Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost and TDL4 trojan


  • Please log in to reply
14 replies to this topic

#1 dbb3

dbb3

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 26 September 2012 - 12:17 PM

I want to thank anyone who can help me with the trouble I am having with my laptop.

I have a virus, Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean, infecting my laptop that shows up with my ESET Smart Security.

I also have a Svchost.exe file that pops up all the time causing me to have very high CPU Usage. I delete this file and it still keeps coming back.

Are these 2 problems related to each other or are they two separate issues.

If someone could help me to get rid of these two things I would greatly appreciate it.

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:57 AM

Posted 26 September 2012 - 12:32 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 dbb3

dbb3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 26 September 2012 - 01:33 PM

ok I will post when I get done with the scans. Thank you so much for your help.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:57 AM

Posted 26 September 2012 - 01:35 PM

:thumbup2:

#5 dbb3

dbb3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 26 September 2012 - 08:37 PM

14:36:20.0506 5928 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:36:21.0026 5928 ============================================================
14:36:21.0026 5928 Current date / time: 2012/09/26 14:36:21.0026
14:36:21.0026 5928 SystemInfo:
14:36:21.0026 5928
14:36:21.0026 5928 OS Version: 6.1.7601 ServicePack: 1.0
14:36:21.0026 5928 Product type: Workstation
14:36:21.0026 5928 ComputerName: GIRLSLAPTOP
14:36:21.0026 5928 UserName: girls
14:36:21.0026 5928 Windows directory: C:\windows
14:36:21.0026 5928 System windows directory: C:\windows
14:36:21.0026 5928 Processor architecture: Intel x86
14:36:21.0026 5928 Number of processors: 2
14:36:21.0026 5928 Page size: 0x1000
14:36:21.0026 5928 Boot type: Normal boot
14:36:21.0026 5928 ============================================================
14:36:22.0918 5928 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:36:22.0918 5928 ============================================================
14:36:22.0918 5928 \Device\Harddisk0\DR0:
14:36:22.0918 5928 MBR partitions:
14:36:22.0918 5928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2416A000
14:36:22.0918 5928 ============================================================
14:36:22.0950 5928 C: <-> \Device\Harddisk0\DR0\Partition1
14:36:22.0950 5928 ============================================================
14:36:22.0950 5928 Initialize success
14:36:22.0950 5928 ============================================================
14:36:39.0352 2700 ============================================================
14:36:39.0352 2700 Scan started
14:36:39.0352 2700 Mode: Manual;
14:36:39.0352 2700 ============================================================
14:36:41.0317 2700 ================ Scan system memory ========================
14:36:41.0317 2700 System memory - ok
14:36:41.0317 2700 ================ Scan services =============================
14:36:41.0676 2700 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
14:36:41.0692 2700 1394ohci - ok
14:36:41.0723 2700 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
14:36:41.0738 2700 ACPI - ok
14:36:41.0754 2700 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
14:36:41.0754 2700 AcpiPmi - ok
14:36:41.0879 2700 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:36:41.0879 2700 AdobeARMservice - ok
14:36:41.0957 2700 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:36:41.0957 2700 AdobeFlashPlayerUpdateSvc - ok
14:36:42.0019 2700 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
14:36:42.0019 2700 adp94xx - ok
14:36:42.0050 2700 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
14:36:42.0066 2700 adpahci - ok
14:36:42.0082 2700 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
14:36:42.0082 2700 adpu320 - ok
14:36:42.0222 2700 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
14:36:42.0238 2700 AdvancedSystemCareService5 - ok
14:36:42.0253 2700 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:36:42.0269 2700 AeLookupSvc - ok
14:36:42.0316 2700 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
14:36:42.0331 2700 AFD - ok
14:36:42.0394 2700 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
14:36:42.0456 2700 AgereSoftModem - ok
14:36:42.0487 2700 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
14:36:42.0487 2700 agp440 - ok
14:36:42.0518 2700 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
14:36:42.0518 2700 aic78xx - ok
14:36:42.0550 2700 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
14:36:42.0550 2700 ALG - ok
14:36:42.0581 2700 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
14:36:42.0581 2700 aliide - ok
14:36:42.0612 2700 [ 0BC6704F6FB4C63CDCB85401E8263A1B ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
14:36:42.0612 2700 AMD External Events Utility - ok
14:36:42.0643 2700 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
14:36:42.0643 2700 amdagp - ok
14:36:42.0674 2700 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
14:36:42.0674 2700 amdide - ok
14:36:42.0690 2700 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
14:36:42.0690 2700 AmdK8 - ok
14:36:42.0706 2700 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
14:36:42.0737 2700 AmdPPM - ok
14:36:42.0768 2700 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
14:36:42.0768 2700 amdsata - ok
14:36:42.0815 2700 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
14:36:42.0815 2700 amdsbs - ok
14:36:42.0830 2700 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
14:36:42.0846 2700 amdxata - ok
14:36:42.0877 2700 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
14:36:42.0877 2700 AppID - ok
14:36:42.0908 2700 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
14:36:42.0908 2700 AppIDSvc - ok
14:36:42.0955 2700 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
14:36:42.0955 2700 Appinfo - ok
14:36:43.0002 2700 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
14:36:43.0002 2700 arc - ok
14:36:43.0033 2700 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
14:36:43.0033 2700 arcsas - ok
14:36:43.0158 2700 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:36:43.0158 2700 aspnet_state - ok
14:36:43.0174 2700 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:36:43.0205 2700 AsyncMac - ok
14:36:43.0236 2700 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
14:36:43.0236 2700 atapi - ok
14:36:43.0298 2700 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\windows\system32\DRIVERS\athr.sys
14:36:43.0376 2700 athr - ok
14:36:43.0532 2700 [ C97BE8350FBCB1960B22FAD2E6C2B514 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
14:36:43.0657 2700 atikmdag - ok
14:36:43.0673 2700 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
14:36:43.0688 2700 AtiPcie - ok
14:36:43.0735 2700 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:36:43.0735 2700 AudioEndpointBuilder - ok
14:36:43.0751 2700 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
14:36:43.0751 2700 Audiosrv - ok
14:36:43.0798 2700 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
14:36:43.0798 2700 AxInstSV - ok
14:36:43.0844 2700 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
14:36:43.0844 2700 b06bdrv - ok
14:36:43.0860 2700 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
14:36:43.0891 2700 b57nd60x - ok
14:36:43.0954 2700 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
14:36:43.0969 2700 BBSvc - ok
14:36:44.0000 2700 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
14:36:44.0000 2700 BBUpdate - ok
14:36:44.0032 2700 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
14:36:44.0047 2700 BDESVC - ok
14:36:44.0063 2700 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
14:36:44.0063 2700 Beep - ok
14:36:44.0110 2700 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
14:36:44.0110 2700 BFE - ok
14:36:44.0188 2700 [ 1B63F2B7CA6B5290CC124CDD07520BC9 ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
14:36:44.0188 2700 BingDesktopUpdate - ok
14:36:44.0250 2700 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
14:36:44.0266 2700 BITS - ok
14:36:44.0281 2700 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
14:36:44.0312 2700 blbdrive - ok
14:36:44.0344 2700 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:36:44.0359 2700 bowser - ok
14:36:44.0390 2700 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
14:36:44.0406 2700 BrFiltLo - ok
14:36:44.0437 2700 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
14:36:44.0437 2700 BrFiltUp - ok
14:36:44.0468 2700 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
14:36:44.0468 2700 Browser - ok
14:36:44.0484 2700 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
14:36:44.0484 2700 Brserid - ok
14:36:44.0500 2700 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
14:36:44.0500 2700 BrSerWdm - ok
14:36:44.0531 2700 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
14:36:44.0531 2700 BrUsbMdm - ok
14:36:44.0546 2700 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
14:36:44.0546 2700 BrUsbSer - ok
14:36:44.0578 2700 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
14:36:44.0578 2700 BTHMODEM - ok
14:36:44.0640 2700 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
14:36:44.0656 2700 bthserv - ok
14:36:44.0687 2700 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:36:44.0702 2700 cdfs - ok
14:36:44.0749 2700 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
14:36:44.0749 2700 cdrom - ok
14:36:44.0780 2700 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
14:36:44.0780 2700 CertPropSvc - ok
14:36:44.0874 2700 [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
14:36:44.0874 2700 cfWiMAXService - ok
14:36:44.0905 2700 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
14:36:44.0905 2700 circlass - ok
14:36:44.0952 2700 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
14:36:44.0968 2700 CLFS - ok
14:36:45.0014 2700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:36:45.0014 2700 clr_optimization_v2.0.50727_32 - ok
14:36:45.0061 2700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:36:45.0061 2700 clr_optimization_v4.0.30319_32 - ok
14:36:45.0092 2700 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
14:36:45.0108 2700 CmBatt - ok
14:36:45.0155 2700 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
14:36:45.0155 2700 cmdide - ok
14:36:45.0202 2700 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
14:36:45.0233 2700 CNG - ok
14:36:45.0248 2700 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
14:36:45.0264 2700 Compbatt - ok
14:36:45.0295 2700 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
14:36:45.0295 2700 CompositeBus - ok
14:36:45.0295 2700 COMSysApp - ok
14:36:45.0326 2700 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:36:45.0326 2700 ConfigFree Service - ok
14:36:45.0342 2700 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
14:36:45.0342 2700 crcdisk - ok
14:36:45.0373 2700 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\windows\system32\cryptsvc.dll
14:36:45.0373 2700 CryptSvc - ok
14:36:45.0436 2700 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
14:36:45.0436 2700 DcomLaunch - ok
14:36:45.0467 2700 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
14:36:45.0467 2700 defragsvc - ok
14:36:45.0514 2700 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
14:36:45.0560 2700 DfsC - ok
14:36:45.0576 2700 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
14:36:45.0592 2700 Dhcp - ok
14:36:45.0607 2700 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
14:36:45.0638 2700 discache - ok
14:36:45.0654 2700 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
14:36:45.0670 2700 Disk - ok
14:36:45.0701 2700 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
14:36:45.0701 2700 Dnscache - ok
14:36:45.0748 2700 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
14:36:45.0748 2700 dot3svc - ok
14:36:45.0779 2700 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
14:36:45.0779 2700 DPS - ok
14:36:45.0794 2700 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:36:45.0826 2700 drmkaud - ok
14:36:45.0872 2700 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:36:45.0888 2700 DXGKrnl - ok
14:36:45.0935 2700 [ 8A45015E85A4DCE0086B9973F0FD9A20 ] eamonm C:\windows\system32\DRIVERS\eamonm.sys
14:36:45.0966 2700 eamonm - ok
14:36:45.0997 2700 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
14:36:45.0997 2700 EapHost - ok
14:36:46.0091 2700 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
14:36:46.0184 2700 ebdrv - ok
14:36:46.0216 2700 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
14:36:46.0231 2700 EFS - ok
14:36:46.0278 2700 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\windows\system32\DRIVERS\ehdrv.sys
14:36:46.0294 2700 ehdrv - ok
14:36:46.0372 2700 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
14:36:46.0387 2700 ehRecvr - ok
14:36:46.0450 2700 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
14:36:46.0450 2700 ehSched - ok
14:36:46.0559 2700 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
14:36:46.0574 2700 ekrn - ok
14:36:46.0621 2700 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
14:36:46.0637 2700 elxstor - ok
14:36:46.0699 2700 [ 774BABCB1144513DC86992003740B774 ] epfw C:\windows\system32\DRIVERS\epfw.sys
14:36:46.0699 2700 epfw - ok
14:36:46.0715 2700 [ 2C22CC39309EE06AE870C183BF2A769D ] EpfwLWF C:\windows\system32\DRIVERS\EpfwLWF.sys
14:36:46.0746 2700 EpfwLWF - ok
14:36:46.0777 2700 [ 2B4E5F01A4E786B422F4D617B51FA7D9 ] epfwwfp C:\windows\system32\DRIVERS\epfwwfp.sys
14:36:46.0793 2700 epfwwfp - ok
14:36:46.0840 2700 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
14:36:46.0840 2700 ErrDev - ok
14:36:46.0886 2700 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
14:36:46.0886 2700 EventSystem - ok
14:36:46.0902 2700 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
14:36:46.0902 2700 exfat - ok
14:36:46.0933 2700 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
14:36:46.0933 2700 fastfat - ok
14:36:46.0980 2700 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
14:36:46.0980 2700 Fax - ok
14:36:46.0996 2700 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
14:36:47.0011 2700 fdc - ok
14:36:47.0042 2700 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
14:36:47.0042 2700 fdPHost - ok
14:36:47.0058 2700 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
14:36:47.0058 2700 FDResPub - ok
14:36:47.0105 2700 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:36:47.0136 2700 FileInfo - ok
14:36:47.0136 2700 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:36:47.0152 2700 Filetrace - ok
14:36:47.0167 2700 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
14:36:47.0167 2700 flpydisk - ok
14:36:47.0183 2700 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:36:48.0478 2700 FltMgr - ok
14:36:48.0540 2700 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
14:36:48.0540 2700 FontCache - ok
14:36:48.0602 2700 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:36:48.0602 2700 FontCache3.0.0.0 - ok
14:36:48.0649 2700 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
14:36:48.0696 2700 FsDepends - ok
14:36:48.0727 2700 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:36:48.0727 2700 Fs_Rec - ok
14:36:48.0790 2700 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
14:36:48.0852 2700 fvevol - ok
14:36:48.0868 2700 [ 0F76E205BDC60364F08A5949082771CA ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
14:36:48.0883 2700 FwLnk - ok
14:36:48.0930 2700 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
14:36:48.0930 2700 gagp30kx - ok
14:36:48.0977 2700 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
14:36:48.0992 2700 GamesAppService - ok
14:36:49.0024 2700 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
14:36:49.0039 2700 gpsvc - ok
14:36:49.0133 2700 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:36:49.0148 2700 gupdate - ok
14:36:49.0148 2700 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:36:49.0148 2700 gupdatem - ok
14:36:49.0226 2700 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:36:49.0226 2700 gusvc - ok
14:36:49.0258 2700 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
14:36:49.0273 2700 hcw85cir - ok
14:36:49.0304 2700 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:36:49.0304 2700 HdAudAddService - ok
14:36:49.0336 2700 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
14:36:49.0336 2700 HDAudBus - ok
14:36:49.0351 2700 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
14:36:49.0367 2700 HidBatt - ok
14:36:49.0382 2700 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
14:36:49.0382 2700 HidBth - ok
14:36:49.0398 2700 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
14:36:49.0398 2700 HidIr - ok
14:36:49.0429 2700 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
14:36:49.0429 2700 hidserv - ok
14:36:49.0445 2700 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\drivers\hidusb.sys
14:36:49.0445 2700 HidUsb - ok
14:36:49.0476 2700 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
14:36:49.0476 2700 hkmsvc - ok
14:36:49.0523 2700 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:36:49.0523 2700 HomeGroupListener - ok
14:36:49.0570 2700 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:36:49.0570 2700 HomeGroupProvider - ok
14:36:49.0601 2700 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
14:36:49.0601 2700 HpSAMD - ok
14:36:49.0648 2700 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
14:36:49.0679 2700 HTTP - ok
14:36:49.0726 2700 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
14:36:49.0741 2700 hwpolicy - ok
14:36:49.0772 2700 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
14:36:49.0772 2700 i8042prt - ok
14:36:49.0819 2700 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
14:36:49.0819 2700 iaStorV - ok
14:36:49.0882 2700 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:36:49.0897 2700 idsvc - ok
14:36:49.0944 2700 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
14:36:49.0944 2700 iirsp - ok
14:36:50.0022 2700 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
14:36:50.0022 2700 IKEEXT - ok
14:36:50.0131 2700 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
14:36:50.0162 2700 IntcAzAudAddService - ok
14:36:50.0194 2700 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
14:36:50.0194 2700 intelide - ok
14:36:50.0225 2700 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
14:36:50.0225 2700 intelppm - ok
14:36:50.0256 2700 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
14:36:50.0256 2700 IPBusEnum - ok
14:36:50.0272 2700 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:36:50.0303 2700 IpFilterDriver - ok
14:36:50.0350 2700 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
14:36:50.0350 2700 iphlpsvc - ok
14:36:50.0381 2700 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
14:36:50.0381 2700 IPMIDRV - ok
14:36:50.0412 2700 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
14:36:50.0443 2700 IPNAT - ok
14:36:50.0459 2700 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
14:36:50.0474 2700 IRENUM - ok
14:36:50.0506 2700 IS360service - ok
14:36:50.0521 2700 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
14:36:50.0521 2700 isapnp - ok
14:36:50.0599 2700 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
14:36:50.0599 2700 iScsiPrt - ok
14:36:50.0615 2700 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
14:36:50.0630 2700 kbdclass - ok
14:36:50.0646 2700 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
14:36:50.0646 2700 kbdhid - ok
14:36:50.0662 2700 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
14:36:50.0662 2700 KeyIso - ok
14:36:50.0708 2700 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:36:50.0708 2700 KSecDD - ok
14:36:50.0755 2700 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
14:36:50.0786 2700 KSecPkg - ok
14:36:50.0818 2700 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
14:36:50.0818 2700 KtmRm - ok
14:36:50.0849 2700 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
14:36:50.0849 2700 LanmanServer - ok
14:36:50.0880 2700 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:36:50.0880 2700 LanmanWorkstation - ok
14:36:50.0927 2700 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:36:50.0942 2700 lltdio - ok
14:36:50.0989 2700 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
14:36:50.0989 2700 lltdsvc - ok
14:36:50.0989 2700 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
14:36:51.0005 2700 lmhosts - ok
14:36:51.0020 2700 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
14:36:51.0020 2700 LSI_FC - ok
14:36:51.0052 2700 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
14:36:51.0052 2700 LSI_SAS - ok
14:36:51.0067 2700 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
14:36:51.0067 2700 LSI_SAS2 - ok
14:36:51.0083 2700 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
14:36:51.0083 2700 LSI_SCSI - ok
14:36:51.0098 2700 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
14:36:51.0098 2700 luafv - ok
14:36:51.0130 2700 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
14:36:51.0130 2700 Mcx2Svc - ok
14:36:51.0176 2700 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
14:36:51.0176 2700 megasas - ok
14:36:51.0176 2700 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
14:36:51.0176 2700 MegaSR - ok
14:36:51.0208 2700 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
14:36:51.0208 2700 MMCSS - ok
14:36:51.0223 2700 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
14:36:51.0239 2700 Modem - ok
14:36:51.0254 2700 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:36:51.0286 2700 monitor - ok
14:36:51.0301 2700 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\drivers\mouclass.sys
14:36:51.0301 2700 mouclass - ok
14:36:51.0317 2700 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
14:36:51.0332 2700 mouhid - ok
14:36:51.0379 2700 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
14:36:51.0395 2700 mountmgr - ok
14:36:51.0426 2700 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:36:51.0426 2700 MozillaMaintenance - ok
14:36:51.0457 2700 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
14:36:51.0457 2700 mpio - ok
14:36:51.0504 2700 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:36:51.0520 2700 mpsdrv - ok
14:36:51.0582 2700 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
14:36:51.0629 2700 MpsSvc - ok
14:36:51.0722 2700 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:36:51.0722 2700 MRxDAV - ok
14:36:51.0785 2700 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:36:51.0832 2700 mrxsmb - ok
14:36:51.0878 2700 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:36:51.0894 2700 mrxsmb10 - ok
14:36:51.0910 2700 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:36:51.0941 2700 mrxsmb20 - ok
14:36:51.0972 2700 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
14:36:51.0988 2700 msahci - ok
14:36:52.0019 2700 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
14:36:52.0019 2700 msdsm - ok
14:36:52.0050 2700 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
14:36:52.0050 2700 MSDTC - ok
14:36:52.0081 2700 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
14:36:52.0081 2700 Msfs - ok
14:36:52.0081 2700 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
14:36:52.0081 2700 mshidkmdf - ok
14:36:52.0097 2700 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
14:36:52.0128 2700 msisadrv - ok
14:36:52.0144 2700 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:36:52.0144 2700 MSiSCSI - ok
14:36:52.0144 2700 msiserver - ok
14:36:52.0159 2700 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:36:52.0159 2700 MSKSSRV - ok
14:36:52.0190 2700 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:36:52.0206 2700 MSPCLOCK - ok
14:36:52.0222 2700 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:36:52.0222 2700 MSPQM - ok
14:36:52.0237 2700 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:36:52.0253 2700 MsRPC - ok
14:36:52.0284 2700 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
14:36:52.0284 2700 mssmbios - ok
14:36:52.0315 2700 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:36:52.0331 2700 MSTEE - ok
14:36:52.0346 2700 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
14:36:52.0346 2700 MTConfig - ok
14:36:52.0362 2700 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
14:36:52.0362 2700 Mup - ok
14:36:52.0424 2700 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
14:36:52.0424 2700 napagent - ok
14:36:52.0440 2700 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:36:52.0471 2700 NativeWifiP - ok
14:36:52.0502 2700 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
14:36:52.0534 2700 NDIS - ok
14:36:52.0565 2700 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
14:36:52.0580 2700 NdisCap - ok
14:36:52.0596 2700 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:36:52.0612 2700 NdisTapi - ok
14:36:52.0627 2700 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:36:52.0643 2700 Ndisuio - ok
14:36:52.0690 2700 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:36:52.0705 2700 NdisWan - ok
14:36:52.0752 2700 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:36:52.0752 2700 NDProxy - ok
14:36:52.0768 2700 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:36:52.0799 2700 NetBIOS - ok
14:36:52.0830 2700 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
14:36:52.0846 2700 NetBT - ok
14:36:52.0861 2700 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
