Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Happili and Rootkit


  • Please log in to reply
16 replies to this topic

#1 shome1

shome1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 26 September 2012 - 02:37 PM

For quite some time now my browser's back button does not function properly. Some clicks will take me back, while others will not allow any movevment at all. This wasn't a huge issue, but I had a feeling something wasn't right. Earlier this morning when doing Google searches I was being re-directed to other random search sites, ads, etc. I have been using Malwarebytes for several years, but had been heavily relying on Norton 360 to keep watch on my system. However, I updated Malwarebytes and ran a scan which revealed an infection of both Trojan Happili and RootKit. The log showed each item (4 to be exact) was quarantined and removed successfully, but that is not the case. I am still being re-directed, and need expert advice as I see so many other users with the same/similiar issues. I am running Windows IE9, and use Google as my primary search engine. At this time, I am also running a full system scan through Norton 360, but the scan has not completed yet.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 PM

Posted 26 September 2012 - 02:38 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 26 September 2012 - 02:50 PM

Thank you so much for you quick response. I am downloading these items and running scans, and will post results as soon as I get them.

#4 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 27 September 2012 - 02:51 AM

TDSSKiller Log:

15:42:36.0574 5876 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:42:37.0605 5876 ============================================================
15:42:37.0605 5876 Current date / time: 2012/09/26 15:42:37.0605
15:42:37.0606 5876 SystemInfo:
15:42:37.0606 5876
15:42:37.0606 5876 OS Version: 6.0.6002 ServicePack: 2.0
15:42:37.0606 5876 Product type: Workstation
15:42:37.0606 5876 ComputerName: CARL-PC
15:42:37.0607 5876 UserName: Carl
15:42:37.0607 5876 Windows directory: C:\Windows
15:42:37.0607 5876 System windows directory: C:\Windows
15:42:37.0607 5876 Processor architecture: Intel x86
15:42:37.0607 5876 Number of processors: 2
15:42:37.0607 5876 Page size: 0x1000
15:42:37.0607 5876 Boot type: Normal boot
15:42:37.0607 5876 ============================================================
15:42:39.0850 5876 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:42:39.0916 5876 ============================================================
15:42:39.0916 5876 \Device\Harddisk0\DR0:
15:42:39.0916 5876 MBR partitions:
15:42:39.0916 5876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD23761A
15:42:39.0932 5876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD237698, BlocksNum 0x3A5F423
15:42:39.0932 5876 ============================================================
15:42:39.0989 5876 C: <-> \Device\Harddisk0\DR0\Partition1
15:42:40.0031 5876 D: <-> \Device\Harddisk0\DR0\Partition2
15:42:40.0046 5876 ============================================================
15:42:40.0046 5876 Initialize success
15:42:40.0046 5876 ============================================================
15:43:02.0675 4832 ============================================================
15:43:02.0675 4832 Scan started
15:43:02.0675 4832 Mode: Manual; TDLFS;
15:43:02.0675 4832 ============================================================
15:43:04.0459 4832 ================ Scan system memory ========================
15:43:04.0459 4832 System memory - ok
15:43:04.0459 4832 ================ Scan services =============================
15:43:04.0694 4832 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:43:04.0703 4832 ACPI - ok
15:43:04.0746 4832 [ 87114EFEDEB94AF49323CA61F344716D ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys
15:43:04.0750 4832 ACPIVPC - ok
15:43:04.0887 4832 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:04.0889 4832 AdobeARMservice - ok
15:43:04.0956 4832 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:43:04.0968 4832 adp94xx - ok
15:43:05.0002 4832 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:43:05.0011 4832 adpahci - ok
15:43:05.0054 4832 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:43:05.0059 4832 adpu160m - ok
15:43:05.0077 4832 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:43:05.0084 4832 adpu320 - ok
15:43:05.0134 4832 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:43:05.0136 4832 AeLookupSvc - ok
15:43:05.0178 4832 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:43:05.0187 4832 AFD - ok
15:43:05.0238 4832 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:43:05.0242 4832 agp440 - ok
15:43:05.0273 4832 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:43:05.0277 4832 aic78xx - ok
15:43:05.0301 4832 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:43:05.0304 4832 ALG - ok
15:43:05.0334 4832 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:43:05.0362 4832 aliide - ok
15:43:05.0416 4832 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:43:05.0419 4832 amdagp - ok
15:43:05.0471 4832 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:43:05.0473 4832 amdide - ok
15:43:05.0525 4832 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:43:05.0527 4832 AmdK7 - ok
15:43:05.0546 4832 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:43:05.0548 4832 AmdK8 - ok
15:43:05.0596 4832 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:43:05.0597 4832 Appinfo - ok
15:43:05.0679 4832 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:05.0682 4832 Apple Mobile Device - ok
15:43:05.0721 4832 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:43:05.0725 4832 arc - ok
15:43:05.0769 4832 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:43:05.0863 4832 arcsas - ok
15:43:05.0967 4832 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
15:43:05.0970 4832 ASLDRService - ok
15:43:06.0007 4832 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:06.0009 4832 AsyncMac - ok
15:43:06.0034 4832 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:43:06.0036 4832 atapi - ok
15:43:06.0082 4832 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:06.0090 4832 AudioEndpointBuilder - ok
15:43:06.0104 4832 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:43:06.0109 4832 Audiosrv - ok
15:43:06.0146 4832 [ 7D0F2BFA273831124FA08526AF48AF18 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:43:06.0153 4832 b57nd60x - ok
15:43:06.0255 4832 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:43:06.0256 4832 BcmSqlStartupSvc - ok
15:43:06.0290 4832 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:43:06.0292 4832 Beep - ok
15:43:06.0341 4832 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:43:06.0350 4832 BFE - ok
15:43:06.0557 4832 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120919.001\BHDrvx86.sys
15:43:06.0584 4832 BHDrvx86 - ok
15:43:06.0663 4832 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:43:06.0686 4832 BITS - ok
15:43:06.0722 4832 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:43:06.0742 4832 blbdrive - ok
15:43:06.0880 4832 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:43:06.0893 4832 Bonjour Service - ok
15:43:06.0927 4832 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:43:06.0932 4832 bowser - ok
15:43:06.0967 4832 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:43:06.0971 4832 BrFiltLo - ok
15:43:07.0009 4832 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:43:07.0013 4832 BrFiltUp - ok
15:43:07.0090 4832 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:43:07.0092 4832 Browser - ok
15:43:07.0129 4832 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:43:07.0134 4832 Brserid - ok
15:43:07.0167 4832 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:43:07.0172 4832 BrSerWdm - ok
15:43:07.0198 4832 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:43:07.0216 4832 BrUsbMdm - ok
15:43:07.0230 4832 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:43:07.0234 4832 BrUsbSer - ok
15:43:07.0290 4832 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:43:07.0295 4832 BTHMODEM - ok
15:43:07.0429 4832 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys
15:43:07.0433 4832 ccSet_N360 - ok
15:43:07.0500 4832 [ 2B2F9B4A08190334A9C36446B208BAE9 ] ccSet_NST C:\Windows\system32\drivers\NST\0200000.010\ccSetx86.sys
15:43:07.0505 4832 ccSet_NST - ok
15:43:07.0535 4832 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:43:07.0538 4832 cdfs - ok
15:43:07.0599 4832 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:43:07.0602 4832 cdrom - ok
15:43:07.0657 4832 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:43:07.0659 4832 CertPropSvc - ok
15:43:07.0678 4832 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:43:07.0680 4832 circlass - ok
15:43:07.0715 4832 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:43:07.0721 4832 CLFS - ok
15:43:07.0812 4832 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:07.0816 4832 clr_optimization_v2.0.50727_32 - ok
15:43:07.0878 4832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:07.0882 4832 clr_optimization_v4.0.30319_32 - ok
15:43:07.0929 4832 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:07.0931 4832 CmBatt - ok
15:43:07.0948 4832 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:43:07.0951 4832 cmdide - ok
15:43:08.0037 4832 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:43:08.0056 4832 Compbatt - ok
15:43:08.0064 4832 COMSysApp - ok
15:43:08.0096 4832 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:43:08.0098 4832 crcdisk - ok
15:43:08.0129 4832 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:43:08.0132 4832 Crusoe - ok
15:43:08.0200 4832 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:43:08.0204 4832 CryptSvc - ok
15:43:08.0285 4832 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:43:08.0300 4832 DcomLaunch - ok
15:43:08.0339 4832 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:43:08.0342 4832 DfsC - ok
15:43:08.0461 4832 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:43:08.0508 4832 DFSR - ok
15:43:08.0608 4832 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:43:08.0612 4832 Dhcp - ok
15:43:08.0652 4832 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:43:08.0678 4832 disk - ok
15:43:08.0765 4832 [ 31B7596EDD9505FCBB07670FB69CBB48 ] dldtCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
15:43:08.0780 4832 dldtCATSCustConnectService - ok
15:43:08.0786 4832 dldt_device - ok
15:43:08.0848 4832 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:43:08.0850 4832 Dnscache - ok
15:43:08.0889 4832 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:43:08.0894 4832 dot3svc - ok
15:43:08.0962 4832 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:43:08.0967 4832 Dot4 - ok
15:43:08.0988 4832 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:43:08.0990 4832 Dot4Print - ok
15:43:09.0015 4832 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:43:09.0018 4832 dot4usb - ok
15:43:09.0071 4832 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:43:09.0075 4832 DPS - ok
15:43:09.0129 4832 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:43:09.0131 4832 drmkaud - ok
15:43:09.0184 4832 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:43:09.0199 4832 DXGKrnl - ok
15:43:09.0228 4832 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:43:09.0232 4832 E1G60 - ok
15:43:09.0282 4832 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:43:09.0284 4832 EapHost - ok
15:43:09.0352 4832 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:43:09.0357 4832 Ecache - ok
15:43:09.0446 4832 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:43:09.0456 4832 eeCtrl - ok
15:43:09.0504 4832 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:43:09.0513 4832 ehRecvr - ok
15:43:09.0528 4832 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:43:09.0533 4832 ehSched - ok
15:43:09.0567 4832 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:43:09.0569 4832 ehstart - ok
15:43:09.0626 4832 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:43:09.0639 4832 elxstor - ok
15:43:09.0705 4832 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:43:09.0719 4832 EMDMgmt - ok
