Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected with Trojangen2, trojannoaccessb!!!


  • Please log in to reply
14 replies to this topic

#1 Shafter99

Shafter99

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 03 September 2012 - 10:40 PM

I could really use some help here... I got an email from my brother whose using an unsecured network in Afghanistan and my Norton 360 is blocking Trojan gen.2, Trojan zeroaccessb, zeroaccessc and backdoor trojans... I'm using Vista Home Premium 32 bit on an older model, custom built desktop. I've ran aswMBR and ESET... I don't know what to do next. Please help.

BC AdBot (Login to Remove)

 


#2 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 03 September 2012 - 10:42 PM

aswMBR results:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 19:40:57
-----------------------------
19:40:57.521 OS Version: Windows 6.0.6002 Service Pack 2
19:40:57.521 Number of processors: 2 586 0x6B02
19:40:57.521 ComputerName: SHAFTER-PC UserName: Shafter
19:41:11.904 Initialize success
19:53:18.396 AVAST engine defs: 12090301
19:58:08.856 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
19:58:08.856 Disk 0 Vendor: ST316082 8.03 Size: 152587MB BusType: 6
19:58:08.872 Disk 0 MBR read successfully
19:58:08.872 Disk 0 MBR scan
19:58:08.872 Disk 0 Windows VISTA default MBR code
19:58:08.872 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:58:08.887 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147118 MB offset 80325
19:58:08.919 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 5428 MB offset 301379400
19:58:08.919 Disk 0 scanning sectors +312496380
19:58:08.981 Disk 0 scanning C:\Windows\system32\drivers
19:58:18.341 Service scanning
19:58:23.458 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
19:58:28.107 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
19:58:32.599 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
19:58:39.042 Modules scanning
19:58:44.908 Disk 0 trace - called modules:
19:58:44.939 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
19:58:44.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862600c0]
19:58:44.955 3 CLASSPNP.SYS[87f9d8b3] -> nt!IofCallDriver -> [0x8448aba0]
19:58:44.955 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\00000063[0x8446dc90]
19:58:45.688 AVAST engine scan C:\Windows
19:58:47.669 AVAST engine scan C:\Windows\system32
20:01:25.104 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:02:19.579 AVAST engine scan C:\Windows\system32\drivers
20:02:38.346 AVAST engine scan C:\Users\Shafter
20:08:44.009 AVAST engine scan C:\ProgramData
20:12:30.466 Scan finished successfully
20:13:19.762 Disk 0 MBR has been saved successfully to "C:\Users\Shafter\Desktop\MBR.dat"
20:13:19.762 The log file has been saved successfully to "C:\Users\Shafter\Desktop\aswMBR.txt"

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:35 PM

Posted 04 September 2012 - 12:01 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results


Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 September 2012 - 12:26 AM

TDS LOG to follow:23:23:22.0170 5448 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:23:23.0266 5448 ============================================================
23:23:23.0266 5448 Current date / time: 2012/09/03 23:23:23.0266
23:23:23.0266 5448 SystemInfo:
23:23:23.0266 5448
23:23:23.0266 5448 OS Version: 6.0.6002 ServicePack: 2.0
23:23:23.0266 5448 Product type: Workstation
23:23:23.0266 5448 ComputerName: SHAFTER-PC
23:23:23.0267 5448 UserName: Shafter
23:23:23.0267 5448 Windows directory: C:\Windows
23:23:23.0267 5448 System windows directory: C:\Windows
23:23:23.0267 5448 Processor architecture: Intel x86
23:23:23.0267 5448 Number of processors: 2
23:23:23.0267 5448 Page size: 0x1000
23:23:23.0267 5448 Boot type: Normal boot
23:23:23.0267 5448 ============================================================
23:23:23.0811 5448 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:23:23.0813 5448 ============================================================
23:23:23.0813 5448 \Device\Harddisk0\DR0:
23:23:23.0813 5448 MBR partitions:
23:23:23.0813 5448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x11F57583
23:23:23.0813 5448 ============================================================
23:23:23.0856 5448 C: <-> \Device\Harddisk0\DR0\Partition1
23:23:23.0857 5448 ============================================================
23:23:23.0857 5448 Initialize success
23:23:23.0857 5448 ============================================================
23:23:38.0871 5784 ============================================================
23:23:38.0871 5784 Scan started
23:23:38.0871 5784 Mode: Manual; TDLFS;
23:23:38.0871 5784 ============================================================
23:23:39.0056 5784 ================ Scan system memory ========================
23:23:39.0056 5784 System memory - ok
23:23:39.0056 5784 ================ Scan services =============================
23:23:39.0282 5784 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:23:39.0288 5784 ACPI - ok
23:23:39.0342 5784 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:23:39.0349 5784 adp94xx - ok
23:23:39.0374 5784 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:23:39.0380 5784 adpahci - ok
23:23:39.0404 5784 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:23:39.0407 5784 adpu160m - ok
23:23:39.0424 5784 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:23:39.0428 5784 adpu320 - ok
23:23:39.0469 5784 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:23:39.0470 5784 AeLookupSvc - ok
23:23:39.0528 5784 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:23:39.0532 5784 AFD - ok
23:23:39.0555 5784 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:23:39.0558 5784 agp440 - ok
23:23:39.0583 5784 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:23:39.0586 5784 aic78xx - ok
23:23:39.0613 5784 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:23:39.0615 5784 ALG - ok
23:23:39.0629 5784 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
23:23:39.0631 5784 aliide - ok
23:23:39.0644 5784 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:23:39.0647 5784 amdagp - ok
23:23:39.0659 5784 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
23:23:39.0661 5784 amdide - ok
23:23:39.0688 5784 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:23:39.0690 5784 AmdK7 - ok
23:23:39.0725 5784 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:23:39.0976 5784 AmdK8 - ok
23:23:40.0014 5784 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:23:40.0015 5784 Appinfo - ok
23:23:40.0112 5784 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:23:40.0116 5784 Apple Mobile Device - ok
23:23:40.0169 5784 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
23:23:40.0171 5784 arc - ok
23:23:40.0200 5784 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:23:40.0202 5784 arcsas - ok
23:23:40.0281 5784 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:23:40.0283 5784 aspnet_state - ok
23:23:40.0312 5784 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:23:40.0313 5784 AsyncMac - ok
23:23:40.0345 5784 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:23:40.0347 5784 atapi - ok
23:23:40.0380 5784 [ 3C4B9850A2631C2263507400D029057B ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
23:23:40.0385 5784 atksgt - ok
23:23:40.0445 5784 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:23:40.0451 5784 AudioEndpointBuilder - ok
23:23:40.0458 5784 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:23:40.0460 5784 Audiosrv - ok
23:23:40.0503 5784 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:23:40.0504 5784 Beep - ok
23:23:40.0551 5784 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:23:40.0557 5784 BFE - ok
23:23:40.0766 5784 [ A9E111A358AC5F7EBA7AC61E43FC6725 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120823.007\BHDrvx86.sys
23:23:40.0778 5784 BHDrvx86 - ok
23:23:40.0798 5784 blbdrive - ok
23:23:40.0845 5784 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:23:40.0851 5784 Bonjour Service - ok
23:23:40.0892 5784 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:23:40.0894 5784 bowser - ok
23:23:40.0922 5784 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:23:40.0924 5784 BrFiltLo - ok
23:23:40.0937 5784 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:23:40.0938 5784 BrFiltUp - ok
23:23:40.0963 5784 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:23:40.0965 5784 Browser - ok
23:23:40.0989 5784 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:23:40.0991 5784 Brserid - ok
23:23:41.0010 5784 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:23:41.0012 5784 BrSerWdm - ok
23:23:41.0025 5784 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:23:41.0027 5784 BrUsbMdm - ok
23:23:41.0045 5784 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:23:41.0047 5784 BrUsbSer - ok
23:23:41.0060 5784 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:23:41.0062 5784 BTHMODEM - ok
23:23:41.0132 5784 catchme - ok
23:23:41.0187 5784 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys
23:23:41.0191 5784 ccSet_N360 - ok
23:23:41.0225 5784 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:23:41.0227 5784 cdfs - ok
23:23:41.0261 5784 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:23:41.0263 5784 cdrom - ok
23:23:41.0317 5784 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:23:41.0318 5784 CertPropSvc - ok
23:23:41.0348 5784 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
23:23:41.0349 5784 circlass - ok
23:23:41.0386 5784 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:23:41.0391 5784 CLFS - ok
23:23:41.0429 5784 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:23:41.0432 5784 clr_optimization_v2.0.50727_32 - ok
23:23:41.0523 5784 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:23:41.0526 5784 clr_optimization_v4.0.30319_32 - ok
23:23:41.0546 5784 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:23:41.0548 5784 cmdide - ok
23:23:41.0555 5784 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:23:41.0557 5784 Compbatt - ok
23:23:41.0563 5784 COMSysApp - ok
23:23:41.0569 5784 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:23:41.0571 5784 crcdisk - ok
23:23:41.0588 5784 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:23:41.0590 5784 Crusoe - ok
23:23:41.0633 5784 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:23:41.0636 5784 CryptSvc - ok
23:23:41.0688 5784 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:23:41.0696 5784 DcomLaunch - ok
23:23:41.0723 5784 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:23:41.0725 5784 DfsC - ok
23:23:41.0816 5784 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:23:41.0867 5784 DFSR - ok
23:23:41.0920 5784 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:23:41.0924 5784 Dhcp - ok
23:23:41.0956 5784 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:23:41.0958 5784 disk - ok
23:23:41.0996 5784 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:23:41.0999 5784 Dnscache - ok
23:23:42.0035 5784 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:23:42.0039 5784 dot3svc - ok
23:23:42.0063 5784 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:23:42.0066 5784 DPS - ok
23:23:42.0100 5784 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:23:42.0102 5784 drmkaud - ok