14:36:52.0861 2700 Netlogon - ok
14:36:52.0892 2700 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
14:36:52.0892 2700 Netman - ok
14:36:52.0924 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:36:52.0939 2700 NetMsmqActivator - ok
14:36:52.0939 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:36:52.0939 2700 NetPipeActivator - ok
14:36:52.0970 2700 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
14:36:52.0970 2700 netprofm - ok
14:36:52.0970 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:36:52.0970 2700 NetTcpActivator - ok
14:36:52.0986 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:36:52.0986 2700 NetTcpPortSharing - ok
14:36:53.0002 2700 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
14:36:53.0017 2700 nfrd960 - ok
14:36:53.0048 2700 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\windows\System32\nlasvc.dll
14:36:53.0048 2700 NlaSvc - ok
14:36:53.0064 2700 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
14:36:53.0064 2700 Npfs - ok
14:36:53.0095 2700 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
14:36:53.0095 2700 nsi - ok
14:36:53.0095 2700 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:36:53.0111 2700 nsiproxy - ok
14:36:53.0173 2700 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:36:53.0173 2700 Ntfs - ok
14:36:53.0204 2700 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
14:36:53.0204 2700 Null - ok
14:36:53.0236 2700 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
14:36:53.0251 2700 nvraid - ok
14:36:53.0267 2700 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
14:36:53.0267 2700 nvstor - ok
14:36:53.0282 2700 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
14:36:53.0298 2700 nv_agp - ok
14:36:53.0376 2700 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:36:53.0392 2700 odserv - ok
14:36:53.0423 2700 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
14:36:53.0423 2700 ohci1394 - ok
14:36:53.0470 2700 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:36:53.0485 2700 ose - ok
14:36:53.0641 2700 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:36:53.0672 2700 osppsvc - ok
14:36:53.0704 2700 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
14:36:53.0704 2700 p2pimsvc - ok
14:36:53.0750 2700 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
14:36:53.0750 2700 p2psvc - ok
14:36:53.0782 2700 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
14:36:53.0782 2700 Parport - ok
14:36:53.0828 2700 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
14:36:53.0891 2700 partmgr - ok
14:36:53.0906 2700 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
14:36:53.0906 2700 Parvdm - ok
14:36:53.0922 2700 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
14:36:53.0922 2700 PcaSvc - ok
14:36:53.0938 2700 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
14:36:53.0953 2700 pci - ok
14:36:53.0969 2700 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
14:36:53.0984 2700 pciide - ok
14:36:54.0016 2700 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
14:36:54.0016 2700 pcmcia - ok
14:36:54.0031 2700 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
14:36:54.0047 2700 pcw - ok
14:36:54.0094 2700 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:36:54.0109 2700 PEAUTH - ok
14:36:54.0172 2700 [ 1B5011DD8D57F53AED31FF0F7D635802 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
14:36:54.0172 2700 PGEffect - ok
14:36:54.0250 2700 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
14:36:54.0265 2700 pla - ok
14:36:54.0296 2700 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:36:54.0312 2700 PlugPlay - ok
14:36:54.0328 2700 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
14:36:54.0328 2700 PNRPAutoReg - ok
14:36:54.0343 2700 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
14:36:54.0359 2700 PNRPsvc - ok
14:36:54.0390 2700 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:36:54.0406 2700 PolicyAgent - ok
14:36:54.0468 2700 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
14:36:54.0468 2700 Power - ok
14:36:54.0515 2700 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:36:54.0562 2700 PptpMiniport - ok
14:36:54.0593 2700 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
14:36:54.0593 2700 Processor - ok
14:36:54.0624 2700 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
14:36:54.0640 2700 ProfSvc - ok
14:36:54.0640 2700 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
14:36:54.0640 2700 ProtectedStorage - ok
14:36:54.0671 2700 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
14:36:54.0686 2700 Psched - ok
14:36:54.0733 2700 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
14:36:54.0749 2700 ql2300 - ok
14:36:54.0764 2700 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
14:36:54.0780 2700 ql40xx - ok
14:36:54.0811 2700 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
14:36:54.0811 2700 QWAVE - ok
14:36:54.0827 2700 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:36:54.0827 2700 QWAVEdrv - ok
14:36:54.0858 2700 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:36:54.0874 2700 RasAcd - ok
14:36:54.0905 2700 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
14:36:54.0920 2700 RasAgileVpn - ok
14:36:54.0952 2700 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
14:36:54.0952 2700 RasAuto - ok
14:36:54.0967 2700 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:36:54.0998 2700 Rasl2tp - ok
14:36:55.0030 2700 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
14:36:55.0045 2700 RasMan - ok
14:36:55.0061 2700 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:36:55.0076 2700 RasPppoe - ok
14:36:55.0076 2700 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:36:55.0108 2700 RasSstp - ok
14:36:55.0123 2700 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:36:55.0170 2700 rdbss - ok
14:36:55.0186 2700 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
14:36:55.0186 2700 rdpbus - ok
14:36:55.0217 2700 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
14:36:55.0232 2700 RDPCDD - ok
14:36:55.0248 2700 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
14:36:55.0264 2700 RDPENCDD - ok
14:36:55.0279 2700 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
14:36:55.0295 2700 RDPREFMP - ok
14:36:55.0342 2700 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:36:55.0342 2700 RDPWD - ok
14:36:55.0388 2700 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
14:36:55.0435 2700 rdyboost - ok
14:36:55.0466 2700 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
14:36:55.0466 2700 RemoteAccess - ok
14:36:55.0498 2700 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
14:36:55.0498 2700 RemoteRegistry - ok
14:36:55.0513 2700 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
14:36:55.0513 2700 RpcEptMapper - ok
14:36:55.0529 2700 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
14:36:55.0529 2700 RpcLocator - ok
14:36:55.0544 2700 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
14:36:55.0560 2700 RpcSs - ok
14:36:55.0576 2700 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:36:55.0622 2700 rspndr - ok
14:36:55.0622 2700 RSUSBSTOR - ok
14:36:55.0654 2700 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
14:36:55.0669 2700 RTL8167 - ok
14:36:55.0732 2700 [ 8327C64E9A4D052339C16499D08F7D6C ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
14:36:55.0778 2700 rtl8192se - ok
14:36:55.0794 2700 RtsUIR - ok
14:36:55.0794 2700 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
14:36:55.0794 2700 SamSs - ok
14:36:55.0825 2700 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
14:36:55.0825 2700 sbp2port - ok
14:36:55.0856 2700 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
14:36:55.0856 2700 SCardSvr - ok
14:36:55.0888 2700 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
14:36:55.0888 2700 scfilter - ok
14:36:55.0934 2700 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
14:36:55.0934 2700 Schedule - ok
14:36:55.0950 2700 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
14:36:55.0950 2700 SCPolicySvc - ok
14:36:55.0981 2700 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
14:36:55.0981 2700 SDRSVC - ok
14:36:56.0012 2700 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
14:36:56.0012 2700 secdrv - ok
14:36:56.0044 2700 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
14:36:56.0044 2700 seclogon - ok
14:36:56.0059 2700 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
14:36:56.0059 2700 SENS - ok
14:36:56.0075 2700 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
14:36:56.0075 2700 SensrSvc - ok
14:36:56.0090 2700 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
14:36:56.0090 2700 Serenum - ok
14:36:56.0106 2700 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
14:36:56.0106 2700 Serial - ok
14:36:56.0153 2700 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
14:36:56.0153 2700 sermouse - ok
14:36:56.0200 2700 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
14:36:56.0200 2700 SessionEnv - ok
14:36:56.0231 2700 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
14:36:56.0231 2700 sffdisk - ok
14:36:56.0262 2700 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
14:36:56.0262 2700 sffp_mmc - ok
14:36:56.0293 2700 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
14:36:56.0293 2700 sffp_sd - ok
14:36:56.0324 2700 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
14:36:56.0371 2700 sfloppy - ok
14:36:56.0449 2700 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
14:36:56.0465 2700 SharedAccess - ok
14:36:56.0512 2700 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:36:56.0527 2700 ShellHWDetection - ok
14:36:56.0558 2700 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
14:36:56.0558 2700 sisagp - ok
14:36:56.0605 2700 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
14:36:56.0605 2700 SiSRaid2 - ok
14:36:56.0621 2700 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
14:36:56.0621 2700 SiSRaid4 - ok
14:36:56.0683 2700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:36:56.0683 2700 SkypeUpdate - ok
14:36:56.0714 2700 [ BF302072DC8374CF4E118FD88AA817A2 ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys
14:36:56.0761 2700 SmartDefragDriver - ok
14:36:56.0777 2700 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
14:36:56.0792 2700 Smb - ok
14:36:56.0824 2700 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:36:56.0824 2700 SNMPTRAP - ok
14:36:56.0855 2700 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
14:36:56.0870 2700 spldr - ok
14:36:56.0917 2700 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
14:36:56.0917 2700 Spooler - ok
14:36:57.0058 2700 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
14:36:57.0073 2700 sppsvc - ok
14:36:57.0120 2700 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
14:36:57.0120 2700 sppuinotify - ok
14:36:57.0182 2700 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
14:36:57.0245 2700 srv - ok
14:36:57.0354 2700 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:36:57.0416 2700 srv2 - ok
14:36:57.0448 2700 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:36:57.0479 2700 srvnet - ok
14:36:57.0510 2700 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:36:57.0510 2700 SSDPSRV - ok
14:36:57.0526 2700 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
14:36:57.0541 2700 SstpSvc - ok
14:36:57.0557 2700 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
14:36:57.0557 2700 stexstor - ok
14:36:57.0604 2700 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
14:36:57.0619 2700 StiSvc - ok
14:36:57.0650 2700 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
14:36:57.0650 2700 swenum - ok
14:36:57.0682 2700 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
14:36:57.0697 2700 swprv - ok
14:36:57.0728 2700 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
14:36:57.0728 2700 SynTP - ok
14:36:57.0791 2700 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
14:36:57.0822 2700 SysMain - ok
14:36:57.0853 2700 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
14:36:57.0869 2700 TabletInputService - ok
14:36:57.0900 2700 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
14:36:57.0916 2700 TapiSrv - ok
14:36:57.0947 2700 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
14:36:57.0962 2700 TBS - ok
14:36:58.0009 2700 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:36:58.0056 2700 Tcpip - ok
14:36:58.0072 2700 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
14:36:58.0087 2700 TCPIP6 - ok
14:36:58.0118 2700 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:36:58.0150 2700 tcpipreg - ok
14:36:58.0165 2700 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
14:36:58.0181 2700 tdcmdpst - ok
14:36:58.0212 2700 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
14:36:58.0259 2700 TDPIPE - ok
14:36:58.0274 2700 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
14:36:58.0306 2700 TDTCP - ok
14:36:58.0321 2700 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:36:58.0352 2700 tdx - ok
14:36:58.0384 2700 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
14:36:58.0384 2700 TermDD - ok
14:36:58.0446 2700 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
14:36:58.0462 2700 TermService - ok
14:36:58.0477 2700 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
14:36:58.0493 2700 Themes - ok
14:36:58.0508 2700 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
14:36:58.0508 2700 THREADORDER - ok
14:36:58.0555 2700 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:36:58.0555 2700 TMachInfo - ok
14:36:58.0586 2700 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\Windows\system32\TODDSrv.exe
14:36:58.0602 2700 TODDSrv - ok
14:36:58.0649 2700 [ 66C35016E01746715F8F606A9F081BF9 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:36:58.0664 2700 TosCoSrv - ok
14:36:58.0696 2700 [ 0B5FA26E0C8A8E07A6DF3DF4E5711DA8 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:36:58.0711 2700 TOSHIBA eco Utility Service - ok
14:36:58.0727 2700 [ 67C1DA40D78C92622081A3E780C926B2 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:36:58.0727 2700 TOSHIBA HDD SSD Alert Service - ok
14:36:58.0774 2700 [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32 C:\windows\system32\DRIVERS\tos_sps32.sys
14:36:58.0805 2700 tos_sps32 - ok
14:36:58.0852 2700 [ 31D2881B0647F2B09B118B9B50C02888 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
14:36:58.0867 2700 TPCHSrv - ok
14:36:58.0898 2700 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
14:36:58.0898 2700 TrkWks - ok
14:36:58.0961 2700 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:36:58.0961 2700 TrustedInstaller - ok
14:36:58.0992 2700 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
14:36:59.0054 2700 tssecsrv - ok
14:36:59.0101 2700 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
14:36:59.0117 2700 TsUsbFlt - ok
14:36:59.0148 2700 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:36:59.0164 2700 tunnel - ok
14:36:59.0195 2700 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
14:36:59.0210 2700 TVALZ - ok
14:36:59.0226 2700 [ 866462F5AE3F375EF83EF9DCE436031C ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
14:36:59.0242 2700 TVALZFL - ok
14:36:59.0273 2700 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
14:36:59.0273 2700 uagp35 - ok
14:36:59.0304 2700 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:36:59.0335 2700 udfs - ok
14:36:59.0366 2700 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
14:36:59.0366 2700 UI0Detect - ok
14:36:59.0398 2700 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
14:36:59.0398 2700 uliagpkx - ok
14:36:59.0413 2700 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
14:36:59.0413 2700 umbus - ok
14:36:59.0429 2700 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
14:36:59.0429 2700 UmPass - ok
14:36:59.0444 2700 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
14:36:59.0444 2700 upnphost - ok
14:36:59.0476 2700 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys
14:36:59.0491 2700 usbaudio - ok
14:36:59.0507 2700 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
14:36:59.0554 2700 usbccgp - ok
14:36:59.0554 2700 USBCCID - ok
14:36:59.0569 2700 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
14:36:59.0569 2700 usbcir - ok
14:36:59.0585 2700 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
14:36:59.0616 2700 usbehci - ok
14:36:59.0632 2700 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
14:36:59.0647 2700 usbhub - ok
14:36:59.0663 2700 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
14:36:59.0678 2700 usbohci - ok
14:36:59.0710 2700 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
14:36:59.0710 2700 usbprint - ok
14:36:59.0741 2700 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
14:36:59.0741 2700 USBSTOR - ok
14:36:59.0788 2700 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
14:36:59.0788 2700 usbuhci - ok
14:36:59.0819 2700 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
14:36:59.0819 2700 usbvideo - ok
14:36:59.0834 2700 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
14:36:59.0834 2700 UxSms - ok
14:36:59.0850 2700 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
14:36:59.0850 2700 VaultSvc - ok
14:36:59.0866 2700 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
14:36:59.0897 2700 vdrvroot - ok
14:36:59.0928 2700 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
14:36:59.0928 2700 vds - ok
14:36:59.0959 2700 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
14:36:59.0975 2700 vga - ok
14:36:59.0990 2700 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
14:36:59.0990 2700 VgaSave - ok
14:37:00.0022 2700 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
14:37:00.0037 2700 vhdmp - ok
14:37:00.0053 2700 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
14:37:00.0068 2700 viaagp - ok
14:37:00.0084 2700 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
14:37:00.0084 2700 ViaC7 - ok
14:37:00.0100 2700 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
14:37:00.0100 2700 viaide - ok
14:37:00.0131 2700 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
14:37:00.0178 2700 volmgr - ok
14:37:00.0209 2700 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:37:00.0240 2700 volmgrx - ok
14:37:00.0256 2700 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
14:37:00.0287 2700 volsnap - ok
14:37:00.0302 2700 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
14:37:00.0302 2700 vsmraid - ok
14:37:00.0349 2700 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
14:37:00.0365 2700 VSS - ok
14:37:00.0380 2700 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
14:37:00.0396 2700 vwifibus - ok
14:37:00.0412 2700 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
14:37:00.0443 2700 vwififlt - ok
14:37:00.0458 2700 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
14:37:00.0474 2700 vwifimp - ok
14:37:00.0521 2700 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
14:37:00.0521 2700 W32Time - ok
14:37:00.0536 2700 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
14:37:00.0552 2700 WacomPen - ok
14:37:00.0568 2700 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
14:37:00.0583 2700 WANARP - ok
14:37:00.0583 2700 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:37:00.0583 2700 Wanarpv6 - ok
14:37:00.0646 2700 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
14:37:00.0661 2700 WatAdminSvc - ok
14:37:00.0724 2700 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
14:37:00.0755 2700 wbengine - ok
14:37:00.0786 2700 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
14:37:00.0786 2700 WbioSrvc - ok
14:37:00.0833 2700 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
14:37:00.0833 2700 wcncsvc - ok
14:37:00.0848 2700 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:37:00.0848 2700 WcsPlugInService - ok
14:37:00.0880 2700 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
14:37:00.0880 2700 Wd - ok
14:37:00.0911 2700 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:37:00.0942 2700 Wdf01000 - ok
14:37:00.0973 2700 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
14:37:00.0973 2700 WdiServiceHost - ok
14:37:00.0973 2700 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
14:37:00.0973 2700 WdiSystemHost - ok
14:37:01.0020 2700 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
14:37:01.0020 2700 WebClient - ok
14:37:01.0036 2700 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
14:37:01.0036 2700 Wecsvc - ok
14:37:01.0051 2700 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
14:37:01.0051 2700 wercplsupport - ok
14:37:01.0067 2700 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
14:37:01.0067 2700 WerSvc - ok
14:37:01.0082 2700 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
14:37:01.0098 2700 WfpLwf - ok
14:37:01.0129 2700 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
14:37:01.0145 2700 WIMMount - ok
14:37:01.0207 2700 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:37:01.0223 2700 WinDefend - ok
14:37:01.0238 2700 WinHttpAutoProxySvc - ok
14:37:01.0285 2700 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:37:01.0285 2700 Winmgmt - ok
14:37:01.0348 2700 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
14:37:01.0379 2700 WinRM - ok
14:37:01.0426 2700 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
14:37:01.0426 2700 WinUsb - ok
14:37:01.0488 2700 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
14:37:01.0504 2700 Wlansvc - ok
14:37:01.0613 2700 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:37:01.0644 2700 wlidsvc - ok
14:37:01.0675 2700 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
14:37:01.0675 2700 WmiAcpi - ok
14:37:01.0722 2700 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:37:01.0722 2700 wmiApSrv - ok
14:37:01.0800 2700 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:37:01.0816 2700 WMPNetworkSvc - ok
14:37:01.0847 2700 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
14:37:01.0847 2700 WPCSvc - ok
14:37:01.0878 2700 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:37:01.0878 2700 WPDBusEnum - ok
14:37:01.0894 2700 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:37:01.0909 2700 ws2ifsl - ok
14:37:01.0925 2700 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
14:37:01.0925 2700 wscsvc - ok
14:37:01.0940 2700 WSearch - ok
14:37:02.0018 2700 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
14:37:02.0034 2700 wuauserv - ok
14:37:02.0050 2700 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:37:02.0081 2700 WudfPf - ok
14:37:02.0112 2700 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
14:37:02.0112 2700 WUDFRd - ok
14:37:02.0128 2700 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:37:02.0128 2700 wudfsvc - ok
14:37:02.0159 2700 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
14:37:02.0174 2700 WwanSvc - ok
14:37:02.0252 2700 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:37:02.0268 2700 YahooAUService - ok
14:37:02.0284 2700 ================ Scan global ===============================
14:37:02.0346 2700 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
14:37:02.0393 2700 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
14:37:02.0393 2700 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
14:37:02.0440 2700 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
14:37:02.0486 2700 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
14:37:02.0486 2700 [Global] - ok
14:37:02.0502 2700 ================ Scan MBR ==================================
14:37:02.0502 2700 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
14:37:02.0502 2700 Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:37:02.0564 2700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:37:02.0564 2700 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:37:02.0564 2700 ================ Scan VBR ==================================
14:37:02.0580 2700 [ 5F03A4CACB19C173983CC5E171D22921 ] \Device\Harddisk0\DR0\Partition1
14:37:02.0580 2700 \Device\Harddisk0\DR0\Partition1 - ok
14:37:02.0580 2700 ============================================================
14:37:02.0580 2700 Scan finished
14:37:02.0580 2700 ============================================================
14:37:02.0611 2396 Detected object count: 1
14:37:02.0611 2396 Actual detected object count: 1
14:37:15.0980 2396 \Device\Harddisk0\DR0\# - copied to quarantine
14:37:15.0996 2396 \Device\Harddisk0\DR0 - copied to quarantine
14:37:16.0027 2396 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:37:16.0043 2396 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:37:18.0695 2396 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:37:19.0288 2396 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:37:19.0912 2396 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:37:20.0536 2396 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:37:21.0206 2396 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:37:21.0799 2396 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:37:21.0815 2396 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:37:21.0830 2396 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:37:21.0830 2396 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:37:22.0486 2396 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:37:23.0110 2396 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:37:23.0125 2396 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:37:23.0141 2396 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:37:23.0812 2396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:37:23.0812 2396 \Device\Harddisk0\DR0 - ok
14:37:24.0311 2396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:38:18.0924 4716 Deinitialize success


