53.0660 4080 hidserv - ok
19:24:53.0685 4080 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:24:53.0686 4080 HidUsb - ok
19:24:53.0708 4080 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:24:53.0711 4080 hkmsvc - ok
19:24:53.0766 4080 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
19:24:53.0768 4080 HP Health Check Service - ok
19:24:53.0787 4080 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:24:53.0789 4080 HpCISSs - ok
19:24:53.0810 4080 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:24:53.0812 4080 HpqKbFiltr - ok
19:24:53.0848 4080 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:24:53.0863 4080 hpqwmiex - ok
19:24:54.0052 4080 HPSLPSVC (9d23402d305869844bc6004a05cc74ba) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
19:24:54.0072 4080 HPSLPSVC - ok
19:24:54.0205 4080 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:24:54.0238 4080 HSF_DPV - ok
19:24:54.0286 4080 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:24:54.0304 4080 HSXHWAZL - ok
19:24:54.0369 4080 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
19:24:54.0378 4080 HTTP - ok
19:24:54.0436 4080 HWSuperPowerTablet (2a0e04f22f47dc548430e06ea6bed882) C:\Windows\jwpen.exe
19:24:54.0438 4080 HWSuperPowerTablet - ok
19:24:54.0488 4080 HYRDBios (f6d44b8eec6cf1ebd71a72ef1d86b44f) C:\Windows\system32\DRIVERS\HYRDBios.sys
19:24:54.0489 4080 HYRDBios - ok
19:24:54.0513 4080 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:24:54.0515 4080 i2omp - ok
19:24:54.0559 4080 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:24:54.0563 4080 i8042prt - ok
19:24:54.0597 4080 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:24:54.0605 4080 iaStorV - ok
19:24:54.0750 4080 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:24:54.0753 4080 IDriverT - ok
19:24:54.0875 4080 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:24:54.0895 4080 idsvc - ok
19:24:54.0928 4080 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:24:54.0930 4080 iirsp - ok
19:24:54.0991 4080 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:24:55.0011 4080 IKEEXT - ok
19:24:55.0082 4080 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
19:24:55.0084 4080 intelide - ok
19:24:55.0105 4080 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:24:55.0106 4080 intelppm - ok
19:24:55.0137 4080 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:24:55.0140 4080 IPBusEnum - ok
19:24:55.0171 4080 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:24:55.0174 4080 IpFilterDriver - ok
19:24:55.0192 4080 IpInIp - ok
19:24:55.0222 4080 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:24:55.0224 4080 IPMIDRV - ok
19:24:55.0254 4080 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:24:55.0257 4080 IPNAT - ok
19:24:55.0408 4080 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
19:24:55.0434 4080 iPod Service - ok
19:24:55.0461 4080 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:24:55.0463 4080 IRENUM - ok
19:24:55.0486 4080 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:24:55.0488 4080 isapnp - ok
19:24:55.0538 4080 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:24:55.0551 4080 iScsiPrt - ok
19:24:55.0561 4080 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:24:55.0564 4080 iteatapi - ok
19:24:55.0575 4080 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:24:55.0577 4080 iteraid - ok
19:24:55.0598 4080 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:24:55.0600 4080 kbdclass - ok
19:24:55.0643 4080 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:24:55.0645 4080 kbdhid - ok
19:24:55.0695 4080 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:24:55.0697 4080 KeyIso - ok
19:24:55.0787 4080 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
19:24:55.0802 4080 KSecDD - ok
19:24:55.0870 4080 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:24:55.0889 4080 KtmRm - ok
19:24:55.0942 4080 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:24:55.0959 4080 LanmanServer - ok
19:24:56.0002 4080 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:24:56.0016 4080 LanmanWorkstation - ok
19:24:56.0042 4080 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:24:56.0046 4080 lltdio - ok
19:24:56.0082 4080 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:24:56.0095 4080 lltdsvc - ok
19:24:56.0114 4080 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:24:56.0117 4080 lmhosts - ok
19:24:56.0149 4080 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:24:56.0152 4080 LSI_FC - ok
19:24:56.0180 4080 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:24:56.0183 4080 LSI_SAS - ok
19:24:56.0197 4080 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:24:56.0200 4080 LSI_SCSI - ok
19:24:56.0213 4080 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:24:56.0215 4080 luafv - ok
19:24:56.0264 4080 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
19:24:56.0276 4080 LVRS - ok
19:24:56.0558 4080 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
19:24:56.0694 4080 LVUVC - ok
19:24:57.0000 4080 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:24:57.0002 4080 mdmxsdk - ok
19:24:57.0036 4080 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:24:57.0038 4080 megasas - ok
19:24:57.0104 4080 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:24:57.0123 4080 MegaSR - ok
19:24:57.0188 4080 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:24:57.0190 4080 MMCSS - ok
19:24:57.0212 4080 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:24:57.0214 4080 Modem - ok
19:24:57.0234 4080 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:24:57.0236 4080 monitor - ok
19:24:57.0254 4080 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:24:57.0256 4080 mouclass - ok
19:24:57.0275 4080 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:24:57.0277 4080 mouhid - ok
19:24:57.0298 4080 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:24:57.0302 4080 MountMgr - ok
19:24:57.0465 4080 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:24:57.0468 4080 MozillaMaintenance - ok
19:24:57.0505 4080 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:24:57.0509 4080 mpio - ok
19:24:57.0542 4080 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:24:57.0545 4080 mpsdrv - ok
19:24:57.0554 4080 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:24:57.0556 4080 Mraid35x - ok
19:24:57.0605 4080 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:24:57.0609 4080 MRxDAV - ok
19:24:57.0655 4080 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:24:57.0658 4080 mrxsmb - ok
19:24:57.0717 4080 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:24:57.0722 4080 mrxsmb10 - ok
19:24:57.0773 4080 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:24:57.0775 4080 mrxsmb20 - ok
19:24:57.0787 4080 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
19:24:57.0789 4080 msahci - ok
19:24:57.0804 4080 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:24:57.0808 4080 msdsm - ok
19:24:57.0848 4080 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:24:57.0851 4080 MSDTC - ok
19:24:57.0888 4080 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:24:57.0890 4080 Msfs - ok
19:24:57.0907 4080 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:24:57.0909 4080 msisadrv - ok
19:24:57.0941 4080 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:24:57.0956 4080 MSiSCSI - ok
19:24:57.0964 4080 msiserver - ok
19:24:57.0990 4080 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:24:57.0992 4080 MSKSSRV - ok
19:24:58.0019 4080 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:24:58.0021 4080 MSPCLOCK - ok
19:24:58.0044 4080 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:24:58.0048 4080 MSPQM - ok
19:24:58.0102 4080 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:24:58.0106 4080 MsRPC - ok
19:24:58.0127 4080 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:24:58.0129 4080 mssmbios - ok
19:24:58.0157 4080 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:24:58.0159 4080 MSTEE - ok