23:23:42.0152 5784 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:23:42.0161 5784 DXGKrnl - ok
23:23:42.0194 5784 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:23:42.0196 5784 E1G60 - ok
23:23:42.0224 5784 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:23:42.0226 5784 EapHost - ok
23:23:42.0257 5784 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:23:42.0260 5784 Ecache - ok
23:23:42.0319 5784 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:23:42.0324 5784 eeCtrl - ok
23:23:42.0376 5784 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:23:42.0381 5784 ehRecvr - ok
23:23:42.0409 5784 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:23:42.0412 5784 ehSched - ok
23:23:42.0420 5784 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:23:42.0421 5784 ehstart - ok
23:23:42.0448 5784 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:23:42.0470 5784 elxstor - ok
23:23:42.0515 5784 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:23:42.0524 5784 EMDMgmt - ok
23:23:42.0551 5784 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:23:42.0554 5784 EraserUtilRebootDrv - ok
23:23:42.0603 5784 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:23:42.0608 5784 EventSystem - ok
23:23:42.0649 5784 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:23:42.0652 5784 exfat - ok
23:23:42.0692 5784 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:23:42.0695 5784 fastfat - ok
23:23:42.0746 5784 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:23:42.0748 5784 fdc - ok
23:23:42.0776 5784 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:23:42.0777 5784 fdPHost - ok
23:23:42.0800 5784 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:23:42.0801 5784 FDResPub - ok
23:23:42.0838 5784 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:23:42.0840 5784 FileInfo - ok
23:23:42.0865 5784 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:23:42.0867 5784 Filetrace - ok
23:23:42.0880 5784 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:23:42.0881 5784 flpydisk - ok
23:23:42.0919 5784 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:23:42.0923 5784 FltMgr - ok
23:23:42.0984 5784 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:23:43.0026 5784 FontCache - ok
23:23:43.0074 5784 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:23:43.0076 5784 FontCache3.0.0.0 - ok
23:23:43.0113 5784 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:23:43.0115 5784 Fs_Rec - ok
23:23:43.0141 5784 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:23:43.0143 5784 gagp30kx - ok
23:23:43.0182 5784 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:23:43.0183 5784 GEARAspiWDM - ok
23:23:43.0190 5784 GMSIPCI - ok
23:23:43.0238 5784 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:23:43.0246 5784 gpsvc - ok
23:23:43.0296 5784 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:23:43.0300 5784 HdAudAddService - ok
23:23:43.0355 5784 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:23:43.0363 5784 HDAudBus - ok
23:23:43.0378 5784 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:23:43.0380 5784 HidBth - ok
23:23:43.0397 5784 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:23:43.0398 5784 HidIr - ok
23:23:43.0424 5784 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
23:23:43.0426 5784 hidserv - ok
23:23:43.0438 5784 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:23:43.0440 5784 HidUsb - ok
23:23:43.0462 5784 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:23:43.0464 5784 hkmsvc - ok
23:23:43.0479 5784 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:23:43.0492 5784 HpCISSs - ok
23:23:43.0526 5784 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:23:43.0533 5784 HTTP - ok
23:23:43.0553 5784 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:23:43.0555 5784 i2omp - ok
23:23:43.0601 5784 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:23:43.0603 5784 i8042prt - ok
23:23:43.0623 5784 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:23:43.0628 5784 iaStorV - ok
23:23:43.0703 5784 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:23:43.0762 5784 idsvc - ok
23:23:43.0848 5784 [ D0A4C9031B57295D6B1078E3CFA45DB4 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120831.001\IDSvix86.sys
23:23:43.0854 5784 IDSVix86 - ok
23:23:43.0872 5784 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:23:43.0874 5784 iirsp - ok
23:23:43.0916 5784 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:23:43.0923 5784 IKEEXT - ok
23:23:43.0958 5784 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
23:23:43.0960 5784 intelide - ok
23:23:43.0984 5784 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:23:43.0986 5784 intelppm - ok
23:23:44.0010 5784 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:23:44.0013 5784 IPBusEnum - ok
23:23:44.0030 5784 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:23:44.0032 5784 IpFilterDriver - ok
23:23:44.0073 5784 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:23:44.0077 5784 iphlpsvc - ok
23:23:44.0082 5784 IpInIp - ok
23:23:44.0100 5784 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:23:44.0103 5784 IPMIDRV - ok
23:23:44.0128 5784 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:23:44.0131 5784 IPNAT - ok
23:23:44.0148 5784 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:23:44.0149 5784 IRENUM - ok
23:23:44.0176 5784 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:23:44.0178 5784 isapnp - ok
23:23:44.0216 5784 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:23:44.0219 5784 iScsiPrt - ok
23:23:44.0239 5784 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:23:44.0241 5784 iteatapi - ok
23:23:44.0253 5784 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:23:44.0255 5784 iteraid - ok
23:23:44.0282 5784 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:23:44.0284 5784 kbdclass - ok
23:23:44.0316 5784 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:23:44.0318 5784 kbdhid - ok
23:23:44.0344 5784 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:23:44.0346 5784 KeyIso - ok
23:23:44.0370 5784 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:23:44.0378 5784 KSecDD - ok
23:23:44.0436 5784 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:23:44.0442 5784 KtmRm - ok
23:23:44.0486 5784 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
23:23:44.0490 5784 LanmanServer - ok
23:23:44.0534 5784 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:23:44.0538 5784 LanmanWorkstation - ok
23:23:44.0559 5784 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
23:23:44.0561 5784 lirsgt - ok
23:23:44.0581 5784 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:23:44.0582 5784 lltdio - ok
23:23:44.0612 5784 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:23:44.0616 5784 lltdsvc - ok
23:23:44.0637 5784 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:23:44.0639 5784 lmhosts - ok
23:23:44.0673 5784 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:23:44.0676 5784 LSI_FC - ok
23:23:44.0690 5784 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:23:44.0692 5784 LSI_SAS - ok
23:23:44.0706 5784 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:23:44.0709 5784 LSI_SCSI - ok
23:23:44.0735 5784 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:23:44.0737 5784 luafv - ok
23:23:44.0749 5784 lvpopflt - ok
23:23:44.0766 5784 LVRS - ok
23:23:44.0772 5784 LVUVC - ok
23:23:44.0808 5784 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:23:44.0810 5784 Mcx2Svc - ok
23:23:44.0838 5784 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
23:23:44.0851 5784 megasas - ok
23:23:44.0875 5784 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:23:44.0877 5784 MMCSS - ok
23:23:44.0907 5784 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:23:44.0908 5784 Modem - ok
23:23:44.0946 5784 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:23:44.0948 5784 monitor - ok
23:23:44.0960 5784 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:23:44.0962 5784 mouclass - ok
23:23:44.0970 5784 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:23:44.0972 5784 mouhid - ok
23:23:44.0995 5784 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:23:44.0997 5784 MountMgr - ok
23:23:45.0026 5784 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
23:23:45.0045 5784 mpio - ok