14:42:21.0982 3808 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:42:22.0466 3808 ============================================================
14:42:22.0466 3808 Current date / time: 2012/09/26 14:42:22.0466
14:42:22.0466 3808 SystemInfo:
14:42:22.0466 3808
14:42:22.0466 3808 OS Version: 6.1.7601 ServicePack: 1.0
14:42:22.0466 3808 Product type: Workstation
14:42:22.0466 3808 ComputerName: GIRLSLAPTOP
14:42:22.0466 3808 UserName: girls
14:42:22.0466 3808 Windows directory: C:\windows
14:42:22.0466 3808 System windows directory: C:\windows
14:42:22.0466 3808 Processor architecture: Intel x86
14:42:22.0466 3808 Number of processors: 2
14:42:22.0466 3808 Page size: 0x1000
14:42:22.0466 3808 Boot type: Normal boot
14:42:22.0466 3808 ============================================================
14:42:47.0878 3808 BG loaded
14:42:49.0547 3808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:42:49.0563 3808 ============================================================
14:42:49.0563 3808 \Device\Harddisk0\DR0:
14:42:49.0610 3808 MBR partitions:
14:42:49.0610 3808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2416A000
14:42:49.0610 3808 ============================================================
14:42:49.0797 3808 C: <-> \Device\Harddisk0\DR0\Partition1
14:42:49.0797 3808 ============================================================
14:42:49.0797 3808 Initialize success
14:42:49.0797 3808 ============================================================
14:57:59.0523 3608 Deinitialize success