19:24:58.0246 4080 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:24:58.0249 4080 Mup - ok
19:24:58.0294 4080 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:24:58.0304 4080 napagent - ok
19:24:58.0341 4080 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:24:58.0356 4080 NativeWifiP - ok
19:24:58.0469 4080 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:24:58.0491 4080 NDIS - ok
19:24:58.0508 4080 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:24:58.0512 4080 NdisTapi - ok
19:24:58.0528 4080 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:24:58.0529 4080 Ndisuio - ok
19:24:58.0571 4080 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:24:58.0584 4080 NdisWan - ok
19:24:58.0604 4080 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:24:58.0607 4080 NDProxy - ok
19:24:58.0635 4080 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
19:24:58.0638 4080 Net Driver HPZ12 - ok
19:24:58.0650 4080 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:24:58.0652 4080 NetBIOS - ok
19:24:58.0701 4080 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:24:58.0734 4080 netbt - ok
19:24:58.0819 4080 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:24:58.0821 4080 Netlogon - ok
19:24:58.0945 4080 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:24:58.0953 4080 Netman - ok
19:24:59.0002 4080 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:24:59.0008 4080 netprofm - ok
19:24:59.0085 4080 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:24:59.0098 4080 NetTcpPortSharing - ok
19:24:59.0287 4080 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
19:24:59.0348 4080 NETw3v32 - ok
19:24:59.0441 4080 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:24:59.0445 4080 nfrd960 - ok
19:24:59.0502 4080 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:24:59.0516 4080 NlaSvc - ok
19:24:59.0538 4080 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:24:59.0542 4080 Npfs - ok
19:24:59.0551 4080 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:24:59.0554 4080 nsi - ok
19:24:59.0566 4080 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:24:59.0568 4080 nsiproxy - ok
19:24:59.0674 4080 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:24:59.0714 4080 Ntfs - ok
19:24:59.0750 4080 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:24:59.0753 4080 ntrigdigi - ok
19:24:59.0812 4080 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:24:59.0814 4080 NuidFltr - ok
19:24:59.0858 4080 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:24:59.0860 4080 Null - ok
19:25:00.0014 4080 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:25:00.0043 4080 NVENETFD - ok
19:25:00.0080 4080 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
19:25:00.0083 4080 NVHDA - ok
19:25:00.0656 4080 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:25:00.0898 4080 nvlddmkm - ok
19:25:01.0020 4080 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:25:01.0024 4080 nvraid - ok
19:25:01.0076 4080 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
19:25:01.0078 4080 nvsmu - ok
19:25:01.0134 4080 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:25:01.0137 4080 nvstor - ok
19:25:01.0180 4080 nvsvc (a91e66d964e5beb4792ec8bac8ed926a) C:\Windows\system32\nvvsvc.exe
19:25:01.0191 4080 nvsvc - ok
19:25:01.0243 4080 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:25:01.0247 4080 nv_agp - ok
19:25:01.0260 4080 NwlnkFlt - ok
19:25:01.0273 4080 NwlnkFwd - ok
19:25:01.0392 4080 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:25:01.0408 4080 odserv - ok
19:25:01.0462 4080 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
19:25:01.0465 4080 ohci1394 - ok
19:25:01.0509 4080 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:01.0526 4080 ose - ok
19:25:01.0619 4080 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:25:01.0640 4080 p2pimsvc - ok
19:25:01.0658 4080 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:25:01.0666 4080 p2psvc - ok
19:25:01.0856 4080 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:25:01.0858 4080 Parport - ok
19:25:01.0926 4080 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:25:01.0928 4080 partmgr - ok
19:25:01.0952 4080 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:25:01.0954 4080 Parvdm - ok
19:25:01.0981 4080 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:25:01.0985 4080 PcaSvc - ok
19:25:02.0055 4080 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:25:02.0064 4080 pci - ok
19:25:02.0114 4080 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:25:02.0120 4080 pciide - ok
19:25:02.0157 4080 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:25:02.0167 4080 pcmcia - ok
19:25:02.0222 4080 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
19:25:02.0230 4080 PCTBD - ok
19:25:02.0305 4080 PCTCore (3a1efee38dcc8db0b0ee8bb98edd950d) C:\Windows\system32\drivers\PCTCore.sys
19:25:02.0312 4080 PCTCore - ok
19:25:02.0363 4080 pctDS (af08ec0f2093867ab955e24121ee7002) C:\Windows\system32\drivers\pctDS.sys
19:25:02.0372 4080 pctDS - ok
19:25:02.0457 4080 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\Windows\system32\drivers\pctEFA.sys
19:25:02.0479 4080 pctEFA - ok
19:25:02.0555 4080 pctgntdi (92f69754ad3f18ccc7e7232ca5262029) C:\Windows\System32\drivers\pctgntdi.sys
19:25:02.0568 4080 pctgntdi - ok
19:25:02.0627 4080 pctplsg (91aa056e365e1e093cf6e43540e60b28) C:\Windows\System32\drivers\pctplsg.sys
19:25:02.0630 4080 pctplsg - ok
19:25:02.0690 4080 PCTSD (6f8c66b756eccff3e75d362a8c66b21e) C:\Windows\system32\Drivers\PCTSD.sys
19:25:02.0697 4080 PCTSD - ok
19:25:02.0879 4080 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:25:02.0902 4080 PEAUTH - ok
19:25:03.0123 4080 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:25:03.0165 4080 pla - ok
19:25:03.0307 4080 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:25:03.0314 4080 PlugPlay - ok
19:25:03.0340 4080 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
19:25:03.0343 4080 Pml Driver HPZ12 - ok
19:25:03.0475 4080 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:25:03.0482 4080 PNRPAutoReg - ok
19:25:03.0502 4080 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:25:03.0510 4080 PNRPsvc - ok
19:25:03.0580 4080 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:25:03.0595 4080 PolicyAgent - ok
19:25:03.0652 4080 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:25:03.0655 4080 PptpMiniport - ok
19:25:03.0675 4080 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
19:25:03.0679 4080 Processor - ok
19:25:03.0750 4080 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:25:03.0756 4080 ProfSvc - ok
19:25:03.0812 4080 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:25:03.0814 4080 ProtectedStorage - ok
19:25:03.0854 4080 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:25:03.0856 4080 PSched - ok
19:25:03.0986 4080 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:25:04.0023 4080 ql2300 - ok
19:25:04.0094 4080 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:25:04.0098 4080 ql40xx - ok
19:25:04.0145 4080 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:25:04.0150 4080 QWAVE - ok
19:25:04.0172 4080 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:25:04.0176 4080 QWAVEdrv - ok
19:25:04.0201 4080 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:25:04.0204 4080 RasAcd - ok
19:25:04.0237 4080 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:25:04.0240 4080 RasAuto - ok
19:25:04.0264 4080 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:25:04.0265 4080 Rasl2tp - ok
19:25:04.0319 4080 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:25:04.0369 4080 RasMan - ok
19:25:04.0444 4080 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:25:04.0447 4080 RasPppoe - ok
19:25:04.0477 4080 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:25:04.0481 4080 RasSstp - ok
19:25:04.0546 4080 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:25:04.0561 4080 rdbss - ok
19:25:04.0583 4080 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:25:04.0586 4080 RDPCDD - ok