23:23:45.0075 5784 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:23:45.0077 5784 mpsdrv - ok
23:23:45.0125 5784 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:23:45.0132 5784 MpsSvc - ok
23:23:45.0159 5784 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:23:45.0162 5784 Mraid35x - ok
23:23:45.0209 5784 [ CD0A89C61E8F4BE0B1DFBB4B972FC1DD ] MRV6X32P C:\Windows\system32\DRIVERS\MRVW13B.sys
23:23:45.0214 5784 MRV6X32P - ok
23:23:45.0243 5784 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:23:45.0246 5784 MRxDAV - ok
23:23:45.0281 5784 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:23:45.0284 5784 mrxsmb - ok
23:23:45.0325 5784 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:23:45.0329 5784 mrxsmb10 - ok
23:23:45.0336 5784 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:23:45.0339 5784 mrxsmb20 - ok
23:23:45.0352 5784 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
23:23:45.0354 5784 msahci - ok
23:23:45.0368 5784 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:23:45.0371 5784 msdsm - ok
23:23:45.0405 5784 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:23:45.0408 5784 MSDTC - ok
23:23:45.0432 5784 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:23:45.0434 5784 Msfs - ok
23:23:45.0471 5784 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:23:45.0473 5784 msisadrv - ok
23:23:45.0497 5784 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:23:45.0500 5784 MSiSCSI - ok
23:23:45.0505 5784 msiserver - ok
23:23:45.0526 5784 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:23:45.0528 5784 MSKSSRV - ok
23:23:45.0555 5784 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:23:45.0556 5784 MSPCLOCK - ok
23:23:45.0572 5784 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:23:45.0573 5784 MSPQM - ok
23:23:45.0594 5784 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:23:45.0597 5784 MsRPC - ok
23:23:45.0612 5784 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:23:45.0614 5784 mssmbios - ok
23:23:45.0639 5784 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:23:45.0641 5784 MSTEE - ok
23:23:45.0667 5784 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
23:23:45.0668 5784 MTsensor - ok
23:23:45.0700 5784 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:23:45.0702 5784 Mup - ok
23:23:45.0767 5784 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
23:23:45.0770 5784 N360 - ok
23:23:45.0806 5784 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:23:45.0813 5784 napagent - ok
23:23:45.0869 5784 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:23:45.0872 5784 NativeWifiP - ok
23:23:45.0936 5784 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120903.017\NAVENG.SYS
23:23:45.0939 5784 NAVENG - ok
23:23:45.0998 5784 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120903.017\NAVEX15.SYS
23:23:46.0056 5784 NAVEX15 - ok
23:23:46.0117 5784 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:23:46.0125 5784 NDIS - ok
23:23:46.0144 5784 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:23:46.0145 5784 NdisTapi - ok
23:23:46.0163 5784 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:23:46.0165 5784 Ndisuio - ok
23:23:46.0202 5784 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:23:46.0205 5784 NdisWan - ok
23:23:46.0224 5784 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:23:46.0226 5784 NDProxy - ok
23:23:46.0241 5784 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:23:46.0243 5784 NetBIOS - ok
23:23:46.0281 5784 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:23:46.0285 5784 netbt - ok
23:23:46.0290 5784 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:23:46.0291 5784 Netlogon - ok
23:23:46.0317 5784 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:23:46.0323 5784 Netman - ok
23:23:46.0356 5784 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:23:46.0360 5784 netprofm - ok
23:23:46.0395 5784 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:23:46.0397 5784 NetTcpPortSharing - ok
23:23:46.0419 5784 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:23:46.0421 5784 nfrd960 - ok
23:23:46.0462 5784 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:23:46.0466 5784 NlaSvc - ok
23:23:46.0506 5784 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:23:46.0508 5784 Npfs - ok
23:23:46.0533 5784 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:23:46.0535 5784 nsi - ok
23:23:46.0552 5784 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:23:46.0554 5784 nsiproxy - ok
23:23:46.0557 5784 NTACCESS - ok
23:23:46.0617 5784 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:23:46.0642 5784 Ntfs - ok
23:23:46.0659 5784 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:23:46.0660 5784 ntrigdigi - ok
23:23:46.0680 5784 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:23:46.0682 5784 Null - ok
23:23:46.0745 5784 [ D668632606D1CEBF0B6EC64C1DF7ED6F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:23:46.0787 5784 NVENETFD - ok
23:23:47.0073 5784 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:23:47.0321 5784 nvlddmkm - ok
23:23:47.0336 5784 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:23:47.0339 5784 nvraid - ok
23:23:47.0367 5784 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:23:47.0369 5784 nvstor - ok
23:23:47.0399 5784 [ FA7B8ECA6E845B244B7E30A9DCD82C6C ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
23:23:47.0401 5784 nvstor32 - ok
23:23:47.0447 5784 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:23:47.0456 5784 nvsvc - ok
23:23:47.0563 5784 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:23:47.0596 5784 nvUpdatusService - ok
23:23:47.0626 5784 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:23:47.0629 5784 nv_agp - ok
23:23:47.0634 5784 NwlnkFlt - ok
23:23:47.0640 5784 NwlnkFwd - ok
23:23:47.0722 5784 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:23:47.0728 5784 odserv - ok
23:23:47.0781 5784 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:23:47.0783 5784 ohci1394 - ok
23:23:47.0824 5784 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:23:47.0827 5784 ose - ok
23:23:47.0871 5784 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:23:47.0881 5784 p2pimsvc - ok
23:23:47.0892 5784 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:23:47.0897 5784 p2psvc - ok
23:23:47.0928 5784 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:23:47.0931 5784 Parport - ok
23:23:47.0964 5784 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:23:47.0966 5784 partmgr - ok
23:23:47.0976 5784 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:23:47.0978 5784 Parvdm - ok
23:23:47.0999 5784 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:23:48.0002 5784 PcaSvc - ok
23:23:48.0040 5784 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:23:48.0044 5784 pci - ok
23:23:48.0063 5784 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
23:23:48.0065 5784 pciide - ok
23:23:48.0100 5784 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:23:48.0104 5784 pcmcia - ok
23:23:48.0140 5784 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:23:48.0173 5784 PEAUTH - ok
23:23:48.0248 5784 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:23:48.0290 5784 pla - ok
23:23:48.0320 5784 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:23:48.0326 5784 PlugPlay - ok
23:23:48.0347 5784 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:23:48.0352 5784 PNRPAutoReg - ok
23:23:48.0372 5784 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:23:48.0377 5784 PNRPsvc - ok
23:23:48.0418 5784 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:23:48.0424 5784 PolicyAgent - ok
23:23:48.0459 5784 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:23:48.0461 5784 PptpMiniport - ok
23:23:48.0481 5784 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
23:23:48.0483 5784 Processor - ok
23:23:48.0501 5784 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:23:48.0505 5784 ProfSvc - ok
23:23:48.0519 5784 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:23:48.0520 5784 ProtectedStorage - ok
23:23:48.0551 5784 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:23:48.0553 5784 PSched - ok
23:23:48.0603 5784 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:23:48.0605 5784 PxHelp20 - ok
23:23:48.0656 5784 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:23:48.0689 5784 ql2300 - ok