Here is the aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 14:49:40
-----------------------------
14:49:40.539 OS Version: Windows 6.1.7601 Service Pack 1
14:49:40.539 Number of processors: 2 586 0x602
14:49:40.539 ComputerName: GIRLSLAPTOP UserName: girls
14:50:06.762 Initialize success
14:51:43.624 AVAST engine defs: 12092600
14:51:46.448 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:51:46.464 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC64G Size: 305245MB BusType: 11
14:51:46.557 Disk 0 MBR read successfully
14:51:46.557 Disk 0 MBR scan
14:51:46.573 Disk 0 Windows VISTA default MBR code
14:51:46.651 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:51:46.682 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295636 MB offset 3074048
14:51:46.729 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8108 MB offset 608536576
14:51:46.744 Disk 0 scanning sectors +625141760
14:51:46.807 Disk 0 scanning C:\windows\system32\drivers
14:52:09.723 Service scanning
14:52:57.912 Modules scanning
14:53:13.137 Disk 0 trace - called modules:
14:53:13.668 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
14:53:13.683 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fdd030]
14:53:13.699 3 CLASSPNP.SYS[8a80459e] -> nt!IofCallDriver -> [0x85fc9c30]
14:53:13.715 5 ACPI.sys[8a6223d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85fba908]
14:53:14.963 AVAST engine scan C:\windows
14:53:19.034 AVAST engine scan C:\windows\system32
14:59:11.049 AVAST engine scan C:\windows\system32\drivers
14:59:27.756 AVAST engine scan C:\Users\girls
15:15:54.021 AVAST engine scan C:\ProgramData
15:37:20.727 Scan finished successfully
16:05:29.512 Disk 0 MBR has been saved successfully to "C:\Users\girls\Desktop\MBR.dat"
16:05:29.512 The log file has been saved successfully to "C:\Users\girls\Desktop\aswMBR.txt"