19:25:04.0646 4080 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:25:04.0652 4080 rdpdr - ok
19:25:04.0665 4080 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:25:04.0668 4080 RDPENCDD - ok
19:25:04.0760 4080 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:25:04.0806 4080 RDPWD - ok
19:25:04.0911 4080 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe
19:25:04.0915 4080 Recovery Service for Windows - ok
19:25:04.0960 4080 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:25:04.0962 4080 RemoteAccess - ok
19:25:05.0036 4080 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:25:05.0039 4080 RemoteRegistry - ok
19:25:05.0121 4080 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe
19:25:05.0138 4080 RichVideo - ok
19:25:05.0170 4080 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:25:05.0171 4080 RpcLocator - ok
19:25:05.0263 4080 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:25:05.0269 4080 RpcSs - ok
19:25:05.0361 4080 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:25:05.0364 4080 rspndr - ok
19:25:05.0413 4080 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:25:05.0415 4080 SamSs - ok
19:25:05.0440 4080 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:25:05.0444 4080 sbp2port - ok
19:25:05.0491 4080 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:25:05.0494 4080 SCardSvr - ok
19:25:05.0597 4080 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:25:05.0618 4080 Schedule - ok
19:25:05.0701 4080 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:25:05.0702 4080 SCPolicySvc - ok
19:25:05.0836 4080 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
19:25:05.0846 4080 sdAuxService - ok
19:25:05.0886 4080 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:25:05.0902 4080 sdbus - ok
19:25:06.0250 4080 sdCoreService (cb2447edda6f8098f3a966b8c82d35fd) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
19:25:06.0296 4080 sdCoreService - ok
19:25:06.0382 4080 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:25:06.0398 4080 SDRSVC - ok
19:25:06.0499 4080 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:25:06.0514 4080 SeaPort - ok
19:25:06.0571 4080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:25:06.0573 4080 secdrv - ok
19:25:06.0589 4080 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:25:06.0592 4080 seclogon - ok
19:25:06.0616 4080 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:25:06.0620 4080 SENS - ok
19:25:06.0643 4080 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:25:06.0645 4080 Serenum - ok
19:25:06.0717 4080 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:25:06.0720 4080 Serial - ok
19:25:06.0751 4080 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:25:06.0755 4080 sermouse - ok
19:25:06.0826 4080 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:25:06.0842 4080 SessionEnv - ok
19:25:06.0992 4080 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:25:06.0994 4080 sffdisk - ok
19:25:07.0089 4080 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:25:07.0091 4080 sffp_mmc - ok
19:25:07.0149 4080 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:25:07.0151 4080 sffp_sd - ok
19:25:07.0253 4080 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:25:07.0254 4080 sfloppy - ok
19:25:07.0459 4080 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:25:07.0471 4080 ShellHWDetection - ok
19:25:07.0533 4080 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:25:07.0536 4080 sisagp - ok
19:25:07.0564 4080 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:25:07.0567 4080 SiSRaid2 - ok
19:25:07.0591 4080 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:25:07.0606 4080 SiSRaid4 - ok
19:25:08.0079 4080 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:25:08.0161 4080 slsvc - ok
19:25:08.0388 4080 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:25:08.0391 4080 SLUINotify - ok
19:25:08.0453 4080 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:25:08.0456 4080 Smb - ok
19:25:08.0498 4080 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:25:08.0502 4080 SNMPTRAP - ok
19:25:08.0534 4080 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:25:08.0536 4080 spldr - ok
19:25:08.0633 4080 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:25:08.0638 4080 Spooler - ok
19:25:08.0718 4080 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:25:08.0724 4080 srv - ok
19:25:08.0802 4080 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:25:08.0846 4080 srv2 - ok
19:25:08.0939 4080 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:25:08.0943 4080 srvnet - ok
19:25:09.0021 4080 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:25:09.0031 4080 SSDPSRV - ok
19:25:09.0071 4080 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:25:09.0072 4080 ssmdrv - ok
19:25:09.0101 4080 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:25:09.0114 4080 SstpSvc - ok
19:25:09.0177 4080 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
19:25:09.0179 4080 StillCam - ok
19:25:09.0308 4080 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:25:09.0319 4080 stisvc - ok
19:25:09.0345 4080 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:25:09.0347 4080 swenum - ok
19:25:09.0423 4080 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:25:09.0431 4080 swprv - ok
19:25:09.0464 4080 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:25:09.0466 4080 Symc8xx - ok
19:25:09.0497 4080 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:25:09.0499 4080 Sym_hi - ok
19:25:09.0515 4080 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:25:09.0517 4080 Sym_u3 - ok
19:25:09.0566 4080 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
19:25:09.0605 4080 SynTP - ok
19:25:09.0695 4080 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:25:09.0721 4080 SysMain - ok
19:25:09.0768 4080 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:25:09.0785 4080 TabletInputService - ok
19:25:09.0857 4080 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:25:09.0871 4080 TapiSrv - ok
19:25:09.0941 4080 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:25:09.0945 4080 TBS - ok
19:25:10.0083 4080 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:25:10.0101 4080 Tcpip - ok
19:25:10.0124 4080 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:25:10.0133 4080 Tcpip6 - ok
19:25:10.0168 4080 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:25:10.0171 4080 tcpipreg - ok
19:25:10.0212 4080 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:25:10.0215 4080 TDPIPE - ok
19:25:10.0289 4080 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:25:10.0291 4080 TDTCP - ok
19:25:10.0324 4080 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:25:10.0327 4080 tdx - ok
19:25:10.0369 4080 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:25:10.0372 4080 TermDD - ok
19:25:10.0450 4080 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:25:10.0462 4080 TermService - ok
19:25:10.0520 4080 TfFsMon (eb8f8b25bb64452d86d2bd577607694a) C:\Windows\system32\drivers\TfFsMon.sys
19:25:10.0523 4080 TfFsMon - ok
19:25:10.0603 4080 TfNetMon (8d157e44ba7f87c8744ac977ca428c1d) C:\Windows\system32\drivers\TfNetMon.sys
19:25:10.0605 4080 TfNetMon - ok
19:25:10.0697 4080 TFSysMon (c866eb15c3cb83dac8f348abe6a42ea7) C:\Windows\system32\drivers\TfSysMon.sys
19:25:10.0720 4080 TFSysMon - ok
19:25:10.0797 4080 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:25:10.0802 4080 Themes - ok
19:25:10.0843 4080 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:25:10.0846 4080 THREADORDER - ok
19:25:10.0947 4080 ThreatFire - ok
19:25:10.0991 4080 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:25:10.0996 4080 TrkWks - ok
19:25:11.0063 4080 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:25:11.0064 4080 TrustedInstaller - ok
19:25:11.0104 4080 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:25:11.0106 4080 tssecsrv - ok
19:25:11.0132 4080 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:25:11.0134 4080 tunmp - ok
19:25:11.0183 4080 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:25:11.0186 4080 tunnel - ok