23:23:48.0706 5784 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:23:48.0709 5784 ql40xx - ok
23:23:48.0744 5784 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:23:48.0749 5784 QWAVE - ok
23:23:48.0773 5784 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:23:48.0775 5784 QWAVEdrv - ok
23:23:48.0796 5784 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:23:48.0798 5784 RasAcd - ok
23:23:48.0828 5784 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:23:48.0832 5784 RasAuto - ok
23:23:48.0866 5784 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:23:48.0868 5784 Rasl2tp - ok
23:23:48.0904 5784 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:23:48.0909 5784 RasMan - ok
23:23:48.0944 5784 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:23:48.0946 5784 RasPppoe - ok
23:23:48.0984 5784 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:23:48.0987 5784 RasSstp - ok
23:23:49.0021 5784 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:23:49.0026 5784 rdbss - ok
23:23:49.0053 5784 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:23:49.0054 5784 RDPCDD - ok
23:23:49.0081 5784 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:23:49.0085 5784 rdpdr - ok
23:23:49.0090 5784 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:23:49.0093 5784 RDPENCDD - ok
23:23:49.0129 5784 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:23:49.0133 5784 RDPWD - ok
23:23:49.0170 5784 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:23:49.0173 5784 RemoteAccess - ok
23:23:49.0206 5784 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:23:49.0210 5784 RemoteRegistry - ok
23:23:49.0237 5784 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:23:49.0239 5784 RpcLocator - ok
23:23:49.0259 5784 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:23:49.0264 5784 RpcSs - ok
23:23:49.0283 5784 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:23:49.0285 5784 rspndr - ok
23:23:49.0320 5784 [ 92F0EFC2D29D2B38ADF9FE49701523C1 ] rt61x86 C:\Windows\system32\DRIVERS\netr61.sys
23:23:49.0326 5784 rt61x86 - ok
23:23:49.0337 5784 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:23:49.0338 5784 SamSs - ok
23:23:49.0363 5784 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:23:49.0366 5784 sbp2port - ok
23:23:49.0411 5784 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:23:49.0414 5784 SCardSvr - ok
23:23:49.0461 5784 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:23:49.0470 5784 Schedule - ok
23:23:49.0481 5784 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:23:49.0482 5784 SCPolicySvc - ok
23:23:49.0502 5784 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:23:49.0506 5784 SDRSVC - ok
23:23:49.0516 5784 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:23:49.0517 5784 secdrv - ok
23:23:49.0538 5784 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:23:49.0540 5784 seclogon - ok
23:23:49.0567 5784 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
23:23:49.0569 5784 SENS - ok
23:23:49.0590 5784 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:23:49.0591 5784 Serenum - ok
23:23:49.0605 5784 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:23:49.0608 5784 Serial - ok
23:23:49.0629 5784 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:23:49.0631 5784 sermouse - ok
23:23:49.0666 5784 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:23:49.0670 5784 SessionEnv - ok
23:23:49.0678 5784 SetupNTGLM7X - ok
23:23:49.0697 5784 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:23:49.0699 5784 sffdisk - ok
23:23:49.0710 5784 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:23:49.0712 5784 sffp_mmc - ok
23:23:49.0727 5784 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:23:49.0729 5784 sffp_sd - ok
23:23:49.0742 5784 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:23:49.0744 5784 sfloppy - ok
23:23:49.0780 5784 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:23:49.0785 5784 SharedAccess - ok
23:23:49.0828 5784 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:23:49.0833 5784 ShellHWDetection - ok
23:23:49.0856 5784 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:23:49.0859 5784 sisagp - ok
23:23:49.0872 5784 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:23:49.0888 5784 SiSRaid2 - ok
23:23:49.0906 5784 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:23:49.0908 5784 SiSRaid4 - ok
23:23:50.0017 5784 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:23:50.0100 5784 slsvc - ok
23:23:50.0149 5784 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:23:50.0152 5784 SLUINotify - ok
23:23:50.0188 5784 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:23:50.0190 5784 Smb - ok
23:23:50.0224 5784 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:23:50.0226 5784 SNMPTRAP - ok
23:23:50.0252 5784 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:23:50.0254 5784 spldr - ok
23:23:50.0288 5784 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:23:50.0292 5784 Spooler - ok
23:23:50.0339 5784 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\system32\drivers\N360\0603000.00E\SRTSP.SYS
23:23:50.0347 5784 SRTSP - ok
23:23:50.0359 5784 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS
23:23:50.0361 5784 SRTSPX - ok
23:23:50.0401 5784 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:23:50.0406 5784 srv - ok
23:23:50.0446 5784 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:23:50.0450 5784 srv2 - ok
23:23:50.0462 5784 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:23:50.0465 5784 srvnet - ok
23:23:50.0497 5784 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:23:50.0501 5784 SSDPSRV - ok
23:23:50.0552 5784 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:23:50.0556 5784 SstpSvc - ok
23:23:50.0577 5784 Steam Client Service - ok
23:23:50.0637 5784 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:23:50.0644 5784 Stereo Service - ok
23:23:50.0696 5784 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:23:50.0705 5784 stisvc - ok
23:23:50.0717 5784 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:23:50.0719 5784 swenum - ok
23:23:50.0762 5784 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:23:50.0769 5784 swprv - ok
23:23:50.0791 5784 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:23:50.0793 5784 Symc8xx - ok
23:23:50.0837 5784 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS
23:23:50.0843 5784 SymDS - ok
23:23:50.0886 5784 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS
23:23:50.0911 5784 SymEFA - ok
23:23:50.0953 5784 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:23:50.0956 5784 SymEvent - ok
23:23:50.0968 5784 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS
23:23:50.0971 5784 SymIRON - ok
23:23:50.0988 5784 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\system32\drivers\N360\0603000.00E\SYMTDIV.SYS
23:23:50.0994 5784 SYMTDIv - ok
23:23:51.0013 5784 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:23:51.0015 5784 Sym_hi - ok
23:23:51.0042 5784 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:23:51.0044 5784 Sym_u3 - ok
23:23:51.0085 5784 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:23:51.0094 5784 SysMain - ok
23:23:51.0115 5784 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:23:51.0118 5784 TabletInputService - ok
23:23:51.0163 5784 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:23:51.0168 5784 TapiSrv - ok
23:23:51.0193 5784 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:23:51.0196 5784 TBS - ok
23:23:51.0245 5784 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:23:51.0270 5784 Tcpip - ok
23:23:51.0304 5784 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:23:51.0309 5784 Tcpip6 - ok
23:23:51.0343 5784 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:23:51.0344 5784 tcpipreg - ok
23:23:51.0372 5784 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:23:51.0373 5784 TDPIPE - ok
23:23:51.0402 5784 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:23:51.0404 5784 TDTCP - ok
23:23:51.0421 5784 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:23:51.0423 5784 tdx - ok
23:23:51.0433 5784 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:23:51.0436 5784 TermDD - ok
23:23:51.0455 5784 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:23:51.0463 5784 TermService - ok
23:23:51.0489 5784 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:23:51.0493 5784 Themes - ok
