Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome


  • Please log in to reply
18 replies to this topic

#1 Vcali

Vcali

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 19 October 2012 - 02:51 PM

Hello, you guys just recently helped me fix a problem on my xp desktop, thank you. I might now have a problem with my vitsa laptop. First off its super slow, I haven't ran any kind of antivirus on it for a while, so when it became really bad I realized this and ran malwarebytes, it found 49 infections and these infections were funmoods (all of the 49). So i deleted all of them. Now, let me take you a couple weeks back, Im using my computer and all of a sudden the screen goes blue and I try and turn it off, when I turn the computer back on, i start my google chrome and it doesnt take me to google instead the background and the search engine was funmoods. I changed the search engine back to google and it searched as google but when I open google chrome to use for my internet its still funmoods. So, now I dont know if im still infected or not. I also ran CC cleaner and cleaned some files. So im not sure if its an infection or my comp is just slow. Sorry for writing so much, thank you in advance.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 19 October 2012 - 04:45 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Jean-Guy

Jean-Guy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 19 October 2012 - 08:03 PM

Control Panel >> Programs >> Uninstall >> funmoods
Then in Chrome, ,select Tools,Select the funmoods Extension and thrash it, as well as any other extension you don't know.
Reset your home page and search engine in the options menu.

#4 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 October 2012 - 01:55 AM

TDSS Killer log:



23:51:26.0122 7868 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:51:27.0382 7868 ============================================================
23:51:27.0382 7868 Current date / time: 2012/10/19 23:51:27.0382
23:51:27.0382 7868 SystemInfo:
23:51:27.0382 7868
23:51:27.0383 7868 OS Version: 6.0.6002 ServicePack: 2.0
23:51:27.0383 7868 Product type: Workstation
23:51:27.0383 7868 ComputerName: VALERCHIK-PC
23:51:27.0410 7868 UserName: VaLeRcHiK
23:51:27.0410 7868 Windows directory: C:\Windows
23:51:27.0410 7868 System windows directory: C:\Windows
23:51:27.0410 7868 Processor architecture: Intel x86
23:51:27.0411 7868 Number of processors: 2
23:51:27.0411 7868 Page size: 0x1000
23:51:27.0411 7868 Boot type: Normal boot
23:51:27.0411 7868 ============================================================
23:51:36.0759 7868 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:51:37.0107 7868 ============================================================
23:51:37.0107 7868 \Device\Harddisk0\DR0:
23:51:37.0125 7868 MBR partitions:
23:51:37.0125 7868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA6000
23:51:37.0125 7868 ============================================================
23:51:37.0203 7868 C: <-> \Device\Harddisk0\DR0\Partition1
23:51:37.0726 7868 ============================================================
23:51:37.0726 7868 Initialize success
23:51:37.0726 7868 ============================================================
23:53:27.0929 7656 ============================================================
23:53:27.0929 7656 Scan started
23:53:27.0929 7656 Mode: Manual; TDLFS;
23:53:27.0929 7656 ============================================================
23:53:28.0979 7656 ================ Scan system memory ========================
23:53:28.0980 7656 System memory - ok
23:53:28.0986 7656 ================ Scan services =============================
23:53:29.0250 7656 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:53:29.0261 7656 ACPI - ok
23:53:29.0304 7656 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:53:29.0365 7656 adp94xx - ok
23:53:29.0406 7656 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:53:29.0459 7656 adpahci - ok
23:53:29.0506 7656 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:53:29.0579 7656 adpu160m - ok
23:53:29.0641 7656 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:53:29.0686 7656 adpu320 - ok
23:53:29.0877 7656 [ 9EABD21316CCF59E508BD4662AD02843 ] AdvancedSystemCareService C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
23:53:29.0989 7656 AdvancedSystemCareService - ok
23:53:30.0047 7656 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:53:30.0052 7656 AeLookupSvc - ok
23:53:30.0136 7656 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:53:30.0202 7656 AFD - ok
23:53:30.0261 7656 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
23:53:30.0322 7656 AgereModemAudio - ok
23:53:30.0411 7656 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
23:53:30.0709 7656 AgereSoftModem - ok
23:53:30.0760 7656 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:53:30.0811 7656 agp440 - ok
23:53:30.0867 7656 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:53:30.0915 7656 aic78xx - ok
23:53:30.0950 7656 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:53:30.0999 7656 ALG - ok
23:53:31.0032 7656 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:53:31.0069 7656 aliide - ok
23:53:31.0127 7656 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:53:31.0183 7656 amdagp - ok
23:53:31.0224 7656 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:53:31.0279 7656 amdide - ok
23:53:31.0331 7656 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:53:31.0385 7656 AmdK7 - ok
23:53:31.0423 7656 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:53:31.0460 7656 AmdK8 - ok
23:53:31.0558 7656 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:53:31.0607 7656 AntiVirSchedulerService - ok
23:53:31.0691 7656 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:53:31.0698 7656 AntiVirService - ok
23:53:31.0744 7656 [ 7C2F57BCE81FA74933F0E1C84A97C9DB ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
23:53:31.0781 7656 ApfiltrService - ok
23:53:31.0832 7656 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:53:31.0834 7656 Appinfo - ok
23:53:31.0877 7656 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:53:31.0916 7656 arc - ok
23:53:31.0962 7656 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:53:32.0015 7656 arcsas - ok
23:53:32.0057 7656 aswUpdSv - ok
23:53:32.0095 7656 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:53:32.0164 7656 AsyncMac - ok
23:53:32.0200 7656 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:53:32.0201 7656 atapi - ok
23:53:32.0272 7656 [ CA6078DDA7CF80FEC230D9478BBE6C1B ] athr C:\Windows\system32\DRIVERS\athr.sys
23:53:32.0342 7656 athr - ok
23:53:32.0406 7656 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:53:32.0416 7656 AudioEndpointBuilder - ok
23:53:32.0431 7656 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:53:32.0436 7656 Audiosrv - ok
23:53:32.0467 7656 [ 6A646C46B9415E13095AA9B352040A7A ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
23:53:32.0512 7656 avgio - ok
23:53:32.0560 7656 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:53:32.0612 7656 avgntflt - ok
23:53:32.0673 7656 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:53:32.0726 7656 avipbb - ok
23:53:32.0773 7656 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:53:32.0818 7656 Beep - ok
23:53:32.0870 7656 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:53:32.0879 7656 BFE - ok
23:53:32.0950 7656 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
23:53:32.0969 7656 BITS - ok
23:53:33.0000 7656 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:53:33.0008 7656 blbdrive - ok
23:53:33.0045 7656 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:53:33.0089 7656 bowser - ok
23:53:33.0128 7656 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:53:33.0158 7656 BrFiltLo - ok