19:25:11.0249 4080 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:25:11.0251 4080 uagp35 - ok
19:25:11.0323 4080 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:25:11.0341 4080 udfs - ok
19:25:11.0392 4080 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:25:11.0396 4080 UI0Detect - ok
19:25:11.0428 4080 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:25:11.0431 4080 uliagpkx - ok
19:25:11.0470 4080 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:25:11.0477 4080 uliahci - ok
19:25:11.0510 4080 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:25:11.0513 4080 UlSata - ok
19:25:11.0593 4080 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:25:11.0597 4080 ulsata2 - ok
19:25:11.0615 4080 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:25:11.0617 4080 umbus - ok
19:25:11.0651 4080 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:25:11.0661 4080 upnphost - ok
19:25:11.0741 4080 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
19:25:11.0743 4080 USBAAPL - ok
19:25:11.0821 4080 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:25:11.0824 4080 usbaudio - ok
19:25:11.0884 4080 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:25:11.0894 4080 usbccgp - ok
19:25:11.0925 4080 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:25:11.0928 4080 usbcir - ok
19:25:11.0965 4080 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:25:11.0967 4080 usbehci - ok
19:25:12.0017 4080 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:25:12.0023 4080 usbhub - ok
19:25:12.0063 4080 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:25:12.0066 4080 usbohci - ok
19:25:12.0195 4080 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:25:12.0219 4080 usbprint - ok
19:25:12.0290 4080 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:25:12.0292 4080 usbscan - ok
19:25:12.0332 4080 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:25:12.0350 4080 USBSTOR - ok
19:25:12.0400 4080 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:25:12.0403 4080 usbuhci - ok
19:25:12.0461 4080 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:25:12.0472 4080 usbvideo - ok
19:25:12.0550 4080 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:25:12.0554 4080 UxSms - ok
19:25:12.0622 4080 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:25:12.0631 4080 vds - ok
19:25:12.0658 4080 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:25:12.0660 4080 vga - ok
19:25:12.0685 4080 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:25:12.0687 4080 VgaSave - ok
19:25:12.0734 4080 VHWDrawing (304578405511aad3bb4922a9469bbe58) C:\Windows\system32\DRIVERS\HWDrawing.sys
19:25:12.0735 4080 VHWDrawing - ok
19:25:12.0773 4080 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:25:12.0776 4080 viaagp - ok
19:25:12.0838 4080 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:25:12.0839 4080 ViaC7 - ok
19:25:12.0875 4080 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
19:25:12.0878 4080 viaide - ok
19:25:12.0908 4080 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:25:12.0910 4080 volmgr - ok
19:25:12.0964 4080 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:25:12.0975 4080 volmgrx - ok
19:25:13.0027 4080 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:25:13.0051 4080 volsnap - ok
19:25:13.0089 4080 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:25:13.0093 4080 vsmraid - ok
19:25:13.0246 4080 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:25:13.0258 4080 VSS - ok
19:25:13.0331 4080 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:25:13.0343 4080 W32Time - ok
19:25:13.0415 4080 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:25:13.0417 4080 WacomPen - ok
19:25:13.0502 4080 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:25:13.0519 4080 Wanarp - ok
19:25:13.0532 4080 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:25:13.0533 4080 Wanarpv6 - ok
19:25:13.0683 4080 WarrantyWare (cb57fc466e9a5e6b04735be68e18cdf5) C:\Program Files\PC Care Center\Bin\EndUserService.exe
19:25:13.0700 4080 WarrantyWare - ok
19:25:13.0898 4080 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:25:13.0917 4080 wcncsvc - ok
19:25:13.0998 4080 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:25:14.0001 4080 WcsPlugInService - ok
19:25:14.0089 4080 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:25:14.0091 4080 Wd - ok
19:25:14.0202 4080 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:25:14.0220 4080 Wdf01000 - ok
19:25:14.0251 4080 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:25:14.0266 4080 WdiServiceHost - ok
19:25:14.0278 4080 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:25:14.0282 4080 WdiSystemHost - ok
19:25:14.0326 4080 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:25:14.0345 4080 WebClient - ok
19:25:14.0410 4080 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:25:14.0414 4080 Wecsvc - ok
19:25:14.0484 4080 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:25:14.0501 4080 wercplsupport - ok
19:25:14.0553 4080 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:25:14.0563 4080 WerSvc - ok
19:25:14.0665 4080 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:25:14.0687 4080 winachsf - ok
19:25:14.0706 4080 WinHttpAutoProxySvc - ok
19:25:14.0845 4080 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:25:14.0849 4080 Winmgmt - ok
19:25:15.0029 4080 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:25:15.0061 4080 WinRM - ok
19:25:15.0205 4080 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:25:15.0229 4080 Wlansvc - ok
19:25:15.0560 4080 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:25:15.0593 4080 wlidsvc - ok
19:25:15.0790 4080 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:25:15.0792 4080 WmiAcpi - ok
19:25:15.0877 4080 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:25:15.0879 4080 wmiApSrv - ok
19:25:16.0168 4080 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:25:16.0190 4080 WMPNetworkSvc - ok
19:25:16.0244 4080 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:25:16.0248 4080 WPCSvc - ok
19:25:16.0316 4080 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:25:16.0331 4080 WPDBusEnum - ok
19:25:16.0445 4080 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:25:16.0446 4080 WpdUsb - ok
19:25:16.0676 4080 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:25:16.0698 4080 WPFFontCache_v0400 - ok
19:25:16.0775 4080 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:25:16.0779 4080 ws2ifsl - ok
19:25:16.0817 4080 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:25:16.0818 4080 WSDPrintDevice - ok
19:25:16.0832 4080 WSearch - ok
19:25:16.0874 4080 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:25:16.0878 4080 WUDFRd - ok
19:25:16.0938 4080 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:25:16.0942 4080 wudfsvc - ok
19:25:16.0967 4080 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
19:25:16.0970 4080 XAudio - ok
19:25:17.0083 4080 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
19:25:17.0091 4080 XAudioService - ok
19:25:17.0205 4080 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:25:17.0213 4080 YahooAUService - ok
19:25:17.0298 4080 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
19:25:17.0320 4080 yukonwlh - ok
19:25:17.0359 4080 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
19:25:17.0462 4080 \Device\Harddisk0\DR0 - ok
19:25:17.0473 4080 Boot (0x1200) (14326105b2484a4b5ba5ebfd20deb383) \Device\Harddisk0\DR0\Partition0
19:25:17.0475 4080 \Device\Harddisk0\DR0\Partition0 - ok
19:25:17.0487 4080 Boot (0x1200) (8e6139ddc9eb95fc6b22a267d423820d) \Device\Harddisk0\DR0\Partition1
19:25:17.0489 4080 \Device\Harddisk0\DR0\Partition1 - ok
19:25:17.0494 4080 ============================================================
19:25:17.0494 4080 Scan finished
19:25:17.0494 4080 ============================================================
19:25:17.0513 1944 Detected object count: 0
19:25:17.0513 1944 Actual detected object count: 0
19:26:47.0769 5580 Deinitialize success