15:43:09.0835 4832 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:43:09.0839 4832 EraserUtilRebootDrv - ok
15:43:09.0869 4832 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:43:09.0872 4832 ErrDev - ok
15:43:09.0941 4832 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:43:09.0950 4832 EventSystem - ok
15:43:10.0008 4832 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:43:10.0014 4832 exfat - ok
15:43:10.0063 4832 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:43:10.0069 4832 fastfat - ok
15:43:10.0110 4832 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:43:10.0113 4832 fdc - ok
15:43:10.0157 4832 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:43:10.0159 4832 fdPHost - ok
15:43:10.0178 4832 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:43:10.0180 4832 FDResPub - ok
15:43:10.0217 4832 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:43:10.0221 4832 FileInfo - ok
15:43:10.0247 4832 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:43:10.0250 4832 Filetrace - ok
15:43:10.0271 4832 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:10.0275 4832 flpydisk - ok
15:43:10.0314 4832 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:43:10.0318 4832 FltMgr - ok
15:43:10.0395 4832 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:43:10.0410 4832 FontCache - ok
15:43:10.0468 4832 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:43:10.0470 4832 FontCache3.0.0.0 - ok
15:43:10.0501 4832 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:43:10.0503 4832 Fs_Rec - ok
15:43:10.0544 4832 [ B3221FA06AF0ACA6D5D83717D573EB83 ] funfrm C:\Windows\system32\drivers\funfrm.sys
15:43:10.0546 4832 funfrm - ok
15:43:10.0581 4832 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:43:10.0583 4832 gagp30kx - ok
15:43:10.0653 4832 [ 3EAFDD637416393722AA98E940DFD0A0 ] GameConsoleService C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
15:43:10.0657 4832 GameConsoleService - ok
15:43:10.0706 4832 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:43:10.0708 4832 GEARAspiWDM - ok
15:43:10.0756 4832 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:43:10.0768 4832 gpsvc - ok
15:43:10.0815 4832 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:10.0821 4832 HdAudAddService - ok
15:43:10.0879 4832 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:10.0892 4832 HDAudBus - ok
15:43:10.0921 4832 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:43:10.0923 4832 HidBth - ok
15:43:10.0945 4832 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:43:10.0948 4832 HidIr - ok
15:43:10.0989 4832 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:43:10.0991 4832 hidserv - ok
15:43:11.0043 4832 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:43:11.0070 4832 HidUsb - ok
15:43:11.0109 4832 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:43:11.0113 4832 hkmsvc - ok
15:43:11.0134 4832 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:43:11.0137 4832 HpCISSs - ok
15:43:11.0246 4832 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:43:11.0254 4832 hpqcxs08 - ok
15:43:11.0290 4832 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:43:11.0292 4832 hpqddsvc - ok
15:43:11.0342 4832 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:43:11.0344 4832 HTCAND32 - ok
15:43:11.0402 4832 [ 52395A94C127C0266D1C0F3CCE8A4345 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
15:43:11.0404 4832 htcnprot - ok
15:43:11.0473 4832 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:43:11.0483 4832 HTTP - ok
15:43:11.0522 4832 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:43:11.0525 4832 i2omp - ok
15:43:11.0579 4832 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:11.0583 4832 i8042prt - ok
15:43:11.0660 4832 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:43:11.0664 4832 iaStor - ok
15:43:11.0702 4832 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:43:11.0709 4832 iaStorV - ok
15:43:11.0862 4832 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:43:11.0884 4832 idsvc - ok
15:43:11.0988 4832 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120925.001\IDSvix86.sys
15:43:12.0000 4832 IDSVix86 - ok
15:43:12.0286 4832 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:43:12.0545 4832 igfx - ok
15:43:12.0665 4832 [ 19A31DCA2F502D778C9A2B09B863412D ] IGRS C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
15:43:12.0667 4832 IGRS - ok
15:43:12.0699 4832 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:43:12.0701 4832 iirsp - ok
15:43:12.0742 4832 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:43:12.0764 4832 IKEEXT - ok
15:43:12.0776 4832 IncSvc - ok
15:43:13.0036 4832 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:43:13.0891 4832 IntcAzAudAddService - ok
15:43:14.0003 4832 [ C7E7E43CBD34D3B0A0156B51B917DFCC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
15:43:14.0031 4832 IntcHdmiAddService - ok
15:43:14.0114 4832 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:43:14.0131 4832 intelide - ok
15:43:14.0177 4832 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:43:14.0190 4832 intelppm - ok
15:43:14.0276 4832 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:43:14.0292 4832 IPBusEnum - ok
15:43:14.0338 4832 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:14.0343 4832 IpFilterDriver - ok
15:43:14.0387 4832 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:43:14.0418 4832 iphlpsvc - ok
15:43:14.0428 4832 IpInIp - ok
15:43:14.0475 4832 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:43:14.0491 4832 IPMIDRV - ok
15:43:14.0557 4832 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:43:14.0587 4832 IPNAT - ok
15:43:14.0977 4832 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:43:15.0002 4832 iPod Service - ok
15:43:15.0049 4832 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:43:15.0052 4832 IRENUM - ok
15:43:15.0098 4832 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:43:15.0102 4832 isapnp - ok
15:43:15.0156 4832 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:43:15.0164 4832 iScsiPrt - ok
15:43:15.0192 4832 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:43:15.0197 4832 iteatapi - ok
15:43:15.0228 4832 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:43:15.0231 4832 iteraid - ok
15:43:15.0252 4832 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:15.0255 4832 kbdclass - ok
15:43:15.0286 4832 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:15.0289 4832 kbdhid - ok
15:43:15.0324 4832 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:43:15.0327 4832 KeyIso - ok
15:43:15.0382 4832 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:43:15.0394 4832 KSecDD - ok
15:43:15.0443 4832 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:43:15.0450 4832 KtmRm - ok
15:43:15.0487 4832 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:43:15.0491 4832 LanmanServer - ok
15:43:15.0526 4832 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:15.0532 4832 LanmanWorkstation - ok
15:43:15.0589 4832 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:43:15.0592 4832 lltdio - ok
15:43:15.0624 4832 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:43:15.0651 4832 lltdsvc - ok
15:43:15.0686 4832 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:43:15.0689 4832 lmhosts - ok
15:43:15.0723 4832 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:43:15.0727 4832 LSI_FC - ok
15:43:15.0744 4832 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:43:15.0748 4832 LSI_SAS - ok
15:43:15.0857 4832 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:43:15.0861 4832 LSI_SCSI - ok
15:43:15.0887 4832 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:43:15.0891 4832 luafv - ok
15:43:15.0932 4832 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:43:15.0934 4832 MBAMProtector - ok
15:43:15.0999 4832 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:43:16.0010 4832 MBAMScheduler - ok
15:43:16.0061 4832 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:43:16.0078 4832 MBAMService - ok
15:43:16.0130 4832 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
15:43:16.0139 4832 McciCMService - ok
15:43:16.0183 4832 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:43:16.0187 4832 Mcx2Svc - ok
15:43:16.0241 4832 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:43:16.0244 4832 megasas - ok
15:43:16.0294 4832 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:43:16.0305 4832 MegaSR - ok
15:43:16.0378 4832 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:43:16.0381 4832 Microsoft Office Groove Audit Service - ok
15:43:16.0431 4832 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:43:16.0435 4832 MMCSS - ok
15:43:16.0458 4832 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:43:16.0460 4832 Modem - ok
15:43:16.0500 4832 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
15:43:16.0503 4832 MODEMCSA - ok
15:43:16.0527 4832 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:43:16.0531 4832 monitor - ok
15:43:16.0549 4832 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:43:16.0552 4832 mouclass - ok
15:43:16.0576 4832 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:43:16.0580 4832 mouhid - ok
15:43:16.0601 4832 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:43:16.0604 4832 MountMgr - ok
15:43:16.0654 4832 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:43:16.0658 4832 mpio - ok
15:43:16.0683 4832 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:43:16.0685 4832 mpsdrv - ok
15:43:16.0727 4832 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:43:16.0738 4832 MpsSvc - ok
15:43:16.0778 4832 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:43:16.0789 4832 Mraid35x - ok
15:43:16.0900 4832 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:43:16.0904 4832 MREMP50 - ok
15:43:16.0910 4832 MREMP50a64 - ok
15:43:16.0967 4832 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
15:43:16.0970 4832 MREMPR5 - ok
15:43:16.0984 4832 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
15:43:16.0987 4832 MRENDIS5 - ok
15:43:17.0014 4832 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:43:17.0018 4832 MRESP50 - ok
15:43:17.0024 4832 MRESP50a64 - ok
15:43:17.0083 4832 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:43:17.0087 4832 MRxDAV - ok
15:43:17.0123 4832 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:17.0127 4832 mrxsmb - ok
15:43:17.0169 4832 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:17.0177 4832 mrxsmb10 - ok
15:43:17.0191 4832 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:17.0195 4832 mrxsmb20 - ok
15:43:17.0236 4832 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:43:17.0259 4832 msahci - ok
15:43:17.0284 4832 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:43:17.0289 4832 msdsm - ok
15:43:17.0335 4832 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:43:17.0341 4832 MSDTC - ok
15:43:17.0398 4832 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:43:17.0401 4832 Msfs - ok
15:43:17.0425 4832 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:43:17.0429 4832 msisadrv - ok
15:43:17.0463 4832 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:43:17.0469 4832 MSiSCSI - ok
15:43:17.0478 4832 msiserver - ok
15:43:17.0532 4832 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:43:17.0535 4832 MSKSSRV - ok
15:43:17.0560 4832 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:17.0562 4832 MSPCLOCK - ok
15:43:17.0589 4832 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:43:17.0592 4832 MSPQM - ok
15:43:17.0632 4832 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:43:17.0638 4832 MsRPC - ok
15:43:17.0658 4832 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:43:17.0662 4832 mssmbios - ok
15:43:17.0726 4832 MSSQL$MSSMLBIZ - ok
15:43:17.0772 4832 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:43:17.0775 4832 MSSQLServerADHelper - ok
15:43:17.0851 4832 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:43:17.0853 4832 MSTEE - ok
15:43:17.0900 4832 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
15:43:17.0903 4832 MTsensor - ok
15:43:17.0935 4832 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:43:17.0938 4832 Mup - ok