23:53:33.0185 7656 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:53:33.0192 7656 BrFiltUp - ok
23:53:33.0239 7656 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:53:33.0242 7656 Browser - ok
23:53:33.0458 7656 [ 9FCD0930616714A752F48DDBA54F3109 ] Browser Manager C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
23:53:33.0724 7656 Browser Manager - ok
23:53:33.0770 7656 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:53:33.0857 7656 Brserid - ok
23:53:33.0925 7656 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:53:33.0967 7656 BrSerWdm - ok
23:53:33.0996 7656 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:53:34.0022 7656 BrUsbMdm - ok
23:53:34.0054 7656 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:53:34.0081 7656 BrUsbSer - ok
23:53:34.0134 7656 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:53:34.0175 7656 BTHMODEM - ok
23:53:34.0275 7656 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:53:34.0311 7656 cdfs - ok
23:53:34.0353 7656 [ BF79E659C506674C0497CC9C61F1A165 ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
23:53:34.0396 7656 Cdr4_xp - ok
23:53:34.0405 7656 [ 2C41CD49D82D5FD85C72D57B6CA25471 ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
23:53:34.0434 7656 Cdralw2k - ok
23:53:34.0508 7656 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:53:34.0550 7656 cdrom - ok
23:53:34.0611 7656 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:53:34.0615 7656 CertPropSvc - ok
23:53:34.0643 7656 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
23:53:34.0686 7656 circlass - ok
23:53:34.0736 7656 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:53:34.0820 7656 CLFS - ok
23:53:34.0894 7656 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:53:35.0039 7656 clr_optimization_v2.0.50727_32 - ok
23:53:35.0164 7656 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:53:35.0241 7656 clr_optimization_v4.0.30319_32 - ok
23:53:35.0291 7656 CLTNetCnService - ok
23:53:35.0343 7656 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:53:35.0375 7656 CmBatt - ok
23:53:35.0414 7656 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:53:35.0470 7656 cmdide - ok
23:53:35.0516 7656 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:53:35.0561 7656 Compbatt - ok
23:53:35.0571 7656 COMSysApp - ok
23:53:35.0664 7656 [ 596E452B5152EC9AFE8153D296459D2B ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
23:53:35.0711 7656 ConfigFree Service - ok
23:53:35.0745 7656 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:53:35.0784 7656 crcdisk - ok
23:53:35.0812 7656 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:53:35.0856 7656 Crusoe - ok
23:53:35.0928 7656 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:53:35.0933 7656 CryptSvc - ok
23:53:35.0982 7656 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
23:53:36.0012 7656 CVirtA - ok
23:53:36.0137 7656 [ 08D8FA119F2AD6AC0377FB667523482E ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
23:53:36.0243 7656 CVPND - ok
23:53:36.0298 7656 [ 1C2999966F0F36AA44EAECBEE70CF770 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
23:53:36.0361 7656 CVPNDRVA - ok
23:53:36.0437 7656 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:53:36.0456 7656 DcomLaunch - ok
23:53:36.0492 7656 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:53:36.0563 7656 DfsC - ok
23:53:36.0676 7656 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:53:36.0788 7656 DFSR - ok
23:53:36.0899 7656 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:53:36.0907 7656 Dhcp - ok
23:53:36.0970 7656 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:53:37.0007 7656 disk - ok
23:53:37.0069 7656 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
23:53:37.0074 7656 DNE - ok
23:53:37.0121 7656 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:53:37.0210 7656 Dnscache - ok
23:53:37.0338 7656 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:53:37.0444 7656 dot3svc - ok
23:53:37.0514 7656 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:53:37.0566 7656 Dot4 - ok
23:53:37.0600 7656 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:53:37.0664 7656 Dot4Print - ok
23:53:37.0709 7656 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:53:37.0771 7656 dot4usb - ok
23:53:37.0916 7656 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:53:37.0923 7656 DPS - ok
23:53:38.0053 7656 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:53:38.0106 7656 drmkaud - ok
23:53:38.0327 7656 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:53:38.0429 7656 DXGKrnl - ok
23:53:38.0485 7656 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:53:38.0516 7656 E1G60 - ok
23:53:38.0580 7656 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:53:38.0583 7656 EapHost - ok
23:53:38.0634 7656 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:53:38.0696 7656 Ecache - ok
23:53:38.0763 7656 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:53:38.0813 7656 ehRecvr - ok
23:53:38.0843 7656 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:53:38.0883 7656 ehSched - ok
23:53:38.0909 7656 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:53:38.0943 7656 ehstart - ok
23:53:39.0038 7656 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:53:39.0107 7656 elxstor - ok
23:53:39.0184 7656 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:53:39.0201 7656 EMDMgmt - ok
23:53:39.0302 7656 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:53:39.0312 7656 ErrDev - ok
23:53:39.0377 7656 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:53:39.0389 7656 EventSystem - ok
23:53:39.0444 7656 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:53:39.0491 7656 exfat - ok
23:53:39.0542 7656 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:53:39.0597 7656 fastfat - ok
23:53:39.0663 7656 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:53:39.0699 7656 fdc - ok
23:53:39.0761 7656 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:53:39.0819 7656 fdPHost - ok
23:53:39.0859 7656 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:53:39.0914 7656 FDResPub - ok