and the 2nd one:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 19:27:53
-----------------------------
19:27:53.194 OS Version: Windows 6.0.6002 Service Pack 2
19:27:53.194 Number of processors: 1 586 0x301
19:27:53.195 ComputerName: KIMBERLY-PC UserName: Kimberly
19:28:25.673 Initialize success
19:32:01.422 AVAST engine defs: 12072201
19:33:52.961 The log file has been saved successfully to "C:\Users\Kimberly\Pictures\Jaimes temp\aswMBR.txt"



The 3rd one took forever (over 3 hours). But it seems more thurough and may have found more trojans than the one avira's been screeching about

C:\Nexon\Mabinogi\Client.exe.bak a variant of Win32/Packed.Themida application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL a variant of Win32/FunWeb.AA application cleaned by deleting - quarantined
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Secret Crush Revealer\Zugo.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files\WebfettiEI\Installr\1.bin\7dEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\WebfettiEI\Installr\1.bin\7dEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files\WebfettiEI\Installr\1.bin\NP7dEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Kimberly\AppData\Local\Temp\142DE6B5-BAB0-7891-A23A-51A6FB5C3AE4\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Kimberly\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Kimberly\AppData\Local\Temp\is2063840535\IWantThis_SRC_US.exe Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Users\Kimberly\AppData\Local\Temp\is2063840535\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Kimberly\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application deleted - quarantined
C:\Users\Kimberly\Documents\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:04 PM