15:43:18.0041 4832 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360 Premier Edition\Engine\6.3.0.14\ccSvcHst.exe
15:43:18.0045 4832 N360 - ok
15:43:18.0096 4832 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:43:18.0110 4832 napagent - ok
15:43:18.0157 4832 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:43:18.0163 4832 NativeWifiP - ok
15:43:18.0272 4832 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120926.002\NAVENG.SYS
15:43:18.0277 4832 NAVENG - ok
15:43:18.0364 4832 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120926.002\NAVEX15.SYS
15:43:18.0409 4832 NAVEX15 - ok
15:43:18.0470 4832 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:43:18.0486 4832 NDIS - ok
15:43:18.0522 4832 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:18.0524 4832 NdisTapi - ok
15:43:18.0536 4832 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:18.0539 4832 Ndisuio - ok
15:43:18.0592 4832 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:18.0597 4832 NdisWan - ok
15:43:18.0611 4832 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:43:18.0614 4832 NDProxy - ok
15:43:18.0659 4832 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:43:18.0662 4832 Net Driver HPZ12 - ok
15:43:18.0703 4832 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:43:18.0705 4832 NetBIOS - ok
15:43:18.0744 4832 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:43:18.0753 4832 netbt - ok
15:43:18.0824 4832 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:43:18.0827 4832 Netlogon - ok
15:43:18.0870 4832 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:43:18.0880 4832 Netman - ok
15:43:18.0908 4832 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:43:18.0917 4832 netprofm - ok
15:43:18.0959 4832 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:18.0963 4832 NetTcpPortSharing - ok
15:43:19.0098 4832 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:43:19.0186 4832 NETw5v32 - ok
15:43:19.0229 4832 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:43:19.0232 4832 nfrd960 - ok
15:43:19.0275 4832 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:43:19.0279 4832 NlaSvc - ok
15:43:19.0314 4832 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:43:19.0317 4832 Npfs - ok
15:43:19.0364 4832 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:43:19.0367 4832 nsi - ok
15:43:19.0412 4832 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:43:19.0414 4832 nsiproxy - ok
15:43:19.0460 4832 [ E127420B7FEB65C7F279EAAC183BBC0E ] NSL C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
15:43:19.0461 4832 NSL - ok
15:43:19.0531 4832 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:43:19.0556 4832 Ntfs - ok
15:43:19.0593 4832 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:43:19.0595 4832 ntrigdigi - ok
15:43:19.0650 4832 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
15:43:19.0652 4832 NuidFltr - ok
15:43:19.0678 4832 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:43:19.0679 4832 Null - ok
15:43:19.0709 4832 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:43:19.0713 4832 nvraid - ok
15:43:19.0735 4832 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:43:19.0738 4832 nvstor - ok
15:43:19.0763 4832 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:43:19.0768 4832 nv_agp - ok
15:43:19.0775 4832 NwlnkFlt - ok
15:43:19.0792 4832 NwlnkFwd - ok
15:43:19.0880 4832 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:43:19.0889 4832 odserv - ok
15:43:19.0940 4832 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:43:19.0943 4832 ohci1394 - ok
15:43:19.0993 4832 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:19.0997 4832 ose - ok
15:43:20.0060 4832 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:43:20.0075 4832 p2pimsvc - ok
15:43:20.0094 4832 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:43:20.0103 4832 p2psvc - ok
15:43:20.0141 4832 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:43:20.0144 4832 Parport - ok
15:43:20.0197 4832 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:43:20.0199 4832 partmgr - ok
15:43:20.0219 4832 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:43:20.0222 4832 Parvdm - ok
15:43:20.0283 4832 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
15:43:20.0285 4832 PassThru Service - ok
15:43:20.0318 4832 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:43:20.0321 4832 PcaSvc - ok
15:43:20.0389 4832 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:43:20.0394 4832 pci - ok
15:43:20.0445 4832 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:43:20.0474 4832 pciide - ok
15:43:20.0511 4832 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:43:20.0516 4832 pcmcia - ok
15:43:20.0571 4832 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:43:20.0589 4832 PEAUTH - ok
15:43:20.0675 4832 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:43:20.0707 4832 pla - ok
15:43:20.0739 4832 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:43:20.0746 4832 PlugPlay - ok
15:43:20.0786 4832 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:43:20.0788 4832 Pml Driver HPZ12 - ok
15:43:20.0827 4832 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:43:20.0835 4832 PNRPAutoReg - ok
15:43:20.0852 4832 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:43:20.0861 4832 PNRPsvc - ok
15:43:20.0904 4832 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:43:20.0912 4832 PolicyAgent - ok
15:43:20.0941 4832 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:43:20.0944 4832 PptpMiniport - ok
15:43:20.0972 4832 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:43:20.0974 4832 Processor - ok
15:43:21.0015 4832 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:43:21.0021 4832 ProfSvc - ok
15:43:21.0057 4832 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:21.0060 4832 ProtectedStorage - ok
15:43:21.0104 4832 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:43:21.0107 4832 PSched - ok
15:43:21.0114 4832 PS_MDP - ok
15:43:21.0204 4832 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:43:21.0231 4832 ql2300 - ok
15:43:21.0254 4832 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:43:21.0259 4832 ql40xx - ok
15:43:21.0347 4832 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:43:21.0357 4832 QWAVE - ok
15:43:21.0397 4832 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:43:21.0399 4832 QWAVEdrv - ok
15:43:21.0426 4832 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:43:21.0429 4832 RasAcd - ok
15:43:21.0443 4832 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:43:21.0449 4832 RasAuto - ok
15:43:21.0468 4832 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:21.0471 4832 Rasl2tp - ok
15:43:21.0522 4832 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:43:21.0529 4832 RasMan - ok
15:43:21.0564 4832 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:21.0566 4832 RasPppoe - ok
15:43:21.0600 4832 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:43:21.0603 4832 RasSstp - ok
15:43:21.0650 4832 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:43:21.0657 4832 rdbss - ok
15:43:21.0689 4832 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:21.0691 4832 RDPCDD - ok
15:43:21.0728 4832 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:43:21.0734 4832 rdpdr - ok
15:43:21.0740 4832 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:43:21.0743 4832 RDPENCDD - ok
15:43:21.0838 4832 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:43:21.0843 4832 RDPWD - ok
15:43:21.0849 4832 ReadyComm.DirectRouter - ok
15:43:21.0903 4832 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:43:21.0908 4832 RemoteAccess - ok
15:43:21.0941 4832 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:43:21.0946 4832 RemoteRegistry - ok
15:43:21.0978 4832 [ A5B12A4B3B774432DB9B9FA221190E59 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:43:21.0981 4832 rimmptsk - ok
15:43:22.0014 4832 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:43:22.0017 4832 rimsptsk - ok
15:43:22.0029 4832 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:43:22.0032 4832 rismxdp - ok
15:43:22.0067 4832 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:43:22.0070 4832 RpcLocator - ok
15:43:22.0117 4832 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:43:22.0126 4832 RpcSs - ok
15:43:22.0158 4832 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:43:22.0161 4832 rspndr - ok
15:43:22.0168 4832 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:43:22.0170 4832 SamSs - ok
15:43:22.0193 4832 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:43:22.0197 4832 sbp2port - ok
15:43:22.0236 4832 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:43:22.0241 4832 SCardSvr - ok
15:43:22.0289 4832 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:43:22.0305 4832 Schedule - ok
15:43:22.0346 4832 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:43:22.0347 4832 SCPolicySvc - ok
15:43:22.0395 4832 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:43:22.0399 4832 sdbus - ok
15:43:22.0445 4832 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:43:22.0451 4832 SDRSVC - ok
15:43:22.0492 4832 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:43:22.0494 4832 secdrv - ok
15:43:22.0512 4832 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:43:22.0516 4832 seclogon - ok
15:43:22.0537 4832 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:43:22.0541 4832 SENS - ok
15:43:22.0569 4832 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:43:22.0572 4832 Serenum - ok
15:43:22.0596 4832 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:43:22.0601 4832 Serial - ok
15:43:22.0626 4832 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:43:22.0628 4832 sermouse - ok
15:43:22.0682 4832 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:43:22.0687 4832 SessionEnv - ok
15:43:22.0727 4832 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:43:22.0730 4832 sffdisk - ok
15:43:22.0750 4832 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:43:22.0761 4832 sffp_mmc - ok
15:43:22.0865 4832 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:43:22.0882 4832 sffp_sd - ok
15:43:22.0925 4832 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:43:22.0942 4832 sfloppy - ok
15:43:23.0050 4832 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:43:23.0093 4832 SharedAccess - ok
15:43:23.0174 4832 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:23.0206 4832 ShellHWDetection - ok
15:43:23.0287 4832 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:43:23.0305 4832 sisagp - ok
15:43:23.0348 4832 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:43:23.0366 4832 SiSRaid2 - ok
15:43:23.0394 4832 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:43:23.0419 4832 SiSRaid4 - ok
15:43:24.0131 4832 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:43:25.0352 4832 slsvc - ok
15:43:25.0446 4832 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:43:25.0474 4832 SLUINotify - ok
15:43:25.0533 4832 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:43:25.0557 4832 Smb - ok
15:43:25.0624 4832 [ 5E62BA073C90E6C9D4EA199D6080F919 ] smserial C:\Windows\system32\DRIVERS\smserial.sys
15:43:25.0647 4832 smserial - ok
15:43:25.0679 4832 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:43:25.0682 4832 SNMPTRAP - ok
15:43:25.0771 4832 [ 1C3EBFD0C355CE8ADA349F09FE85FBCA ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
15:43:25.0805 4832 SNP2UVC - ok
15:43:25.0836 4832 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:43:25.0839 4832 spldr - ok
15:43:25.0884 4832 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:43:25.0889 4832 Spooler - ok
15:43:25.0955 4832 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:43:25.0960 4832 SQLBrowser - ok
15:43:26.0001 4832 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:43:26.0003 4832 SQLWriter - ok
15:43:26.0106 4832 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS
15:43:26.0123 4832 SRTSP - ok
15:43:26.0135 4832 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS
15:43:26.0139 4832 SRTSPX - ok
15:43:26.0207 4832 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:43:26.0215 4832 srv - ok
15:43:26.0252 4832 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:43:26.0257 4832 srv2 - ok