23:53:39.0977 7656 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:53:40.0025 7656 FileInfo - ok
23:53:40.0157 7656 [ 8A231081166D912D5EF4E525F5A1CB7B ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
23:53:40.0198 7656 FileMonitor - ok
23:53:40.0244 7656 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:53:40.0285 7656 Filetrace - ok
23:53:40.0336 7656 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:53:40.0368 7656 flpydisk - ok
23:53:40.0420 7656 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:53:40.0470 7656 FltMgr - ok
23:53:40.0582 7656 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:53:40.0655 7656 FontCache - ok
23:53:40.0758 7656 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:53:40.0906 7656 FontCache3.0.0.0 - ok
23:53:40.0946 7656 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:53:41.0014 7656 Fs_Rec - ok
23:53:41.0051 7656 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:53:41.0092 7656 gagp30kx - ok
23:53:41.0580 7656 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
23:53:41.0656 7656 GameConsoleService - ok
23:53:41.0704 7656 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:53:41.0765 7656 GEARAspiWDM - ok
23:53:42.0067 7656 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:53:42.0110 7656 GoogleDesktopManager-051210-111108 - ok
23:53:42.0288 7656 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:53:42.0346 7656 gpsvc - ok
23:53:42.0465 7656 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:53:42.0467 7656 gupdate - ok
23:53:42.0514 7656 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:53:42.0516 7656 gupdatem - ok
23:53:42.0612 7656 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:53:42.0666 7656 gusvc - ok
23:53:42.0722 7656 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:53:42.0783 7656 HdAudAddService - ok
23:53:42.0850 7656 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:53:42.0911 7656 HDAudBus - ok
23:53:42.0946 7656 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:53:42.0988 7656 HidBth - ok
23:53:43.0072 7656 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:53:43.0105 7656 HidIr - ok
23:53:43.0139 7656 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
23:53:43.0143 7656 hidserv - ok
23:53:43.0180 7656 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:53:43.0187 7656 HidUsb - ok
23:53:43.0227 7656 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:53:43.0233 7656 hkmsvc - ok
23:53:43.0259 7656 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:53:43.0325 7656 HpCISSs - ok
23:53:43.0443 7656 [ 390920E11D7729A7B98799EBE20E38FB ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:53:43.0510 7656 hpqcxs08 - ok
23:53:43.0589 7656 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:53:43.0855 7656 HTTP - ok
23:53:43.0901 7656 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:53:43.0943 7656 i2omp - ok
23:53:44.0066 7656 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:53:44.0106 7656 i8042prt - ok
23:53:44.0146 7656 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:53:44.0195 7656 iaStorV - ok
23:53:44.0282 7656 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:53:44.0347 7656 IDriverT - ok
23:53:44.0426 7656 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:53:44.0581 7656 idsvc - ok
23:53:44.0815 7656 [ 038815297078D236D8CC064C295A74C6 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:53:44.0914 7656 igfx - ok
23:53:44.0953 7656 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:53:44.0991 7656 iirsp - ok
23:53:45.0054 7656 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:53:45.0071 7656 IKEEXT - ok
23:53:45.0153 7656 [ 1F0AEDCBD294A0A3B479896B278AD343 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
23:53:45.0264 7656 IMFservice - ok
23:53:45.0396 7656 [ 8A4341616976E47712B60F18C7049DCC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:53:45.0507 7656 IntcAzAudAddService - ok
23:53:45.0571 7656 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
23:53:45.0615 7656 intelide - ok
23:53:45.0662 7656 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:53:45.0715 7656 intelppm - ok
23:53:45.0778 7656 [ 724A9E06F0A846F2556F2E3EDD251CC4 ] IObitUnlocker C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys
23:53:45.0826 7656 IObitUnlocker - ok
23:53:45.0877 7656 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:53:45.0930 7656 IPBusEnum - ok
23:53:45.0967 7656 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:53:46.0005 7656 IpFilterDriver - ok
23:53:46.0065 7656 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:53:46.0100 7656 iphlpsvc - ok
23:53:46.0116 7656 IpInIp - ok
23:53:46.0163 7656 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:53:46.0204 7656 IPMIDRV - ok
23:53:46.0239 7656 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:53:46.0297 7656 IPNAT - ok
23:53:46.0334 7656 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:53:46.0372 7656 IRENUM - ok
23:53:46.0408 7656 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:53:46.0465 7656 isapnp - ok
23:53:46.0529 7656 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:53:46.0599 7656 iScsiPrt - ok
23:53:46.0630 7656 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:53:46.0679 7656 iteatapi - ok
23:53:46.0728 7656 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:53:46.0741 7656 iteraid - ok
23:53:46.0830 7656 [ 723BA0AEC942E91C0A9CE146E73DECEB ] jswpsapi C:\Program Files\Jumpstart\jswpsapi.exe
23:53:46.0872 7656 jswpsapi - ok
23:53:46.0908 7656 [ 7E72514A3A1C5A9F3BFF0660B3866C2B ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
23:53:46.0957 7656 jswpslwf - ok
23:53:47.0000 7656 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:53:47.0052 7656 kbdclass - ok
23:53:47.0085 7656 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:53:47.0119 7656 kbdhid - ok
23:53:47.0160 7656 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
23:53:47.0164 7656 KeyIso - ok
23:53:47.0206 7656 [ E8CA038F51F7761BD6E3A3B0B8014263 ] KR10I C:\Windows\system32\drivers\kr10i.sys