Posted 23 July 2012 - 12:01 AM

Run aswmbr again and post the new log

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

Click on LOOK,post the generated log

#5 star rice

star rice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 23 July 2012 - 12:21 AM

Here. <3

SystemLook 30.07.11 by jpshortstuff
Log created at 00:15 on 23/07/2012 by Kimberly
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 279552 bytes [22:34 09/08/2009] [06:25 22/07/2012] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:34 21/01/2008] [02:34 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [22:34 09/08/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{ff24043d-55f8-5ce9-a20a-8337d9b4b888}"
C:\Users\Kimberly\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} d--hs-- [20:49 10/01/2012]
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} d--hs-- [20:49 10/01/2012]

-= EOF =-


Sorry, forgot the aswmbr. I think I have to redownload that. Doing it now.

Edit: It didn't really do anything. The Scan button was greyed out but here is the log I exported:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 00:24:23
-----------------------------
00:24:23.538 OS Version: Windows 6.0.6002 Service Pack 2
00:24:23.538 Number of processors: 1 586 0x301
00:24:23.539 ComputerName: KIMBERLY-PC UserName: Kimberly
00:24:25.588 Initialize success
00:24:38.292 AVAST engine defs: 12072201
00:24:43.865 The log file has been saved successfully to "C:\Users\Kimberly\Desktop\aswMBR.txt"



Edited by star rice, 23 July 2012 - 12:27 AM.


#6 star rice

star rice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 23 July 2012 - 12:47 AM

As a note, I have started getting some popups that I didn't before. That may be because I turned off Avira's realtime protection from my taskbar since it was getting annoying and not just popping up every minute, it was beeping and I need my sound on at the moment.

Edit: I am now getting redirects when I use google. Good thing I got this thread running or it would be hell to do it on my phone. And Windows keeps telling me this:

Host Process for Windows Services stopped working and was closed


No doubt our trojan friend.

Edited by star rice, 23 July 2012 - 04:39 AM.


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:04 PM

Posted 23 July 2012 - 06:42 AM

ASWMBR log is still incomplete,please run it in safemode :thumbup2:

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Kimberly\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

delete the folders

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 star rice

star rice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 23 July 2012 - 07:55 PM

Finally got a log. I had to run it three times before I could get the log. The first time my cats must have done something (or beings other than my cats) and the 2nd the computer got shut off, not sure how.

Anyway. It turns out I didn't need to do it in safemode. Not sure what the problem was and after 3 times getting it to run, I am not sure I want to know.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 00:24:23
-----------------------------
00:24:23.538 OS Version: Windows 6.0.6002 Service Pack 2
00:24:23.538 Number of processors: 1 586 0x301
00:24:23.539 ComputerName: KIMBERLY-PC UserName: Kimberly
00:24:25.588 Initialize success
00:24:38.292 AVAST engine defs: 12072201
00:24:43.865 The log file has been saved successfully to "C:\Users\Kimberly\Desktop\aswMBR.txt"

http://www.bleepingcomputer.com/forums/topic461862.htmlaswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 17:53:11
-----------------------------
17:53:11.424 OS Version: Windows 6.0.6002 Service Pack 2
17:53:11.424 Number of processors: 1 586 0x301
17:53:11.426 ComputerName: KIMBERLY-PC UserName: Kimberly
17:54:48.617 Initialize success
17:56:13.896 AVAST engine defs: 12072201
18:03:03.087 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
18:03:03.089 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 3
18:03:03.220 Disk 0 MBR read successfully
18:03:03.222 Disk 0 MBR scan
18:03:03.309 Disk 0 unknown MBR code
18:03:03.380 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142017 MB offset 2048
18:03:03.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10606 MB offset 290852864
18:03:03.554 Disk 0 scanning sectors +312573952
18:03:04.130 Disk 0 scanning C:\Windows\system32\drivers
18:06:22.600 Service scanning
18:11:47.200 Modules scanning
18:13:09.536 Disk 0 trace - called modules:
18:13:09.558 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:13:09.559 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872bcac8]
18:13:09.559 3 CLASSPNP.SYS[807d38b3] -> nt!IofCallDriver -> [0x86cd2480]
18:13:09.559 5 PCTCore.sys[8b38e407] -> nt!IofCallDriver -> [0x861d2bc8]
18:13:09.559 7 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x861c68a0]
18:13:11.870 AVAST engine scan C:\Windows
18:13:34.114 AVAST engine scan C:\Windows\system32
18:23:00.207 AVAST engine scan C:\Windows\system32\drivers
18:23:30.302 AVAST engine scan C:\Users\Kimberly
19:30:15.862 AVAST engine scan C:\ProgramData
19:45:33.017 Scan finished successfully
19:52:02.167 Disk 0 MBR has been saved successfully to "C:\Users\Kimberly\Desktop\MBR.dat"
19:52:02.171 The log file has been saved successfully to "C:\Users\Kimberly\Desktop\aswMBR.txt"


I'm running the other files now.

Edited by star rice, 23 July 2012 - 07:55 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:04 PM

Posted 23 July 2012 - 08:44 PM

:thumbup2:

#10 star rice

star rice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 24 July 2012 - 06:36 AM

The first malwarebytes came up with 22 bugs, deleted them, restarted, the 2nd came back with none. These two scans took the longest.

The folders were deleted

Results of the Minitoolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Kimberly (administrator) on 24-07-2012 at 06:22:15
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kimberly-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Networking Controller
Physical Address. . . . . . . . . : 00-1F-16-D4-91-59
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-24-2C-99-BF-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1ce8:e386:5bb9:56d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, July 24, 2012 12:13:31 AM
Lease Expires . . . . . . . . . . : Wednesday, July 25, 2012 12:13:31 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218113068
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-AF-B7-4C-00-24-2C-99-BF-EE
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{F47AE899-29BF-451E-86F0-563818C89BD4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{F68B843A-9A82-41F5-B19B-B0EF4D611564}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4000:800::1000
74.125.227.101
74.125.227.102
74.125.227.103
74.125.227.104
74.125.227.105
74.125.227.110
74.125.227.96
74.125.227.97
74.125.227.98
74.125.227.99
74.125.227.100

Pinging google.com [74.125.227.103] with 32 bytes of data:Reply from 74.125.227.103: bytes=32 time=16ms TTL=54Reply from 74.125.227.103: bytes=32 time=16ms TTL=54Ping statistics for 74.125.227.103: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 16ms, Maximum = 16ms, Average = 16msServer: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=17ms TTL=54Reply from 209.191.122.70: bytes=32 time=15ms TTL=54Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 17ms, Average = 16msServer: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
11 ...00 1f 16 d4 91 59 ...... NVIDIA nForce 10/100/1000 Mbps Networking Controller
10 ...00 24 2c 99 bf ee ...... Atheros AR5007 802.11b/g WiFi Adapter
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{F47AE899-29BF-451E-86F0-563818C89BD4}
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{F68B843A-9A82-41F5-B19B-B0EF4D611564}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::1ce8:e386:5bb9:56d/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/24/2012 06:18:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2012 00:16:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 07:02:40 PM) (Source: Application Hang) (User: )
Description: The program Kodak_ShareButton_App.exe version 4.1.12.203 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 8d4
Start Time: 01cd692aadc7d570
Termination Time: 118

Error: (07/23/2012 06:30:54 PM) (Source: Application Error) (User: )
Description: Faulting application Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, faulting module Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, exception code 0xc0000096, fault offset 0x0000ac41,
process id 0x10c0, application start time 0xOy1421yp.exe0.