23:23:51.0504 5784 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:23:51.0506 5784 THREADORDER - ok
23:23:51.0535 5784 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:23:51.0538 5784 TrkWks - ok
23:23:51.0598 5784 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:23:51.0600 5784 TrustedInstaller - ok
23:23:51.0619 5784 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:23:51.0621 5784 tssecsrv - ok
23:23:51.0641 5784 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:23:51.0642 5784 tunmp - ok
23:23:51.0679 5784 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:23:51.0681 5784 tunnel - ok
23:23:51.0706 5784 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:23:51.0708 5784 uagp35 - ok
23:23:51.0747 5784 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:23:51.0751 5784 udfs - ok
23:23:51.0792 5784 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:23:51.0795 5784 UI0Detect - ok
23:23:51.0809 5784 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:23:51.0812 5784 uliagpkx - ok
23:23:51.0843 5784 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:23:51.0847 5784 uliahci - ok
23:23:51.0865 5784 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:23:51.0868 5784 UlSata - ok
23:23:51.0881 5784 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:23:51.0884 5784 ulsata2 - ok
23:23:51.0916 5784 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:23:51.0918 5784 umbus - ok
23:23:52.0024 5784 [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:23:52.0030 5784 UMVPFSrv - ok
23:23:52.0065 5784 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:23:52.0071 5784 upnphost - ok
23:23:52.0112 5784 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:23:52.0114 5784 USBAAPL - ok
23:23:52.0129 5784 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:23:52.0132 5784 usbaudio - ok
23:23:52.0150 5784 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:23:52.0152 5784 usbccgp - ok
23:23:52.0177 5784 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:23:52.0180 5784 usbcir - ok
23:23:52.0212 5784 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:23:52.0213 5784 usbehci - ok
23:23:52.0252 5784 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:23:52.0256 5784 usbhub - ok
23:23:52.0287 5784 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:23:52.0288 5784 usbohci - ok
23:23:52.0300 5784 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:23:52.0302 5784 usbprint - ok
23:23:52.0316 5784 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:23:52.0318 5784 USBSTOR - ok
23:23:52.0334 5784 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:23:52.0336 5784 usbuhci - ok
23:23:52.0369 5784 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:23:52.0373 5784 usbvideo - ok
23:23:52.0406 5784 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:23:52.0409 5784 UxSms - ok
23:23:52.0458 5784 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:23:52.0466 5784 vds - ok
23:23:52.0488 5784 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:23:52.0490 5784 vga - ok
23:23:52.0515 5784 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:23:52.0517 5784 VgaSave - ok
23:23:52.0529 5784 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:23:52.0532 5784 viaagp - ok
23:23:52.0553 5784 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:23:52.0555 5784 ViaC7 - ok
23:23:52.0567 5784 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
23:23:52.0569 5784 viaide - ok
23:23:52.0582 5784 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:23:52.0584 5784 volmgr - ok
23:23:52.0625 5784 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:23:52.0630 5784 volmgrx - ok
23:23:52.0682 5784 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:23:52.0691 5784 volsnap - ok
23:23:52.0722 5784 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:23:52.0725 5784 vsmraid - ok
23:23:52.0779 5784 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:23:52.0821 5784 VSS - ok
23:23:52.0858 5784 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:23:52.0864 5784 W32Time - ok
23:23:52.0883 5784 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:23:52.0904 5784 WacomPen - ok
23:23:52.0934 5784 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:23:52.0936 5784 Wanarp - ok
23:23:52.0941 5784 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:23:52.0942 5784 Wanarpv6 - ok
23:23:52.0983 5784 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:23:52.0991 5784 wcncsvc - ok
23:23:53.0015 5784 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:23:53.0018 5784 WcsPlugInService - ok
23:23:53.0044 5784 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
23:23:53.0046 5784 Wd - ok
23:23:53.0093 5784 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:23:53.0101 5784 Wdf01000 - ok
23:23:53.0128 5784 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:23:53.0132 5784 WdiServiceHost - ok
23:23:53.0137 5784 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:23:53.0140 5784 WdiSystemHost - ok
23:23:53.0180 5784 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:23:53.0185 5784 WebClient - ok
23:23:53.0221 5784 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:23:53.0226 5784 Wecsvc - ok
23:23:53.0253 5784 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:23:53.0255 5784 wercplsupport - ok
23:23:53.0291 5784 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:23:53.0295 5784 WerSvc - ok
23:23:53.0355 5784 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:23:53.0360 5784 WinDefend - ok
23:23:53.0366 5784 WinHttpAutoProxySvc - ok
23:23:53.0414 5784 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:23:53.0417 5784 Winmgmt - ok
23:23:53.0472 5784 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:23:53.0506 5784 WinRM - ok
23:23:53.0561 5784 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:23:53.0569 5784 Wlansvc - ok
23:23:53.0672 5784 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:23:53.0722 5784 wlidsvc - ok
23:23:53.0775 5784 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:23:53.0776 5784 WmiAcpi - ok
23:23:53.0812 5784 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:23:53.0815 5784 wmiApSrv - ok
23:23:53.0872 5784 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:23:53.0884 5784 WMPNetworkSvc - ok
23:23:53.0924 5784 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:23:53.0928 5784 WPCSvc - ok
23:23:53.0970 5784 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:23:53.0973 5784 WPDBusEnum - ok
23:23:54.0009 5784 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:23:54.0012 5784 WpdUsb - ok
23:23:54.0144 5784 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:23:54.0177 5784 WPFFontCache_v0400 - ok
23:23:54.0203 5784 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:23:54.0205 5784 ws2ifsl - ok
23:23:54.0237 5784 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
23:23:54.0240 5784 wscsvc - ok
23:23:54.0245 5784 WSearch - ok
23:23:54.0326 5784 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:23:54.0376 5784 wuauserv - ok
23:23:54.0411 5784 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:23:54.0414 5784 WUDFRd - ok
23:23:54.0436 5784 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:23:54.0439 5784 wudfsvc - ok
23:23:54.0462 5784 ================ Scan global ===============================
23:23:54.0488 5784 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:23:54.0531 5784 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:23:54.0544 5784 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:23:54.0592 5784 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:23:54.0597 5784 [Global] - ok
23:23:54.0598 5784 ================ Scan MBR ==================================
23:23:54.0608 5784 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:23:55.0188 5784 \Device\Harddisk0\DR0 - ok
23:23:55.0189 5784 ================ Scan VBR ==================================
23:23:55.0212 5784 [ 00C32668F7E9AA291F55D902F314B8A2 ] \Device\Harddisk0\DR0\Partition1
23:23:55.0224 5784 \Device\Harddisk0\DR0\Partition1 - ok
23:23:55.0224 5784 ============================================================
23:23:55.0224 5784 Scan finished
23:23:55.0224 5784 ============================================================
23:23:55.0236 1364 Detected object count: 0
23:23:55.0236 1364 Actual detected object count: 0