ESET Online Scanner

Found no Threats

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:57 AM

Posted 26 September 2012 - 08:44 PM

Run TDSSkiller again and post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#7 dbb3

dbb3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 27 September 2012 - 09:55 AM

Malwarebytes Log

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
girls :: GIRLSLAPTOP [administrator]

9/27/2012 12:19:56 AM
mbam-log-2012-09-27 (00-19-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429956
Time elapsed: 2 hour(s), 30 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Mini ToolBox Log

MiniToolBox by Farbar Version: 23-07-2012
Ran by girls (administrator) on 27-09-2012 at 10:26:58
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : girlslaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain_not_set.invalid

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-26-B6-3E-D2-E1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 00-26-B6-3E-D2-E1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::705e:9ecc:4a2c:e6a6%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 26, 2012 11:41:07 PM
Lease Expires . . . . . . . . . . : Friday, September 28, 2012 10:23:55 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 301999798
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-E2-CA-06-00-1E-33-FC-7F-D2
DNS Servers . . . . . . . . . . . : 192.168.0.1
216.165.129.158
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-FC-7F-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslmodem.domain
Address: 192.168.0.1

Name: google.com
Addresses: 2001:4860:800a::8b
74.125.45.101
74.125.45.102
74.125.45.113
74.125.45.138
74.125.45.139
74.125.45.100


Pinging google.com [74.125.45.138] with 32 bytes of data:
Reply from 74.125.45.138: bytes=32 time=31ms TTL=55
Reply from 74.125.45.138: bytes=32 time=30ms TTL=55

Ping statistics for 74.125.45.138:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 31ms, Average = 30ms
Server: dslmodem.domain
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=117ms TTL=55
Reply from 98.138.253.109: bytes=32 time=92ms TTL=55

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 92ms, Maximum = 117ms, Average = 104ms
Server: dslmodem.domain
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 26 b6 3e d2 e1 ......Microsoft Virtual WiFi Miniport Adapter
11...00 26 b6 3e d2 e1 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
10...00 1e 33 fc 7f d2 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 286
192.168.1.101 255.255.255.255 On-link 192.168.1.101 286
192.168.1.255 255.255.255.255 On-link 192.168.1.101 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 286 fe80::/64 On-link
11 286 fe80::705e:9ecc:4a2c:e6a6/128
On-link
1 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/26/2012 11:43:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: QuickDCF2.exe, version: 1.1.1.0, time stamp: 0x45beb544
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0001e23c
Faulting process id: 0xf50
Faulting application start time: 0xQuickDCF2.exe0
Faulting application path: QuickDCF2.exe1
Faulting module path: QuickDCF2.exe2
Report Id: QuickDCF2.exe3

Error: (09/26/2012 10:20:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: QuickDCF2.exe, version: 1.1.1.0, time stamp: 0x45beb544
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0001e23c
Faulting process id: 0x10e8
Faulting application start time: 0xQuickDCF2.exe0
Faulting application path: QuickDCF2.exe1
Faulting module path: QuickDCF2.exe2
Report Id: QuickDCF2.exe3

Error: (09/26/2012 02:32:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x14c8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/26/2012 01:26:21 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Premium -- Error 1606. Could not access network location %APPDATA%\.