Error: (07/23/2012 06:30:48 PM) (Source: Application Error) (User: )
Description: Faulting application Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, faulting module Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, exception code 0xc0000096, fault offset 0x0000ac41,
process id 0x12ac, application start time 0xOy1421yp.exe0.

Error: (07/23/2012 06:30:36 PM) (Source: Application Error) (User: )
Description: Faulting application Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, faulting module Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, exception code 0xc0000096, fault offset 0x0000ac41,
process id 0x11d4, application start time 0xOy1421yp.exe0.

Error: (07/23/2012 06:30:25 PM) (Source: Application Error) (User: )
Description: Faulting application Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, faulting module Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, exception code 0xc0000096, fault offset 0x0000ac41,
process id 0x1d8, application start time 0xOy1421yp.exe0.

Error: (07/23/2012 06:30:16 PM) (Source: Application Error) (User: )
Description: Faulting application Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, faulting module Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, exception code 0xc0000096, fault offset 0x0000ac41,
process id 0x11ac, application start time 0xOy1421yp.exe0.

Error: (07/23/2012 06:29:38 PM) (Source: Application Error) (User: )
Description: Faulting application Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, faulting module Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, exception code 0xc0000096, fault offset 0x0000ac41,
process id 0xe00, application start time 0xOy1421yp.exe0.

Error: (07/23/2012 06:29:23 PM) (Source: Application Error) (User: )
Description: Faulting application Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, faulting module Oy1421yp.exe, version 0.0.0.0, time stamp 0x5002e111, exception code 0xc0000096, fault offset 0x0000ac41,
process id 0x13c0, application start time 0xOy1421yp.exe0.


System errors:
=============
Error: (07/24/2012 00:16:26 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (07/24/2012 00:16:26 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (07/24/2012 00:16:26 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (07/24/2012 00:16:26 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/24/2012 00:15:29 AM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Broderbund PDF Creator with shared resource name Broderbund PDF Creator. Error 1753. The printer cannot be used by others on the network.

Error: (07/24/2012 00:15:29 AM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Canon MP520 series Printer with shared resource name Canon MP520 series Printer. Error 1753. The printer cannot be used by others on the network.

Error: (07/23/2012 05:48:46 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (07/23/2012 05:48:46 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (07/23/2012 05:48:46 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (07/23/2012 05:48:46 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 6.1.2)
7-Zip 9.20
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Shockwave Player (Version: 11.0)
ALOT Toolbar
American Greetings® Art & More Store
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
Atheros Driver Installation Program (Version: 5.2)
Audacity 2.0
Avira Free Antivirus (Version: 12.0.0.1125)
Babylon toolbar on IE
BabylonObjectInstaller (Version: 1.0.0.0)
Big Fish Games: Game Manager (Version: 2.0.0.5)
Blooming Daisies
Bonjour (Version: 3.0.0.10)
Browser Defender 4.0 (Version: 4.0.0.0)
BufferChm (Version: 140.0.212.000)
Cake Mania Deluxe (Version: 1.0.0.0)
CamStudio
Canon MP Navigator EX 1.0
Canon MP520 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Carbonite Online Backup Setup (Version: 3.7.3)
CCScore (Version: 8.02.0000.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conduit Engine (Version: 6.2.7.3)
Conexant HD Audio (Version: 4.58.1.0)
CyberLink DVD Suite (Version: 6.0.2203)
D110 (Version: 140.0.142.000)
D3DX10 (Version: 15.4.2368.0902)
Diablo II
Diner Dash (Version: 3.3.3.61)
Diner Dash 2
Driver Performer (Version: 10.0)
ESET Online Scanner v3
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.02.0000.0001)
ESScore (Version: 8.02.0000.0001)
ESSgui (Version: 8.02.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
ESU for Microsoft Vista (Version: 1.0.0)
Exterminate It! (Version: 1.76.05.25)
fflink (Version: 6.02.1001.0001)
FoxTab Audio Converter
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 21.0.1180.49)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
GraphicsGale FreeEdition version 1.93.18
HDAUDIO Soft Data Fax Modem with SmartCP
Home Business Advantage Kit (Version: 10.3.5)
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Doc Viewer (Version: 1.03.0001)
HP DVD Play 3.7 (Version: 3.7.0.5723)
HP Games (Version: 1.0.1.3)
HP Help and Support (Version: 2.1.3.0)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Total Care Advisor (Version: 2.4.4941.2798)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 5.003.001.001)
HP User Guides 0118 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPAppStudio (Version: 140.0.95.000)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
HPPhotoGadget (Version: 140.0.524.000)
iCloud (Version: 1.0.2.17)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
Katawa Shoujo
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
KODAK Share Button App (Version: 4.01.0000.0000)
LabelPrint (Version: 2.5.0926)
LAME v3.99.3 (for Windows)
Livestream Procaster (Version: 20.2.69)
Mabinogi
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Live Search Toolbar (Version: 3.0.541.0)
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.3821)
Microsoft Office 2000 SR-1 Small Business (Version: 9.00.3821)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Web Publishing Wizard 1.52
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.35.6951)
My Life Story (Version: 2.2.0.95)
netbrdg (Version: 7.01.0000.0001)
NetWaiting (Version: 2.5.52)
Network (Version: 140.0.212.000)
NetZero Preloader (Version: 1.0.0)
NVIDIA Drivers (Version: 1.5)
OfotoXMI (Version: 8.02.1000.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Pando Media Booster (Version: 2.3.2.2)
PC Care Center (Version: 1.1.7.2638)
PC Tools Spyware Doctor 9.0 (Version: 9.0)
PhotoMail Maker (Version: 1.0.0.1040)
Power2Go (Version: 6.0.2202)
PowerDirector (Version: 7.0.2201)
PrintMaster Gold 18 (Version: 18.00.0000)
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.71.80.42)
QuickTransfer (Version: 140.0.98.000)
Roll
Safari (Version: 5.34.52.7)
Scan (Version: 140.0.77.000)
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
Secret Crush Revealer
Segoe UI (Version: 15.4.2271.0615)
Serif DrawPlus 3.0
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 8.02.0000.0001)
SKINXSDK (Version: 8.02.0000.0001)
Skype™ 5.5 (Version: 5.5.124)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SPORE Creature Creator Trial Edition (Version: 1.00.0000)
staticcr (Version: 8.02.0000.0001)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Tablet Driver (Version: 2.4.1)
Toolbox (Version: 140.0.424.000)
TranslatorBar 5 Toolbar (Version: 6.1.0.7)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VPRINTOL (Version: 8.02.0000.0001)
WebReg (Version: 140.0.212.017)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
WIRELESS (Version: 8.02.0000.0001)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 2813.69 MB
Available physical RAM: 1309.88 MB
Total Pagefile: 5853.76 MB
Available Pagefile: 4447.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.59 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:138.69 GB) (Free:23.97 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.36 GB) (Free:1.75 GB) NTFS