#5 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 September 2012 - 01:41 AM

ESET Findings to follow:
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-18\$783dd74244c8d08f394d9bd62da9183b\n.vir Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Shafter\AppData\Local\Temp\NOD6423.tmp.vir a variant of Win32/Medfos.DC trojan cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:35 PM

Posted 04 September 2012 - 01:48 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 September 2012 - 02:29 AM

Status Update: No new attacks blocked by Norton Auto-Protect since the MBAM scans! Working on Mini Toolbox. :)

#8 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 September 2012 - 03:25 AM

Mini Toolbox Report to follow:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Shafter (administrator) on 04-09-2012 at 02:22:40
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Shafter-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Linksys Wireless-G PCI Adapter
Physical Address. . . . . . . . . : 00-1A-70-A5-75-A9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::15e8:b377:8:4817%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 04, 2012 2:09:04 AM
Lease Expires . . . . . . . . . . : Friday, October 11, 2148 8:50:58 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 352328304
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-8D-70-6D-00-1F-C6-11-A0-E1
DNS Servers . . . . . . . . . . . : 192.168.2.1
69.145.248.4
69.146.17.2
69.144.49.29
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2
Physical Address. . . . . . . . . : 00-1F-C6-11-AC-98
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : msu.montana.edu
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1F-C6-11-A0-E1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.msu.montana.edu
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:108b:2542:3f57:fdfd(Preferred)
Link-local IPv6 Address . . . . . : fe80::108b:2542:3f57:fdfd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{03B58C7C-DE4F-4F30-9B6A-967F868BCFA9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.98
74.125.224.98



Pinging google.com [74.125.224.103] with 32 bytes of data:

Reply from 74.125.224.103: bytes=32 time=46ms TTL=49

Reply from 74.125.224.103: bytes=32 time=46ms TTL=49



Ping statistics for 74.125.224.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 46ms, Average = 46ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.138.253.109
98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=125ms TTL=48

Reply from 98.139.183.24: bytes=32 time=121ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 121ms, Maximum = 125ms, Average = 123ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=9ms TTL=128

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 9ms, Average = 5ms

===========================================================================
Interface List
14 ...00 1a 70 a5 75 a9 ...... Linksys Wireless-G PCI Adapter
9 ...00 1f c6 11 ac 98 ...... NVIDIA nForce Networking Controller #2
8 ...00 1f c6 11 a0 e1 ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.msu.montana.edu
16 ...00 00 00 00 00 00 00 e0 isatap.Belkin
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{03B58C7C-DE4F-4F30-9B6A-967F868BCFA9}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 281
192.168.2.2 255.255.255.255 On-link 192.168.2.2 281
192.168.2.255 255.255.255.255 On-link 192.168.2.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:108b:2542:3f57:fdfd/128
On-link
14 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::108b:2542:3f57:fdfd/128
On-link
14 281 fe80::15e8:b377:8:4817/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/04/2012 02:11:47 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (09/04/2012 02:09:15 AM) (Source: WinMgmt) (User: )
Description: 0x80004002

Error: (09/03/2012 10:33:43 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (09/03/2012 10:30:55 PM) (Source: WinMgmt) (User: )
Description: 0x80004002

Error: (09/03/2012 07:14:14 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (09/03/2012 07:03:41 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/03/2012 05:48:31 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (09/03/2012 05:47:54 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/03/2012 05:31:19 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (09/03/2012 04:15:20 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e


System errors:
=============
Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue69.144.152.231:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue69.144.133.196:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue69.144.132.59:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue69.144.132.234:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue69.144.130.176:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.2.4:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.2.3:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.2.2:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue169.254.72.23:63331

Error: (09/04/2012 02:08:58 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue169.254.164.177:63331


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player (Version: 11)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.3.127)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 2.0.2.0)
Comoestamos Toolbar (Version: )
ESET Online Scanner v3
Happy Cloud Client (Version: 1.308)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
L&H TTS3000 British English
Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1 (Version: 1.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10516.0)
Microsoft UI Engine (Version: 6.3.2348.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Move Networks Media Player for Internet Explorer
Norton 360 (Version: 6.3.0.14)
Norton Bootable Recovery Tool Wizard (Version: 5.1.0.26)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Origin (Version: 8.4.1.210)
QuickTime (Version: 7.71.80.42)
Sid Meier's Civilization 4 (Version: 1.09)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
System Requirements Lab
The Elder Scrolls V: Skyrim
The Lord of the Rings Online
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VoiceOver Kit (Version: 1.30.128.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Yahoo! Browser Services

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 2045.75 MB
Available physical RAM: 837.36 MB
Total Pagefile: 4330.04 MB
Available Pagefile: 2842.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.02 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:143.67 GB) (Free:44.2 GB) NTFS

========================= Users: ========================================

User accounts for \\SHAFTER-PC

Administrator ASPNET Guest
Shafter UpdatusUser


**** End of log ****

#9 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 September 2012 - 03:28 AM

FSS Report to Follow:
Farbar Service Scanner Version: 06-08-2012
Ran by Shafter (administrator) on 04-09-2012 at 02:27:19
Running from "C:\Users\Shafter\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-04-11 05:11] - [2008-01-19 01:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 September 2012 - 03:46 AM

Adware Cleaner Log to Follow:
# AdwCleaner v2.000 - Logfile created 09/04/2012 at 02:29:40
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Shafter - SHAFTER-PC
# Boot Mode : Normal
# Running from : C:\Users\Shafter\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Comoestamos
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\Users\Shafter\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Shafter\AppData\LocalLow\Comoestamos
Folder Deleted : C:\Users\Shafter\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Shafter\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Shafter\AppData\LocalLow\searchquband

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Comoestamos
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Comoestamos Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFFD3710-4709-4976-B713-AEBE3550AD82}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFFD3710-4709-4976-B713-AEBE3550AD82}
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{790E9A47-C70B-4387-8542-3664F01D13A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFFD3710-4709-4976-B713-AEBE3550AD82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2427995
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\Software\Comoestamos
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFFD3710-4709-4976-B713-AEBE3550AD82}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{790E9A47-C70B-4387-8542-3664F01D13A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Comoestamos Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFFD3710-4709-4976-B713-AEBE3550AD82}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{DFFD3710-4709-4976-B713-AEBE3550AD82}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFFD3710-4709-4976-B713-AEBE3550AD82}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DFFD3710-4709-4976-B713-AEBE3550AD82}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Shafter\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.31] : keyword = "searchqu.com",
Deleted [l.34] : search_url = "hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}",

*************************

AdwCleaner[S1].txt - [5240 octets] - [04/09/2012 02:29:40]

########## EOF - C:\AdwCleaner[S1].txt - [5300 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:35 PM

Posted 04 September 2012 - 03:52 AM

Download

BITS

Launch it,click YES

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#12 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 September 2012 - 04:09 AM

RKILL Log to Follow:
Rkill 2.3.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/04/2012 03:09:04 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/04/2012 03:09:17 AM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:35 PM

Posted 04 September 2012 - 04:10 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 Shafter99

Shafter99
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 September 2012 - 05:05 AM

All problems seem to be resolved! I'm going to have Norton run a full system scan right before I head off to bed for the night, just to be sure! Thank you so much for your help! I sincerely appreciate it! Hope you have a great week!

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:35 PM

Posted 04 September 2012 - 05:10 AM

Hope you have a grt week too :)

safe surfing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users