15:43:26.0280 4832 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:43:26.0283 4832 srvnet - ok
15:43:26.0375 4832 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:43:26.0380 4832 SSDPSRV - ok
15:43:26.0423 4832 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:43:26.0431 4832 SstpSvc - ok
15:43:26.0473 4832 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
15:43:26.0476 4832 StarOpen - ok
15:43:26.0553 4832 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:43:26.0569 4832 stisvc - ok
15:43:26.0607 4832 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:43:26.0610 4832 swenum - ok
15:43:26.0667 4832 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:43:26.0679 4832 swprv - ok
15:43:26.0707 4832 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:43:26.0711 4832 Symc8xx - ok
15:43:26.0768 4832 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS
15:43:26.0780 4832 SymDS - ok
15:43:26.0877 4832 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS
15:43:26.0905 4832 SymEFA - ok
15:43:26.0950 4832 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
15:43:26.0956 4832 SymEvent - ok
15:43:26.0987 4832 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS
15:43:26.0993 4832 SymIRON - ok
15:43:27.0045 4832 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\N360\0603000.00E\SYMTDIV.SYS
15:43:27.0057 4832 SYMTDIv - ok
15:43:27.0097 4832 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:43:27.0100 4832 Sym_hi - ok
15:43:27.0119 4832 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:43:27.0123 4832 Sym_u3 - ok
15:43:27.0175 4832 [ 3A2C66F1019FC72DD30B5A8B3570A6A9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:43:27.0183 4832 SynTP - ok
15:43:27.0241 4832 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:43:27.0257 4832 SysMain - ok
15:43:27.0327 4832 [ 2A69AF374BD2E12869D63812A749948C ] System_Repair_UpdateMonitor C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
15:43:27.0340 4832 System_Repair_UpdateMonitor - ok
15:43:27.0372 4832 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:43:27.0377 4832 TabletInputService - ok
15:43:27.0425 4832 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:43:27.0434 4832 TapiSrv - ok
15:43:27.0489 4832 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:43:27.0494 4832 TBS - ok
15:43:27.0564 4832 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:43:27.0592 4832 Tcpip - ok
15:43:27.0624 4832 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:43:27.0637 4832 Tcpip6 - ok
15:43:27.0683 4832 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:43:27.0687 4832 tcpipreg - ok
15:43:27.0725 4832 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:43:27.0729 4832 TDPIPE - ok
15:43:27.0752 4832 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:43:27.0763 4832 TDTCP - ok
15:43:27.0839 4832 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:43:27.0845 4832 tdx - ok
15:43:27.0881 4832 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:43:27.0886 4832 TermDD - ok
15:43:27.0936 4832 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:43:27.0950 4832 TermService - ok
15:43:27.0973 4832 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:43:27.0980 4832 Themes - ok
15:43:27.0998 4832 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:43:28.0003 4832 THREADORDER - ok
15:43:28.0041 4832 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:43:28.0046 4832 TrkWks - ok
15:43:28.0109 4832 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:43:28.0113 4832 TrustedInstaller - ok
15:43:28.0161 4832 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:28.0165 4832 tssecsrv - ok
15:43:28.0204 4832 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:43:28.0207 4832 tunmp - ok
15:43:28.0250 4832 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:43:28.0253 4832 tunnel - ok
15:43:28.0289 4832 [ 42B8E407CCB5A435C2DBBF119CD7F2DC ] tvtumon C:\Windows\system32\drivers\tvtumon.sys
15:43:28.0293 4832 tvtumon - ok
15:43:28.0319 4832 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:43:28.0324 4832 uagp35 - ok
15:43:28.0387 4832 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:43:28.0395 4832 udfs - ok
15:43:28.0433 4832 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:43:28.0440 4832 UI0Detect - ok
15:43:28.0465 4832 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:43:28.0470 4832 uliagpkx - ok
15:43:28.0521 4832 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:43:28.0535 4832 uliahci - ok
15:43:28.0564 4832 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:43:28.0569 4832 UlSata - ok
15:43:28.0597 4832 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:43:28.0603 4832 ulsata2 - ok
15:43:28.0623 4832 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:43:28.0627 4832 umbus - ok
15:43:28.0651 4832 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:43:28.0661 4832 upnphost - ok
15:43:28.0727 4832 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:43:28.0731 4832 USBAAPL - ok
15:43:28.0837 4832 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:28.0842 4832 usbccgp - ok
15:43:28.0891 4832 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:43:28.0896 4832 usbcir - ok
15:43:28.0946 4832 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:43:28.0950 4832 usbehci - ok
15:43:28.0989 4832 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:43:28.0997 4832 usbhub - ok
15:43:29.0026 4832 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:43:29.0029 4832 usbohci - ok
15:43:29.0067 4832 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:43:29.0071 4832 usbprint - ok
15:43:29.0097 4832 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:43:29.0101 4832 usbscan - ok
15:43:29.0128 4832 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:29.0132 4832 USBSTOR - ok
15:43:29.0154 4832 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:43:29.0159 4832 usbuhci - ok
15:43:29.0203 4832 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:43:29.0210 4832 usbvideo - ok
15:43:29.0252 4832 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:43:29.0257 4832 UxSms - ok
15:43:29.0304 4832 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:43:29.0319 4832 vds - ok
15:43:29.0368 4832 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:29.0371 4832 vga - ok
15:43:29.0400 4832 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:43:29.0403 4832 VgaSave - ok
15:43:29.0455 4832 [ 8E969805420E8A28822D539327CE8FFF ] vhidmini C:\Windows\system32\DRIVERS\ITEhidCIR.sys
15:43:29.0457 4832 vhidmini - ok
15:43:29.0481 4832 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:43:29.0486 4832 viaagp - ok
15:43:29.0513 4832 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:43:29.0517 4832 ViaC7 - ok
15:43:29.0540 4832 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:43:29.0545 4832 viaide - ok
15:43:29.0575 4832 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:43:29.0579 4832 volmgr - ok
15:43:29.0633 4832 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:43:29.0642 4832 volmgrx - ok
15:43:29.0689 4832 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:43:29.0697 4832 volsnap - ok
15:43:29.0739 4832 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:43:29.0745 4832 vsmraid - ok
15:43:29.0852 4832 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:43:29.0873 4832 VSS - ok
15:43:29.0926 4832 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:43:29.0937 4832 W32Time - ok
15:43:29.0972 4832 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:43:29.0975 4832 WacomPen - ok
15:43:30.0011 4832 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:43:30.0014 4832 Wanarp - ok
15:43:30.0022 4832 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:43:30.0024 4832 Wanarpv6 - ok
15:43:30.0059 4832 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:43:30.0075 4832 wcncsvc - ok
15:43:30.0106 4832 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:43:30.0112 4832 WcsPlugInService - ok
15:43:30.0136 4832 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:43:30.0139 4832 Wd - ok
15:43:30.0176 4832 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:43:30.0192 4832 Wdf01000 - ok
15:43:30.0225 4832 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:43:30.0232 4832 WdiServiceHost - ok
15:43:30.0239 4832 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:43:30.0245 4832 WdiSystemHost - ok
15:43:30.0282 4832 [ C7D64B97B0667F5A0E489B3F85BA02F2 ] Wdkbdmou C:\Windows\system32\DRIVERS\Wdkbdmou.sys
15:43:30.0285 4832 Wdkbdmou - ok
15:43:30.0310 4832 [ E4DC54E432E479A15C56DE6CBC85A154 ] wdmirror C:\Windows\system32\DRIVERS\WDMirror.sys
15:43:30.0317 4832 wdmirror - ok
15:43:30.0380 4832 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:43:30.0391 4832 WebClient - ok
15:43:30.0469 4832 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:43:30.0478 4832 Wecsvc - ok
15:43:30.0506 4832 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:43:30.0510 4832 wercplsupport - ok
15:43:30.0553 4832 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:43:30.0558 4832 WerSvc - ok
15:43:30.0600 4832 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:43:30.0604 4832 WimFltr - ok
15:43:30.0661 4832 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:43:30.0667 4832 WinDefend - ok
15:43:30.0675 4832 WinHttpAutoProxySvc - ok
15:43:30.0742 4832 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:43:30.0744 4832 Winmgmt - ok
15:43:30.0865 4832 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:43:30.0890 4832 WinRM - ok
15:43:30.0957 4832 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:43:30.0969 4832 Wlansvc - ok
15:43:31.0001 4832 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:43:31.0003 4832 WmiAcpi - ok
15:43:31.0044 4832 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:43:31.0048 4832 wmiApSrv - ok
15:43:31.0118 4832 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:43:31.0137 4832 WMPNetworkSvc - ok
15:43:31.0175 4832 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:43:31.0182 4832 WPCSvc - ok
15:43:31.0211 4832 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:43:31.0217 4832 WPDBusEnum - ok
15:43:31.0271 4832 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:43:31.0292 4832 WpdUsb - ok
15:43:31.0394 4832 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:43:31.0413 4832 WPFFontCache_v0400 - ok
15:43:31.0489 4832 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:43:31.0491 4832 ws2ifsl - ok
15:43:31.0530 4832 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:43:31.0537 4832 wscsvc - ok
15:43:31.0545 4832 WSearch - ok
15:43:31.0588 4832 [ 5D0A08EBF9660E07865907FB1AB022B5 ] WSVD C:\Windows\system32\drivers\WSVD.sys
15:43:31.0594 4832 WSVD - ok
15:43:31.0691 4832 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:43:31.0740 4832 wuauserv - ok
15:43:31.0832 4832 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:31.0836 4832 WUDFRd - ok
15:43:31.0872 4832 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:43:31.0877 4832 wudfsvc - ok
15:43:31.0904 4832 ================ Scan global ===============================
15:43:31.0942 4832 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:43:31.0986 4832 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:43:32.0015 4832 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:43:32.0068 4832 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:43:32.0078 4832 [Global] - ok
15:43:32.0080 4832 ================ Scan MBR ==================================
15:43:32.0096 4832 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:43:33.0326 4832 \Device\Harddisk0\DR0 - ok
15:43:33.0327 4832 ================ Scan VBR ==================================
15:43:33.0357 4832 [ 8066D6AC02CE81620873E1F466EB7B38 ] \Device\Harddisk0\DR0\Partition1
15:43:33.0360 4832 \Device\Harddisk0\DR0\Partition1 - ok
15:43:33.0386 4832 [ 7377F98E5687E5051C5C2E9780095DF7 ] \Device\Harddisk0\DR0\Partition2
15:43:33.0416 4832 \Device\Harddisk0\DR0\Partition2 - ok
15:43:33.0417 4832 ============================================================
15:43:33.0417 4832 Scan finished
15:43:33.0417 4832 ============================================================
15:43:33.0442 5172 Detected object count: 0
15:43:33.0442 5172 Actual detected object count: 0


aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 15:45:33
-----------------------------
15:45:33.577 OS Version: Windows 6.0.6002 Service Pack 2
15:45:33.577 Number of processors: 2 586 0xF0D
15:45:33.581 ComputerName: CARL-PC UserName: Carl
15:46:41.278 Initialize success
15:48:51.385 AVAST engine defs: 12092601
15:49:11.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:49:11.784 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
15:49:11.810 Disk 0 MBR read successfully
15:49:11.814 Disk 0 MBR scan
15:49:11.824 Disk 0 Windows VISTA default MBR code
15:49:11.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107630 MB offset 63
15:49:11.840 Disk 0 Partition - 00 0F Extended LBA 29886 MB offset 220427865
15:49:11.869 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 281638912
15:49:11.902 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29886 MB offset 220427928
15:49:11.915 Disk 0 scanning sectors +312581808
15:49:12.288 Disk 0 scanning C:\Windows\system32\drivers
15:49:27.827 Service scanning
15:50:17.930 Modules scanning
15:50:31.356 Disk 0 trace - called modules:
15:50:31.382 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:50:31.389 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864cdac8]
15:50:31.396 3 CLASSPNP.SYS[887a38b3] -> nt!IofCallDriver -> [0x853e7700]
15:50:31.403 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8464b028]
15:50:33.079 AVAST engine scan C:\Windows
15:50:38.911 AVAST engine scan C:\Windows\system32
15:55:50.294 AVAST engine scan C:\Windows\system32\drivers
15:56:22.119 AVAST engine scan C:\Users\Carl
16:04:19.624 AVAST engine scan C:\ProgramData
16:17:51.427 Scan finished successfully
02:29:20.982 Disk 0 MBR has been saved successfully to "C:\Users\Carl\Desktop\MBR.dat"
02:29:21.002 The log file has been saved successfully to "C:\Users\Carl\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 15:45:33
-----------------------------
15:45:33.577 OS Version: Windows 6.0.6002 Service Pack 2
15:45:33.577 Number of processors: 2 586 0xF0D
15:45:33.581 ComputerName: CARL-PC UserName: Carl
15:46:41.278 Initialize success
15:48:51.385 AVAST engine defs: 12092601
15:49:11.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:49:11.784 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
15:49:11.810 Disk 0 MBR read successfully
15:49:11.814 Disk 0 MBR scan
15:49:11.824 Disk 0 Windows VISTA default MBR code
15:49:11.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107630 MB offset 63
15:49:11.840 Disk 0 Partition - 00 0F Extended LBA 29886 MB offset 220427865
15:49:11.869 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 281638912
15:49:11.902 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29886 MB offset 220427928
15:49:11.915 Disk 0 scanning sectors +312581808
15:49:12.288 Disk 0 scanning C:\Windows\system32\drivers
15:49:27.827 Service scanning
15:50:17.930 Modules scanning
15:50:31.356 Disk 0 trace - called modules:
15:50:31.382 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:50:31.389 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864cdac8]
15:50:31.396 3 CLASSPNP.SYS[887a38b3] -> nt!IofCallDriver -> [0x853e7700]
15:50:31.403 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8464b028]
15:50:33.079 AVAST engine scan C:\Windows
15:50:38.911 AVAST engine scan C:\Windows\system32
15:55:50.294 AVAST engine scan C:\Windows\system32\drivers
15:56:22.119 AVAST engine scan C:\Users\Carl
16:04:19.624 AVAST engine scan C:\ProgramData
16:17:51.427 Scan finished successfully
02:29:20.982 Disk 0 MBR has been saved successfully to "C:\Users\Carl\Desktop\MBR.dat"
02:29:21.002 The log file has been saved successfully to "C:\Users\Carl\Desktop\aswMBR.txt"
02:48:25.059 Disk 0 MBR has been saved successfully to "C:\Users\Carl\Desktop\MBR.dat"
02:48:25.111 The log file has been saved successfully to "C:\Users\Carl\Desktop\aswMBR.txt"