Error: (09/26/2012 01:26:21 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Premium -- Error 1606. Could not access network location %APPDATA%\.

Error: (09/26/2012 01:05:23 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Premium -- Error 1606. Could not access network location %APPDATA%\.

Error: (09/26/2012 01:05:23 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Premium -- Error 1606. Could not access network location %APPDATA%\.

Error: (09/26/2012 00:50:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: QuickDCF2.exe, version: 1.1.1.0, time stamp: 0x45beb544
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0001e23c
Faulting process id: 0x1c0
Faulting application start time: 0xQuickDCF2.exe0
Faulting application path: QuickDCF2.exe1
Faulting module path: QuickDCF2.exe2
Report Id: QuickDCF2.exe3

Error: (09/26/2012 11:57:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x15a4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/26/2012 11:47:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x80c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (09/27/2012 10:23:53 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/27/2012 06:22:01 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/27/2012 06:21:59 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/26/2012 11:41:09 PM) (Source: Service Control Manager) (User: )
Description: The IS360service service failed to start due to the following error:
%%2

Error: (09/26/2012 11:40:58 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/26/2012 11:40:58 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/26/2012 11:40:56 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (09/26/2012 11:40:49 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (09/26/2012 07:05:24 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/26/2012 05:56:33 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
3Dice Casino
4 Elements (Version: 2.2.0.82)
4 Elements II (Version: 2.2.0.98)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Advanced SystemCare 5 (Version: 5.4.0)
All-Time Best Recipes 21.5 (Version: 1.0.2)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bejeweled 3 (Version: 2.2.0.95)
Best Recipes Ever Vol.21,Num.9 (Version: 1.0.2)
Bing Bar (Version: 7.0.822.0)
Bing Desktop (Version: 1.0.45.0)
Buzzluck Casino (Version: 11.1.0-B)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.3.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1)
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon Personal Printing Guide (Version: 1.1.1.3)
Canon PowerShot SX130 IS Camera User Guide (Version: 1.0.0.1)
Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
CaribbeanGold Casino (Version: 1.00.0000)
Casino Grand Bay
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full Existing (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full New (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Light (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Common (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0729.2238.38827)
Catalyst Control Center InstallProxy (Version: 2009.0729.2238.38827)
Catalyst Control Center Localization All (Version: 2009.0729.2238.38827)
ccc-core-static (Version: 2009.0729.2238.38827)
ccc-utility (Version: 2009.0729.2238.38827)
CCC Help Chinese Standard (Version: 2009.0729.2237.38827)
CCC Help Chinese Traditional (Version: 2009.0729.2237.38827)
CCC Help Czech (Version: 2009.0729.2237.38827)
CCC Help Danish (Version: 2009.0729.2237.38827)
CCC Help Dutch (Version: 2009.0729.2237.38827)
CCC Help English (Version: 2009.0729.2237.38827)
CCC Help Finnish (Version: 2009.0729.2237.38827)
CCC Help French (Version: 2009.0729.2237.38827)
CCC Help German (Version: 2009.0729.2237.38827)
CCC Help Greek (Version: 2009.0729.2237.38827)
CCC Help Hungarian (Version: 2009.0729.2237.38827)
CCC Help Italian (Version: 2009.0729.2237.38827)
CCC Help Japanese (Version: 2009.0729.2237.38827)
CCC Help Korean (Version: 2009.0729.2237.38827)
CCC Help Norwegian (Version: 2009.0729.2237.38827)
CCC Help Polish (Version: 2009.0729.2237.38827)
CCC Help Portuguese (Version: 2009.0729.2237.38827)
CCC Help Russian (Version: 2009.0729.2237.38827)
CCC Help Spanish (Version: 2009.0729.2237.38827)
CCC Help Swedish (Version: 2009.0729.2237.38827)
CCC Help Thai (Version: 2009.0729.2237.38827)
CCC Help Turkish (Version: 2009.0729.2237.38827)
Club World Casinos
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Deal or No Deal (Version: 2.2.0.98)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Enchanted Cavern 2 (Version: 2.2.0.98)
ESET Online Scanner v3
ESET Smart Security (Version: 5.2.9.1)
FinePixViewer Resource (Version: 1.2)
FinePixViewer Ver.5.5 (Version: 5.5)
FinePixViewer YTUPL (Version: 1.0)
Font_Setup (Version: 1.0.1)
FoxTab FLV Player
Free Spin (Version: 11.0.0)
FUJIFILM USB Driver
Gold Rush Deluxe (Version: 2.2.0.98)
Google Chrome (Version: 21.0.1180.89)
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
iNetBet Casino
IObit Security 360 (Version: 1.0)
Jackpot Capital
Jackpot Capital (Version: 10.1.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Junk Mail filter update (Version: 15.4.3502.0922)
Keyboarding Pro DELUXE - (CE) (Version: 1.3.0)
Label@Once 1.0 (Version: 1.0)
Lucky Club (Version: 11.1.0-B)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Money Plus (Version: 17)
Microsoft Money Shared Libraries (Version: 17.0.0.1414)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10516.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mplayer 0.6.9 (Version: 0.6.9)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyToshiba (Version: 2.2.0.3)
NetZero Launcher (Version: 2.01)
Octoshape Streaming Services
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pakoombo (Version: 2.2.0.90)
PlayReady PC Runtime x86 (Version: 1.3.0)
Quickbooks Financial Center (Version: 2.02)
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
ShopAtHome.com Toolbar
Skype Launcher (Version: 2.01)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.10 (Version: 5.10.116)
Smart Defrag 2 (Version: 2.2)
SOAP Toolkit (Version: 1.0.1)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
The Weather Channel App
The Weather Channel Desktop 6
Toshiba Application and Driver Installer (Version: 9.0.0.9)
TOSHIBA Assist (Version: 2.01.11)
TOSHIBA ConfigFree (Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1)
TOSHIBA DVD PLAYER (Version: 3.01.0.07-A)
TOSHIBA eco Utility (Version: 1.1.7.0)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.0.32)
TOSHIBA Hardware Setup (Version: 2.00.11)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.2)
Toshiba Online Backup (Version: 1.2.0.35)
TOSHIBA PC Health Monitor (Version: 1.4.1.0)
Toshiba Quality Application (Version: 1.001.0000)
TOSHIBA Recovery Media Creator (Version: 2.1.0.2)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.09)
TOSHIBA Value Added Package (Version: 1.2.26)
TOSHIBA Web Camera Application (Version: 1.1.1.4)
ToshibaRegistration (Version: 1.0.3)
TVUPlayer 2.5.3.1 (Version: 2.5.3.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.31)
WildTangent Games App (Version: 4.0.5.36)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge (Version: 2.2.0.97)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2812.17 MB
Available physical RAM: 1600.9 MB
Total Pagefile: 5622.62 MB
Available Pagefile: 4156.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.25 MB

========================= Partitions: =====================================

1 Drive c: (TI103426W0D) (Fixed) (Total:288.71 GB) (Free:229.11 GB) NTFS

========================= Users: ========================================

User accounts for \\GIRLSLAPTOP

Administrator girls Guest

========================= Restore Points ==================================

06-09-2012 02:02:25 Installed Java™ 6 Update 35
12-09-2012 02:59:06 Windows Update
20-09-2012 22:10:36 Windows Modules Installer
21-09-2012 20:03:31 Removed AVG 2012
21-09-2012 20:05:45 Removed AVG 2012
21-09-2012 20:07:40 Removed AVG 2012
21-09-2012 22:49:20 Windows Update
21-09-2012 22:50:24 Windows Update
26-09-2012 17:26:15 Windows Update
27-09-2012 02:27:53 Windows Update

**** End of log ****

FSS Log

Farbar Service Scanner Version: 19-09-2012
Ran by girls (administrator) on 27-09-2012 at 10:29:47
Running from "C:\Users\girls\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2012-09-11 22:26] - [2012-08-22 13:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Adware Cleaner Log

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 10:31:51
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : girls - GIRLSLAPTOP
# Boot Mode : Normal
# Running from : C:\Users\girls\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\wrz7xo22.default\searchplugins\Askcom.xml
File Deleted : C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\wrz7xo22.default\searchplugins\Conduit.xml
File Deleted : C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\wrz7xo22.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\vShare.tv plugin
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\girls\AppData\Local\APN
Folder Deleted : C:\Users\girls\AppData\Local\Conduit
Folder Deleted : C:\Users\girls\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\girls\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\girls\AppData\Local\Temp\CT2818425
Folder Deleted : C:\Users\girls\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\girls\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\girls\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\wrz7xo22.default\ConduitCommon
Folder Deleted : C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\wrz7xo22.default\CT2818425
Folder Deleted : C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\wrz7xo22.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\wrz7xo22.default\prefs.js

C:\Users\girls\AppData\Roaming\Mozilla\Firefox\Profiles\wrz7xo22.default\user.js ... Deleted !