========================= Users: ========================================

User accounts for \\KIMBERLY-PC

Administrator ASPNET Guest
Kimberly


**** End of log ****


Results of FSS

Farbar Service Scanner Version: 22-07-2012
Ran by Kimberly (administrator) on 24-07-2012 at 06:23:49
Running from "C:\Users\Kimberly\Downloads"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of BITS. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 05:24] - [2012-03-30 07:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


AdwCleaner Log after restart

# AdwCleaner v1.703 - Logfile created 07/24/2012 at 06:26:06
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Kimberly - KIMBERLY-PC
# Running from : C:\Users\Kimberly\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Kimberly\AppData\Local\Babylon
Folder Deleted : C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Kimberly\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Kimberly\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kimberly\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Kimberly\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2642706
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=1d0d586e000000000000001f16d49159 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\n3cq81np.default\prefs.js

C:\Users\Kimberly\AppData\Roaming\Mozilla\Firefox\Profiles\n3cq81np.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=1[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "1d0d586e000000000000001f16d49159");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "1d0d586e000000000000001f16d49159");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15481");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:01:39");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=1d0d586e000000[...]

-\\ Google Chrome v21.0.1180.49

File : C:\Users\Kimberly\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "icon_url": "hxxp://www.babylon.com/favicon.ico",
Deleted : "keyword": "babylon.com",
Deleted : "name": "Search the web (Babylon)",
Deleted : "search_url": "hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm",
Deleted : "description": "The fastest way to search the web.",
Deleted : "default_icon": "browser_icon_babylon48.png",
Deleted : "default_title": "Babylon Toolbar"
Deleted : "description": "Babylon ToolBar",
Deleted : "128": "babylon48.png",
Deleted : "48": "babylon48.png"
Deleted : "name": "Babylon Toolbar",
Deleted : "path": "BabylonChromeToolBar.dll",
Deleted : "update_url": "hxxp://img.babylon.com/ext/chrome/update/update1.xml",
Deleted : "name": "Babylon ToolBar",
Deleted : "path": "C:\\Users\\Kimberly\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension[...]
Deleted : "name": "Babylon ToolBar"

*************************

AdwCleaner[S1].txt - [286 octets] - [24/07/2012 06:25:18]
AdwCleaner[S2].txt - [10868 octets] - [24/07/2012 06:26:06]

########## EOF - C:\AdwCleaner[S2].txt - [10997 octets] ##########


So far I haven't been randomly(?) redirected anymore. Google isn't redirecting either and that stupid babylon thing is gone (which was a minor inconvenience as I dont search from my address bar and it pretty much just made sure my "default search provider" was its only bs.)

Edited by star rice, 24 July 2012 - 06:41 AM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:04 PM

Posted 24 July 2012 - 06:50 AM

Download

http://download.bleepingcomputer.com/win-services/vista/MpsSvc.reg
http://download.bleepingcomputer.com/win-services/vista/BFE.reg
http://download.bleepingcomputer.com/win-services/vista/WinDefend.reg
http://download.bleepingcomputer.com/win-services/vista/wscsvc.reg
http://download.bleepingcomputer.com/win-services/vista/BITS.reg
http://download.bleepingcomputer.com/win-services/vista/wuauserv.reg
http://download.bleepingcomputer.com/win-services/vista/SharedAccess.reg

Launch them ,click YES

Restart the PC

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#12 star rice

star rice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 24 July 2012 - 09:57 AM

The new FSS

Farbar Service Scanner Version: 22-07-2012
Ran by Kimberly (administrator) on 24-07-2012 at 09:53:37
Running from "C:\Users\Kimberly\Downloads"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 05:24] - [2012-03-30 07:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Just by fixing the system files alone, my computer seems to be in better health. <3

Edited by star rice, 24 July 2012 - 09:58 AM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:04 PM

Posted 24 July 2012 - 09:58 AM

Any current issues?

#14 star rice

star rice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 24 July 2012 - 10:38 AM

Well Avira is actually able to open now. I think the Trojan is gone and everything runs so smooth now <3 Well, as smooth as it can for my processor XD You guys are wonderful. I swear, I am recommending to anyone I know.

Edit: Though, Avira is still picking up my trojan =\

Edited by star rice, 24 July 2012 - 10:56 AM.


#15 star rice

star rice
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 24 July 2012 - 01:45 PM

Posted Image

Here is what Avira found. I went ahead and quarantined them and deleted them. Gonna go restart now and then rescan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users