Currently running ESET scan and will post log results when finished.

#5 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 27 September 2012 - 12:22 PM

There is no log to post from ESET because there were "no threats found". I am quite confused becaue the original scan by Malwarebytes plainly stated there were 4 threats found, quarantined, and deleted yet I am still having the re-direct issue and my scans do not seem to show anything.

Edited by shome1, 27 September 2012 - 12:23 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 PM

Posted 27 September 2012 - 12:56 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#7 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 28 September 2012 - 02:28 AM

Mini Toolbox Results:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Carl (administrator) on 28-09-2012 at 03:24:40
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 5100 = Wireless Network Connection (Connected)
Broadcom NetLink ™ Fast Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled mldversion=version2
add address name="Local Area Connection" address=0.0.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Carl-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 5100
Physical Address. . . . . . . . . : 00-16-EA-BA-B5-72
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:30b:82b4:27b9:686b:8f66:b568:f537(Preferred)
Temporary IPv6 Address. . . . . . : 2602:30b:82b4:27b9:258e:87c1:8e2a:46c8(Preferred)
Link-local IPv6 Address . . . . . : fe80::686b:8f66:b568:f537%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.175(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 28, 2012 2:54:44 AM
Lease Expires . . . . . . . . . . : Saturday, September 29, 2012 2:54:44 AM
Default Gateway . . . . . . . . . : fe80::224e:7fff:fe66:eb16%12
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 301995754
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-7E-55-4F-00-23-54-1C-0E-38
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
Physical Address. . . . . . . . . : 00-23-54-1C-0E-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E6CAB82B-F0AC-4706-9FF0-55C3CF08035C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E6CAB82B-F0AC-4706-9FF0-55C3CF08035C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 2001:4860:800a::8a



Pinging google.com [2001:4860:800a::8a] from 2602:30b:82b4:27b9:258e:87c1:8e2a:46c8 with 32 bytes of data:

Reply from 2001:4860:800a::8a: time=79ms

Reply from 2001:4860:800a::8a: time=79ms



Ping statistics for 2001:4860:800a::8a:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 79ms, Average = 79ms

Server: dslrouter
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=263ms TTL=41

Reply from 98.139.183.24: bytes=32 time=100ms TTL=39



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 100ms, Maximum = 263ms, Average = 181ms

Server: dslrouter
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=14ms TTL=128

Reply from 127.0.0.1: bytes=32 time=4ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 4ms, Maximum = 14ms, Average = 9ms

===========================================================================
Interface List
12 ...00 16 ea ba b5 72 ...... Intel® Wireless WiFi Link 5100
10 ...00 23 54 1c 0e 38 ...... Broadcom NetLink ™ Fast Ethernet
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{E6CAB82B-F0AC-4706-9FF0-55C3CF08035C}
14 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{E6CAB82B-F0AC-4706-9FF0-55C3CF08035C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.175 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.175 281
192.168.1.175 255.255.255.255 On-link 192.168.1.175 281
192.168.1.255 255.255.255.255 On-link 192.168.1.175 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.175 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.175 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 281 ::/0 fe80::224e:7fff:fe66:eb16
1 306 ::1/128 On-link
12 33 2602:30b:82b4:27b9::/64 On-link
12 281 2602:30b:82b4:27b9:258e:87c1:8e2a:46c8/128
On-link
12 281 2602:30b:82b4:27b9:686b:8f66:b568:f537/128
On-link
12 281 fe80::/64 On-link
12 281 fe80::686b:8f66:b568:f537/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/28/2012 02:52:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2012 01:27:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2012 01:15:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22885862

Error: (09/27/2012 01:15:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22885862

Error: (09/27/2012 01:15:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2012 03:24:44 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1104
Start Time: 01cd9c7feb197c20
Termination Time: 16

Error: (09/27/2012 03:15:48 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 17e8
Start Time: 01cd9c7fb00d8c70
Termination Time: 0

Error: (09/27/2012 03:14:09 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1020
Start Time: 01cd9c7f8d31a100
Termination Time: 0

Error: (09/27/2012 03:13:10 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1170
Start Time: 01cd9c1ed8d6bd0c
Termination Time: 78

Error: (09/27/2012 02:29:58 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16450, time stamp 0x503723f6, faulting module IEFRAME.dll, version 9.0.8112.16450, time stamp 0x5037273b, exception code 0xc0000005, fault offset 0x000fcccb,
process id 0xbbc, application start time 0xiexplore.exe0.


System errors:
=============
Error: (09/28/2012 02:52:52 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/28/2012 02:52:35 AM) (Source: Service Control Manager) (User: )
Description: dldtCATSCustConnectService%%1053

Error: (09/28/2012 02:52:35 AM) (Source: Service Control Manager) (User: )
Description: 30000dldtCATSCustConnectService

Error: (09/27/2012 01:27:41 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/27/2012 01:27:24 PM) (Source: Service Control Manager) (User: )
Description: dldtCATSCustConnectService%%1053

Error: (09/27/2012 01:27:24 PM) (Source: Service Control Manager) (User: )
Description: 30000dldtCATSCustConnectService

Error: (09/27/2012 04:53:23 AM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (09/27/2012 04:52:53 AM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (09/27/2012 04:52:29 AM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (09/26/2012 03:25:01 PM) (Source: DCOM) (User: Carl-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Carl-PCCarlS-1-5-21-760597530-1485631489-2846377820-1004LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (04/06/2012 01:09:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1079 seconds with 900 seconds of active time. This session ended with a crash.