Deleted : user_pref("CT2818425..clientLogIsEnabled", false);
Deleted : user_pref("CT2818425..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2818425..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2818425.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2818425.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2818425.AppTrackingLastCheckTime", "Wed Apr 18 2012 17:47:40 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT2818425.BrowserCompStateIsOpen_129712757411525741", true);
Deleted : user_pref("CT2818425.BrowserCompStateIsOpen_129735245815838327", true);
Deleted : user_pref("CT2818425.CTID", "CT2818425");
Deleted : user_pref("CT2818425.CurrentServerDate", "19-4-2012");
Deleted : user_pref("CT2818425.DSChangedManually", false);
Deleted : user_pref("CT2818425.DSInstall", true);
Deleted : user_pref("CT2818425.DSProtectChoice", true);
Deleted : user_pref("CT2818425.DSProtectCount", 1);
Deleted : user_pref("CT2818425.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2818425.DialogsGetterLastCheckTime", "Wed Apr 18 2012 17:47:32 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2818425.DownloadReferralCookieData", "");
Deleted : user_pref("CT2818425.EMailNotifierPollDate", "Wed Apr 18 2012 17:47:30 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2818425.FirstServerDate", "19-1-2012");
Deleted : user_pref("CT2818425.FirstTime", true);
Deleted : user_pref("CT2818425.FirstTimeFF3", true);
Deleted : user_pref("CT2818425.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2818425.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2818425.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2818425.HPInstall", true);
Deleted : user_pref("CT2818425.HasUserGlobalKeys", true);
Deleted : user_pref("CT2818425.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2818425.HomepageBeforeUnload", "hxxp://vshare.toolbarhome.com/?hp=df");
Deleted : user_pref("CT2818425.Initialize", true);
Deleted : user_pref("CT2818425.InitializeCommonPrefs", true);
Deleted : user_pref("CT2818425.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2818425.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT2818425.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2818425.InstalledDate", "Wed Jan 18 2012 21:32:43 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2818425.InvalidateCache", false);
Deleted : user_pref("CT2818425.IsAlertDBUpdated", true);
Deleted : user_pref("CT2818425.IsGrouping", false);
Deleted : user_pref("CT2818425.IsInitSetupIni", true);
Deleted : user_pref("CT2818425.IsMulticommunity", false);
Deleted : user_pref("CT2818425.IsOpenThankYouPage", false);
Deleted : user_pref("CT2818425.IsOpenUninstallPage", true);
Deleted : user_pref("CT2818425.IsProtectorsInit", true);
Deleted : user_pref("CT2818425.LanguagePackLastCheckTime", "Wed Apr 18 2012 17:47:31 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2818425.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2818425.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2818425.LastLogin_3.9.0.3", "Wed Apr 18 2012 17:47:31 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2818425.LatestVersion", "3.12.0.7");
Deleted : user_pref("CT2818425.Locale", "en");
Deleted : user_pref("CT2818425.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2818425.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2818425.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2818425.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2818425.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT2818425.RadioIsPodcast", false);
Deleted : user_pref("CT2818425.RadioLastCheckTime", "Wed Apr 18 2012 17:47:32 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2818425.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2818425.RadioLastUpdateServer", "129330101464100000");
Deleted : user_pref("CT2818425.RadioMediaID", "21515677");
Deleted : user_pref("CT2818425.RadioMediaType", "Media Player");
Deleted : user_pref("CT2818425.RadioMenuSelectedID", "EBRadioMenu_CT281842521515677");
Deleted : user_pref("CT2818425.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2818425.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Deleted : user_pref("CT2818425.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Deleted : user_pref("CT2818425.SavedHomepage", "hxxp://vshare.toolbarhome.com/?hp=df");
Deleted : user_pref("CT2818425.SearchCaption", "vshare.tv Bar Customized Web Search");
Deleted : user_pref("CT2818425.SearchEngineBeforeUnload", "vshare.tv Bar Customized Web Search");
Deleted : user_pref("CT2818425.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2818425.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT281[...]
Deleted : user_pref("CT2818425.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2818425.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2818425.SearchInNewTabLastCheckTime", "Wed Apr 18 2012 17:47:30 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2818425.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2818425.SearchProtectorEnabled", false);
Deleted : user_pref("CT2818425.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2818425.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2818425.ServiceMapLastCheckTime", "Wed Apr 18 2012 17:47:29 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2818425.SettingsLastCheckTime", "Wed Apr 18 2012 17:47:29 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2818425.SettingsLastUpdate", "1334480959");
Deleted : user_pref("CT2818425.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13");
Deleted : user_pref("CT2818425.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2818425.ThirdPartyComponentsLastCheck", "Wed Apr 18 2012 17:47:29 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2818425.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2818425.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2818425.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2818425");
Deleted : user_pref("CT2818425.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2818425.UserID", "UN52081839075363171");
Deleted : user_pref("CT2818425.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2818425.alertChannelId", "1210492");
Deleted : user_pref("CT2818425.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT2818425.backendstorage.cbfirsttime", "576564204A616E20313820323031322032313A33323A35322[...]
Deleted : user_pref("CT2818425.backendstorage.key_user_agree_ia12", "31");
Deleted : user_pref("CT2818425.backendstorage.key_wellcome_ia12", "31");
Deleted : user_pref("CT2818425.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041707220323320323031322031373A[...]
Deleted : user_pref("CT2818425.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT2818425.backendstorage.url_history", "687474703A2F2F696C656D692E636F2F77617463682E70687[...]
Deleted : user_pref("CT2818425.backendstorage.url_history0001", "687474703A2F2F6D6F766965732E6E6574666C69782E6[...]
Deleted : user_pref("CT2818425.backendstorage.url_history_time", "31333236393430353832363231");
Deleted : user_pref("CT2818425.backendstorage.user_uniqueid", "35306433356230662D333963302D323539382D313936322[...]
Deleted : user_pref("CT2818425.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2818425.globalFirstTimeInfoLastCheckTime", "Wed Apr 18 2012 17:47:32 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2818425.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2818425.initDone", true);
Deleted : user_pref("CT2818425.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2818425.isFirstRadioInstallation", false);
Deleted : user_pref("CT2818425.myStuffEnabled", true);
Deleted : user_pref("CT2818425.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2818425.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2818425.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2818425.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2818425.oldAppsList", "129320401456081839,129320401456081840,111,7071898492715082350,12[...]
Deleted : user_pref("CT2818425.revertSettingsEnabled", false);
Deleted : user_pref("CT2818425.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2818425.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2818425.testingCtid", "");
Deleted : user_pref("CT2818425.toolbarAppMetaDataLastCheckTime", "Wed Apr 18 2012 17:47:31 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2818425.toolbarContextMenuLastCheckTime", "Wed Apr 18 2012 17:47:31 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2818425.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2818425&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "vshare.tv Bar Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2818425/CT2818425[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1210492/1206165/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2818425", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2818425",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"0bc[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\girls\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2818425");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2818425");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2818425");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Apr 18 2012 17:47:30 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "d982e8fd-efed-48cd-b8db-58f535af27ee");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2818425");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Apr 18 2012 17:47:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Apr 18 2012 17:47:38 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Apr 18 2012 17:47:30 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "bf7ae750-d5dd-4b1b-800e-02bdf80bc308");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://vshare.toolbarhome.com/?hp=df");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Deleted : user_pref("browser.search..selectedEngineURL", "hxxp://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&cl[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "vshare.tv Bar Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngineURL", "hxxp://mp3tubetoolbarsearch.com/?prt=pinballtbfour01f[...]
Deleted : user_pref("extensions.vshare@toolbar.update.enabled", false);
Deleted : user_pref("mp3tubetoolbar.configXml", "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<toolbarlayout[...]
Deleted : user_pref("mp3tubetoolbar.configXml_lastcheck", "22246427");
Deleted : user_pref("mp3tubetoolbar.startupPop", "yes");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\girls\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://vshare.toolbarhome.com/?hp=df" ]
Deleted [l.45] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=113&systemid=406&sr=0&q={searchTerms}",
Deleted [l.1150] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.1434] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://vshare.toolbarhome.com/?hp=df" ]

*************************

AdwCleaner[S1].txt - [21023 octets] - [27/09/2012 10:31:51]

########## EOF - C:\AdwCleaner[S1].txt - [21084 octets] ##########


Junkware Removal Log

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.1 (09.27.2012)
OS: Windows 7 Home Premium x86
Ran by girls on Thu 09/27/2012 at 10:41:42.03
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files: 0 Detections



*** Folders: 0 Detections



*** Ask Toolbar: - Remnants removed



*** FireFox detected and repaired:

The below lines were deleted from [FF prefs.js]

=============================

=============================



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Thu 09/27/2012 at 10:41:48.08
End of Report

I forgot to run TDSSkiller again I hope this did not mess anything up but I did check after I got done and it said no threats

#8 dbb3

dbb3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 27 September 2012 - 10:07 AM

I did do TDSSkiller Scan again and it does show a suspicious object, medium risk Physical drive:\Device\Harddisk0\DRO it says I can skip, quarantine or delete. I hope I didn't mess anything up. Sorry

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:57 AM

Posted 27 September 2012 - 10:09 AM

I did do TDSSkiller Scan again and it does show a suspicious object, medium risk Physical drive:\Device\Harddisk0\DRO it says I can skip, quarantine or delete. I hope I didn't mess anything up. Sorry


I need to see the log :)

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#10 dbb3

dbb3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 27 September 2012 - 11:50 AM

RKill Log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/27/2012 12:42:22 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/27/2012 12:42:36 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