Error: (07/14/2009 01:55:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/05/2009 08:30:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/24/2009 06:01:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
32 Bit HP CIO Components Installer (Version: 7.1.8)
7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Acrobat.com (Version: 1.7.258)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 10 Plugin (Version: 10.2.159.1)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
AT&T Toolbar
AT&T Wireless Connection Tool
ATK Hotkey (Version: 1.00.0042)
ATT-RC Self Support Tool
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 11.11.03)
BufferChm (Version: 100.0.170.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
C4340 (Version: 100.0.206.000)
C4340_Help (Version: 100.0.206.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Copy (Version: 100.0.170.000)
Crystal Reports 10 Support Files (Version: 1.00.0000)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink Power2Go (Version: 5.5.1.4113a)
Dell V305
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 10.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Dolby Control Center (Version: 2.0.0706)
EasyCapture
Energy Management (Version: 3.1.5.2)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 120.0.194.000)
GearDrvs (Version: 1.00.0000)
GearDrvs (Version: 5.0.0.2)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart C4340 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 100.0.170.000)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.021)
HTC Sync (Version: 3.2.20)
Intel® Graphics Media Accelerator Driver
ITECIR Driver (Version: 1.8)
iTunes (Version: 10.6.3.25)
Java™ 6 Update 19 (Version: 6.0.190)
Java™ 6 Update 7 (Version: 1.6.0.70)
Legalsounds Download Manager (Version: 1.4.9)
Lenovo EasyCamera
Lenovo OneKey Recovery (Version: 6.0.1730)
Lenovo ReadyComm 4.0 (Version: 4.0.0.25)
Lenovo System Repair - Windows Update Monitor (Version: 1.2.3.1811)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Mathematics Add-in (32-bit) (Version: 2.0.040811.01)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Motorola SM56 Speakerphone Modem
MSVCRT (Version: 14.0.1468.721)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Norton 360 Premier Edition (Version: 6.3.0.14)
Norton Safe Web Lite (Version: 2.0.0.16)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PanoStandAlone (Version: 100.0.170.000)
PS_AIO_03_C4340_ProductContext (Version: 100.0.215.000)
PS_AIO_03_C4340_Software (Version: 100.0.206.000)
PS_AIO_03_C4340_Software_Min (Version: 100.0.213.000)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.72.80.56)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5657)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (Version: 3.55.01)
Scan (Version: 10.0.0.0)
Shop for HP Supplies (Version: 10.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 110.0.180.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 11.1.7.1)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 110.0.180.000)
UnloadSupport (Version: 10.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VeriFace III
VideoToolkit01 (Version: 100.0.128.000)
WebReg (Version: 100.0.170.000)
WildGames (Version: 1.0.0.50)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinFlash
WinZip 12.1 (Version: 12.1.8519)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 85%
Total physical RAM: 2010.11 MB
Available physical RAM: 287.91 MB
Total Pagefile: 4259.48 MB
Available Pagefile: 2396.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:105.11 GB) (Free:48.17 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29.19 GB) (Free:27.46 GB) NTFS

========================= Users: ========================================

User accounts for \\CARL-PC

Administrator Carl Guest

========================= Restore Points ==================================

09-09-2012 05:58:56 Scheduled Checkpoint
13-09-2012 07:00:39 Windows Update
17-09-2012 00:41:42 Scheduled Checkpoint
23-09-2012 06:23:21 Windows Update
26-09-2012 12:32:50 Scheduled Checkpoint
27-09-2012 10:13:40 Scheduled Checkpoint

**** End of log ****

#8 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 28 September 2012 - 02:33 AM

FSS results:

Farbar Service Scanner Version: 19-09-2012
Ran by Carl (administrator) on 28-09-2012 at 03:32:18
Running from "C:\Users\Carl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H39OQSZT"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 22:24] - [2008-01-20 22:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#9 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 28 September 2012 - 04:04 AM

Malwarebytes results:


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.28.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carl :: CARL-PC [administrator]

Protection: Enabled

9/28/2012 3:20:56 AM
mbam-log-2012-09-28 (03-20-56).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364083
Time elapsed: 1 hour(s), 39 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



*******************************************************************
This is the log from the scan I preformed earier showing the
four items found including the Happili Trojan and RootKit findings
*******************************************************************


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carl :: CARL-PC [administrator]

Protection: Enabled

9/26/2012 4:16:52 AM
mbam-log-2012-09-26 (04-16-52).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 365308
Time elapsed: 2 hour(s), 34 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Carl\AppData\Local\Temp\0.7282864201578264 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Carl\AppData\Local\Temp\B608.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\A6CB.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\ncrypt.dll (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Edited by shome1, 28 September 2012 - 04:07 AM.


#10 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 28 September 2012 - 04:36 AM

Adware results:

# AdwCleaner v2.003 - Logfile created 09/28/2012 at 05:09:48
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Carl - CARL-PC
# Boot Mode : Normal
# Running from : C:\Users\Carl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YWPFVCCN\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S2].txt - [2209 octets] - [28/09/2012 05:09:48]

########## EOF - C:\AdwCleaner[S2].txt - [2269 octets] ##########




Junkware results:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.1 (09.27.2012)
OS: Windows Vista ™ Home Premium x86
Ran by Carl on Fri 09/28/2012 at 5:33:52.98
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}



*** Files:

Failed to delete: [FILE-LOCKED!] C:\eula.1028.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1031.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1033.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1036.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1040.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1041.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1042.txt
Failed to delete: [FILE-LOCKED!] C:\eula.2052.txt
Failed to delete: [FILE-LOCKED!] C:\install.res.1028.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1031.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1033.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1036.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1040.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1041.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1042.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.2052.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.3082.dll



*** Folders: 0 Detections






*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Fri 09/28/2012 at 5:33:53.41
End of Report

Edited by shome1, 28 September 2012 - 04:39 AM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 PM

Posted 28 September 2012 - 04:44 AM

Please run malwarebytes once again and post the log

Right click on Junkware tool-Run as administrator and post the generated log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#12 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 29 September 2012 - 03:14 AM

Malwarebytes results:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.28.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carl :: CARL-PC [administrator]

Protection: Enabled

9/28/2012 1:57:03 PM
mbam-log-2012-09-28 (13-57-03).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367271
Time elapsed: 2 hour(s), 27 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Rkill results:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/29/2012 04:01:39 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 09/29/2012 04:02:10 AM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)