Autoruns:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "BingDesktop" "Bing Desktop application" "Microsoft Corp." "c:\program files\microsoft\bingdesktop\bingdesktop.exe"
+ "egui" "ESET GUI" "ESET" "c:\program files\eset\eset smart security\egui.exe"
+ "Malwarebytes Anti-Malware (reboot)" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbam.exe"
+ "REGSHAVE" "Shaving Registry" "FUJI PHOTO FILM CO., LTD." "c:\program files\regshave\regshave.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe"
+ "SmartFaceVWatcher" "SmartFaceVWatcher" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevwatcher.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba service station\toshibaservicestation.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosWaitSrv" "" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\toswaitsrv.exe"
+ "TWebCamera" "" "TOSHIBA CORPORATION." "c:\program files\toshiba\toshiba web camera application\twebcamera.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "ExifLauncher2.lnk" "Exif Launcher 2" "FUJIFILM Corporation" "c:\program files\finepixviewer\quickdcf2.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
+ "n/a" "MyToshiba" "TOSHIBA" "c:\program files\toshiba\my toshiba\mytoshiba.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Advanced SystemCare 5" "Advanced SystemCare 5 Tray" "IObit" "c:\program files\iobit\advanced systemcare 5\asctray.exe"
+ "DW7" "The Weather Channel App" "The Weather Channel" "c:\program files\the weather channel\the weather channel app\twcapp.exe"
+ "MyTOSHIBA" "MyToshiba" "TOSHIBA" "c:\program files\toshiba\my toshiba\mytoshiba.exe"
+ "Octoshape Streaming Services" "Main program for Octoshape client" "Octoshape ApS" "c:\users\girls\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "skype-ie-addon-data" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "ASCv5ExtMenu Module" "" "c:\program files\iobit\advanced systemcare 5\ascv5extmenu.dll"
+ "ESET Smart Security - Context Menu Shell Extension" "Shell Extension" "ESET" "c:\program files\eset\eset smart security\shellext.dll"
+ "IObit Security 360" "IS360Ext" "IObit" "c:\program files\iobit\iobit security 360\is360ext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "ASCv5ExtMenu Module" "" "c:\program files\iobit\advanced systemcare 5\ascv5extmenu.dll"
+ "IObit Security 360" "IS360Ext" "IObit" "c:\program files\iobit\iobit security 360\is360ext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "ESET Smart Security - Context Menu Shell Extension" "Shell Extension" "ESET" "c:\program files\eset\eset smart security\shellext.dll"
+ "IObit Security 360" "IS360Ext" "IObit" "c:\program files\iobit\iobit security 360\is360ext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn1\yt.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn1\ytsingleinstance.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn1\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\ConfigFree Startup Programs" "ConfigFree Task Tray Menu" "TOSHIBA CORPORATION" "c:\program files\toshiba\configfree\ndstray.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\SmartDefrag" "" "" "File not found: C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe"
+ "\SmartDefrag_Startup" "" "" "File not found: C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe"
+ "\{4070234F-A160-4459-B7F8-9227671EEFC6}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "\{41A11B25-06D4-4906-B6EE-FD36D0827DC7}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AdvancedSystemCareService5" "Advanced SystemCare Service" "IObit" "c:\program files\iobit\advanced systemcare 5\ascservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
+ "BBUpdate" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
+ "BingDesktopUpdate" "Bing Desktop Update Service" "Microsoft Corp." "c:\program files\microsoft\bingdesktop\bingdesktopupdater.exe"
+ "cfWiMAXService" "This is WiMAX Control Service of ConfigFree. Please do not stop this servce when you are using ConfigFree with Intel WiMAX device." "TOSHIBA CORPORATION" "c:\program files\toshiba\configfree\cfiwmxsvcs.exe"
+ "ConfigFree Service" "You can't stop this service, if you want to keep ConfigFree functionality fine." "TOSHIBA CORPORATION" "c:\program files\toshiba\configfree\cfsvcs.exe"
+ "ekrn" "ESET Service" "ESET" "c:\program files\eset\eset smart security\ekrn.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files\wildtangent games\app\gamesappservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IS360service" "IObit Security 360 Service" "" "File not found: C:\Program Files\IObit\IObit Security 360\IS360srv.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "LSI Corp" "c:\windows\system32\drivers\agrsm.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athr.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "eamonm" "Eset file on-access scanner" "ESET" "c:\windows\system32\drivers\eamonm.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "ehdrv" "Eset Helper driver" "ESET" "c:\windows\system32\drivers\ehdrv.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "epfw" "EPFW Filter Driver" "ESET" "c:\windows\system32\drivers\epfw.sys"
+ "EpfwLWF" "Epfw NDIS LightWeight Filter" "ESET" "c:\windows\system32\drivers\epfwlwf.sys"
+ "epfwwfp" "EPFW Filter Driver" "ESET" "c:\windows\system32\drivers\epfwwfp.sys"
+ "FwLnk" "TOSHIBA Firmware Linkage 32-bit Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\fwlnk.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "" "" "File not found: System32\Drivers\RtsUStor.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver " "Realtek " "c:\windows\system32\drivers\rt86win7.sys"
+ "rtl8192se" "Realtek RTL81892SE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192se.sys"
+ "RtsUIR" "" "" "File not found: system32\DRIVERS\Rts516xIR.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SmartDefragDriver" "File driver of SmartDefrag" "" "c:\windows\system32\drivers\smartdefragdriver.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x86." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "tos_sps32" "tos_sps32" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps32.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "USBCCID" "" "" "File not found: system32\DRIVERS\RtsUCcid.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Canon DES Resizer SaveMode" "CanonDESResizer" "Canon Inc." "c:\program files\canon\mdl30\canondesresizer.ax"
+ "Canon H.264 Decode Filter" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files\canon\canon mov decoder170\canonh264filter.ax"
+ "Canon H.264 Encoder 1.5.0" "Canon H264 Encoder Filter" "CANON INC." "c:\program files\canon\canon mov encoder\canonh264encoder.ax"
+ "Canon Image Rotation Filter" "Canon Image Rotation Filter " "Canon Inc." "c:\program files\canon\mdp\canonrotatefilter.dll"
+ "Canon MDP Motion-JPEG Decoder" "Canon MDP Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files\canon\mdp\canonmdpmjpegdecoder.ax"
+ "Canon Motion-JPEG Decoder" "Canon Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files\canon\mdl30\canonmjpegdecoder.ax"
+ "Canon Motion-JPEG Encoder" "Motion-JPEG Encoder Filter" "Canon Inc." "c:\program files\canon\mdl30\canonmjpegencoder.ax"
+ "Canon Mov File Parser Filter" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files\canon\canon mov decoder170\canonh264filter.ax"
+ "Canon Mov File Parser Filter2" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files\canon\canon mov decoder170\canonh264filter.ax"
+ "Canon Resizer" "CanonResizer" "Canon Inc." "c:\program files\canon\mdl30\canonresizer.ax"
+ "Canon Text Source Filter" "Canon Text Source Filter" "Canon Inc." "c:\program files\canon\mdl30\canontextsourcefilter.ax"
+ "Canon WAV Dest" "CanonWavDest" "Canon Inc." "c:\program files\canon\mdl30\canonwavdest.ax"
+ "Canon-Actual-Data-Length-Setter" "CanonActualDataLengthSetter" "Canon Inc." "c:\program files\canon\mdl30\canonactualdatalengthsetter.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "FinePix Color Filter" "FinePix Color Filter" "FUJI PHOTO FILM CO.,LTD." "c:\program files\finepixviewer\extensions\helpers\mvfilters\fxcolorft.ax"
+ "FinePix Rotate Filter" "FinePix Rotate Filter" "FUJI PHOTO FILM CO.,LTD." "c:\program files\finepixviewer\extensions\helpers\mvfilters\fxrotateft.ax"
+ "Fujifilm Setup Filter" "FujifilmSetupFilter" "FUJI PHOTO FILM CO., LTD. " "c:\program files\finepixviewer\extensions\helpers\mvfilters\fujifilmsetupfilter.ax"
+ "Image Effects" "TimeStam Dynamic Link Library" "" "c:\program files\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "psWav Dest" "Canon Utilities Support Library" "Canon Inc." "c:\program files\canon\camerawindow\mycamera\pswavdes.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
+ "TOSHIBA Audio Back Switcher" "" "" "c:\program files\toshiba\toshiba dvd player\tosaudiobackswitcher.ax"
+ "TOSHIBA Audio Decoder DVD" "TOSHIBA Audio Decoder DVD" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tosauddecl.ax"
+ "TOSHIBA Audio Front Switcher" "" "" "c:\program files\toshiba\toshiba dvd player\tosaudiofrontswitcher.ax"
+ "TOSHIBA Audio Rate Converter" "TOSHIBA Audio Rate Converter" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tosarc.ax"
+ "TOSHIBA DualMono" "TOSHIBA DualMono" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tosdualmono.ax"
+ "TOSHIBA DVD Navigator" "TOSHIBA DVD Navigator" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator" "TOSHIBA DVD Player" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tvrnavi.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba disc creator\twavconv.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
+ "{B65F237C-AAFF-4df7-8872-91B65663E41F}" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:57 AM

Posted 27 September 2012 - 01:00 PM

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP-http://support.microsoft.com/kb/310405

Vista & windows 7-http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#12 dbb3

dbb3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 27 September 2012 - 01:27 PM

Does everything look ok? My computer seems to be running better now.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:57 AM

Posted 27 September 2012 - 01:39 PM

Yep :)

#14 dbb3

dbb3
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 27 September 2012 - 02:11 PM

Thank you so much for all your help.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:57 AM

Posted 27 September 2012 - 02:53 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users