Autoruns results:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ATT-SST_McciTrayApp" "" "" "File not found: C:\Program Files\ATT-SST\McciTrayApp.exe"
+ "ATT-SST_UninstallTracking" "" "" "File not found: C:\Users\Carl\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST"
+ "ATT_WCC" "mcci+McciTrayApp" "Motive Communications, Inc." "c:\program files\bellsouthwcc\mccitrayapp.exe"
+ "BellSouthWCC_McciTrayApp" "mcci+McciTrayApp" "Motive Communications, Inc." "c:\program files\bellsouthwcc\mccitrayapp.exe"
+ "dldtamon" "" "" "c:\program files\dell v305\dldtamon.exe"
+ "dldtmon.exe" "Printer Device Monitor" "" "c:\program files\dell v305\dldtmon.exe"
+ "Energy Management" "Lenovo Energy Management Software" "Lenovo (Beijing) Limited" "c:\program files\lenovo\energy management\energy management.exe"
+ "EnergyUtility" "Lenovo Battery Management Software Ver3.0" "Lenovo(beijing) Limited" "c:\program files\lenovo\energy management\utility.exe"
+ "HControlUser" "HControlUser" "" "c:\program files\atk hotkey\hcontroluser.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe"
+ "Skytel" "Realtek Voice Manager" "Realtek Semiconductor Corp." "c:\windows\skytel.exe"
+ "SMSERIAL" "SM56 Modem Helper" "Motorola Inc." "c:\program files\motorola\smserial\sm56hlpr.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre6\bin\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "VeriFaceManager" "" "" "c:\program files\lenovo\verifaceiii\pmanage.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
"C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Legalsounds Download Manager.lnk" "" "" "c:\program files\legalsounds download manager\legalsounds download manager.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apple" "Microsoft® InfoTech CC Local DLL" "Microsoft Corporation" "c:\users\carl\appdata\local\apple computer\apple\siagqzmv.dll"
+ "ReadyComm" "Lenovo ReadyComm" "Lenovo Group Limited" "c:\program files\lenovo\readycomm\readycomm.exe"
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "UpdateFlow.ATT-SST" "" "" "File not found: C:\Program Files\ATT-SST\McciBrowser.exe -AppKey=ATT-SST -URL=file://C:\Program Files\ATT-SST\OfflineUpdate\redirector.htm"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\bushell.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\navshext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "BuPropertySheet" "Backup Shell" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\bushell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "IkeyShlExt" "SimpleExt Module" "" "c:\windows\system32\simpleext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "BUContextMenu" "Backup Shell" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\bushell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\navshext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "OverlayExcluded" "Backup Shell" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\bushell.dll"
+ "OverlayPending" "Backup Shell" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\bushell.dll"
+ "OverlayProtected" "Backup Shell" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\bushell.dll"
+ "VeriFace Enc" "" "" "c:\windows\system32\icnovrly.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AT&&T Toolbar" "Toolbar Component" "AT&T" "c:\program files\atttoolbar\atttoolbar.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Norton Identity Protection" "coIEPlugIn" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\coieplg.dll"
+ "Norton Vulnerability Protection" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\ips\ipsbho.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\program files\real\realplayer\rpbrowserrecordplugin.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn0\ytsingleinstance.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "" "Toolbar Component" "AT&T" "c:\program files\atttoolbar\atttoolbar.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\coieplg.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\Launch HTC Sync Loader" "HTC UPCT Loader" "" "c:\program files\htc\htc sync 3.0\htcupctloader.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\Norton 360\Norton Error Analyzer" "Symantec Error Reporting" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\symerr.exe"
+ "\{8339D562-6ADC-4763-8CAE-9291EAFBAB0E}" "" "" "File not found: C:\Program Files\Skype\Phone\Skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "ASLDRService" "ASLDR Service" "" "c:\program files\atk hotkey\asldrsrv.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "dldt_device" "Printer Communication System" " " "c:\windows\system32\dldtcoms.exe"
+ "dldtCATSCustConnectService" "Service Executable" "" "c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files\wildgames\game console - wildgames\gameconsoleservice.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "IGRS" "Host IGRS services and support IGRS client applications." "Lenovo Group Limited" "c:\program files\lenovo\readycomm\common\igrs.exe"
+ "IncSvc" "Provides support for network monitor and configuration." "Lenovo Group Limited" "c:\program files\lenovo\readycomm\incsvc.dll"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McciCMService" "mcci+McciCMService" "Alcatel-Lucent" "c:\program files\common files\motive\mccicmservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"
+ "N360" "Norton 360" "Symantec Corporation" "c:\program files\norton 360 premier edition\engine\6.3.0.14\ccsvchst.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NSL" "Norton Safe Web Lite" "Symantec Corporation" "c:\program files\norton safe web lite\engine\2.0.0.16\ccsvchst.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PassThru Service" "Detect HTC Android device for internet pass-through function." "" "c:\program files\htc\internet pass-through\passthrusvr.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "PS_MDP" "Provides support for Lenovo ReadyComm Presentation Space." "Lenovo Group Limited" "c:\program files\lenovo\readycomm\ps_mdp.dll"
+ "ReadyComm.DirectRouter" "Enable computers in ad-hoc network interact with each other even with different netmask." "Lenovo Group Limited" "c:\program files\lenovo\readycomm\common\router.dll"
+ "SQLBrowser" "Provides SQL Server connection information to client computers." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "System_Repair_UpdateMonitor" "Monitors operating system files changed by Windows update and backup them instantly." "Lenovo Group Limited" "c:\program files\lenovo\onekey app\system repair\updatemonitor.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACPIVPC" "ACPI Virtual Power Controller Driver" "Lenovo Corporation" "c:\windows\system32\drivers\acpivpc.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BHDrvx86" "SONAR Engine Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120919.001\bhdrvx86.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "ccSet_N360" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys"
+ "ccSet_NST" "Common Client Settings Driver" "Symantec Corporation" "c:\windows\system32\drivers\nst\0200000.010\ccsetx86.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "funfrm" "" "" "c:\windows\system32\drivers\funfrm.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HTCAND32" "ADB Interface" "HTC, Corporation" "c:\windows\system32\drivers\androidusb.sys"
+ "htcnprot" "HTC NDIS Protocol Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\htcnprot.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "IDSVix86" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120928.001\idsvix86.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "IntcHdmiAddService" "Intel® High Definition Audio HDMI" "Intel® Corporation" "c:\windows\system32\drivers\intchdmi.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "MREMP50" "PCAUSA NDIS 5.0 MPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mremp50.sys"
+ "MREMP50a64" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS"
+ "MREMPR5" "Motive NDIS 5.0 MPR Protocol Driver" "Motive, Inc." "c:\program files\common files\motive\mrempr5.sys"
+ "MRENDIS5" "Motive NDIS 5.0 Protocol Driver" "Motive, Inc." "c:\program files\common files\motive\mrendis5.sys"
+ "MRESP50" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mresp50.sys"
+ "MRESP50a64" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS"
+ "MTsensor" "ATK0100 ACPI Utility" "ATK0100" "c:\windows\system32\drivers\atkacpi.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120928.003\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20120928.003\navex15.sys"
+ "NETw5v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v32.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "rimmptsk" "RICOH SD Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smserial" "Motorola SM56 Modem WDM Driver" "Motorola Inc." "c:\windows\system32\drivers\smserial.sys"
+ "SNP2UVC" "UVC Camera Streaming Driver" "" "c:\windows\system32\drivers\snp2uvc.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\n360\0603000.00e\srtsp.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\n360\0603000.00e\srtspx.sys"
+ "StarOpen" "" "" "c:\windows\system32\drivers\staropen.sys"
+ "SymDS" "Symantec Data Store" "Symantec Corporation" "c:\windows\system32\drivers\n360\0603000.00e\symds.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\n360\0603000.00e\symefa.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent.sys"
+ "SymIRON" "Iron Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys"
+ "SYMTDIv" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\n360\0603000.00e\symtdiv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "tvtumon" "Windows Update Monitor Driver" "Lenovo" "c:\windows\system32\drivers\tvtumon.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "vhidmini" "ITEhidCIR" "ITE Tech. Inc. " "c:\windows\system32\drivers\itehidcir.sys"
+ "Wdkbdmou" "" "" "c:\windows\system32\drivers\wdkbdmou.sys"
+ "wdmirror" "WDMirror Miniport Driver" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\wdmirror.sys"
+ "WSVD" "WIN32" "CyberLink" "c:\windows\system32\drivers\wsvd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.clmp3enc" "CLMP3Enc" "CyberLink Corp." "c:\program files\lenovo\power2go\clmp3enc.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gaursmpl.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gaudiocd.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gdump.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files\lenovo\power2go\p2greader.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files\lenovo\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files\lenovo\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files\lenovo\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gpcmenc.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gtlmsplter.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\lenovo\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files\lenovo\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files\lenovo\power2go\p2gvideostabilizer.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "FunBox Avi Source" "" "" "File not found: C:\Program Files\Samsung\Samsung PC Studio 3\FunAviSplitter.ax"
+ "FunBox Avi Splitter" "" "" "File not found: C:\Program Files\Samsung\Samsung PC Studio 3\FunAviSplitter.ax"
+ "HP VTK Frame Grabber Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK MPEG-1 Encoder" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Resize Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Rotate Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files\lenovo\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\lenovo\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files\lenovo\power2go\p2gresample.ax"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "ImageReog" "Lenovo VeriFace Vista Credential Library" "" "c:\windows\system32\imagereog.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpz3l5mu" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l5mu.dll"
+ "V305 Port" "Printer Communication System" " " "c:\windows\system32\dldtlmpm.dll"
"C:\Users\Carl\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Calendar" "Browse the days of the calendar." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml"
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\Gadget.xml"
+ "Norton 360" "Protect your computer against digital dangers." "Symantec Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\en-US\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 PM

Posted 29 September 2012 - 03:58 AM

Launch Autoruns and uncheck this entry

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apple" "Microsoft® InfoTech CC Local DLL" "Microsoft Corporation" "c:\users\carl\appdata\local\apple computer\apple\siagqzmv.dll"

Restart the PC and delete this file

c:\users\carl\appdata\local\apple computer\apple\siagqzmv.dll

Check if you still have redirects

#14 shome1

shome1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 29 September 2012 - 12:25 PM

Did a quick check on re-direct by doing Google searches, and all seems to be well at the moment.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 PM

Posted 29 September 2012 - 01:02 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP-http://support.microsoft.com/kb/310405

Vista & windows 7-http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users