23:53:47.0264 7656 KR10I - ok
23:53:47.0313 7656 [ 6A4ADB9186DD0E114E623DAF57E42B31 ] KR10N C:\Windows\system32\drivers\kr10n.sys
23:53:47.0372 7656 KR10N - ok
23:53:47.0439 7656 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:53:47.0734 7656 KSecDD - ok
23:53:47.0801 7656 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:53:47.0815 7656 KtmRm - ok
23:53:47.0862 7656 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
23:53:47.0873 7656 LanmanServer - ok
23:53:47.0920 7656 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:53:47.0932 7656 LanmanWorkstation - ok
23:53:48.0089 7656 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:53:48.0431 7656 LiveUpdate - ok
23:53:48.0441 7656 LiveUpdate Notice Ex - ok
23:53:48.0516 7656 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
23:53:48.0587 7656 LiveUpdate Notice Service - ok
23:53:48.0637 7656 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:53:48.0671 7656 lltdio - ok
23:53:48.0729 7656 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:53:48.0795 7656 lltdsvc - ok
23:53:48.0833 7656 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:53:48.0840 7656 lmhosts - ok
23:53:48.0907 7656 [ 515FC18CABEE0158A324B08B1C2667CF ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
23:53:48.0940 7656 LPCFilter - ok
23:53:48.0974 7656 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:53:49.0008 7656 LSI_FC - ok
23:53:49.0036 7656 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:53:49.0091 7656 LSI_SAS - ok
23:53:49.0130 7656 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:53:49.0183 7656 LSI_SCSI - ok
23:53:49.0222 7656 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:53:49.0290 7656 luafv - ok
23:53:49.0337 7656 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:53:49.0363 7656 MBAMProtector - ok
23:53:49.0445 7656 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:53:49.0509 7656 MBAMScheduler - ok
23:53:49.0576 7656 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:53:49.0654 7656 MBAMService - ok
23:53:49.0714 7656 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:53:49.0750 7656 Mcx2Svc - ok
23:53:49.0810 7656 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:53:49.0842 7656 megasas - ok
23:53:49.0913 7656 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:53:49.0979 7656 MegaSR - ok
23:53:50.0072 7656 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:53:50.0123 7656 Microsoft Office Groove Audit Service - ok
23:53:50.0169 7656 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:53:50.0176 7656 MMCSS - ok
23:53:50.0191 7656 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:53:50.0223 7656 Modem - ok
23:53:50.0284 7656 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:53:50.0322 7656 monitor - ok
23:53:50.0358 7656 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:53:50.0395 7656 mouclass - ok
23:53:50.0426 7656 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:53:50.0473 7656 mouhid - ok
23:53:50.0515 7656 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:53:50.0532 7656 MountMgr - ok
23:53:50.0592 7656 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
23:53:50.0613 7656 mpio - ok
23:53:50.0644 7656 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:53:50.0685 7656 mpsdrv - ok
23:53:50.0762 7656 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:53:50.0780 7656 MpsSvc - ok
23:53:50.0808 7656 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:53:50.0861 7656 Mraid35x - ok
23:53:50.0917 7656 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:53:50.0962 7656 MRxDAV - ok
23:53:51.0016 7656 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:53:51.0034 7656 mrxsmb - ok
23:53:51.0092 7656 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:53:51.0161 7656 mrxsmb10 - ok
23:53:51.0207 7656 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:53:51.0246 7656 mrxsmb20 - ok
23:53:51.0293 7656 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
23:53:51.0328 7656 msahci - ok
23:53:51.0378 7656 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:53:51.0427 7656 msdsm - ok
23:53:51.0465 7656 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:53:51.0522 7656 MSDTC - ok
23:53:51.0550 7656 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:53:51.0592 7656 Msfs - ok
23:53:51.0641 7656 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:53:51.0683 7656 msisadrv - ok
23:53:51.0735 7656 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:53:51.0781 7656 MSiSCSI - ok
23:53:51.0793 7656 msiserver - ok
23:53:51.0837 7656 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:53:51.0875 7656 MSKSSRV - ok
23:53:51.0938 7656 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:53:51.0967 7656 MSPCLOCK - ok
23:53:52.0017 7656 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:53:52.0051 7656 MSPQM - ok
23:53:52.0117 7656 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:53:52.0177 7656 MsRPC - ok
23:53:52.0232 7656 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:53:52.0273 7656 mssmbios - ok
23:53:52.0368 7656 MSSQL$SQLEXPRESS - ok
23:53:52.0453 7656 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:53:52.0496 7656 MSSQLServerADHelper100 - ok
23:53:52.0531 7656 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:53:52.0558 7656 MSTEE - ok
23:53:52.0615 7656 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:53:52.0670 7656 Mup - ok
23:53:52.0740 7656 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:53:52.0758 7656 napagent - ok
23:53:52.0817 7656 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:53:52.0860 7656 NativeWifiP - ok
23:53:52.0953 7656 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:53:53.0030 7656 NDIS - ok
23:53:53.0068 7656 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:53:53.0116 7656 NdisTapi - ok
23:53:53.0151 7656 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:53:53.0186 7656 Ndisuio - ok
23:53:53.0240 7656 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:53:53.0279 7656 NdisWan - ok
23:53:53.0310 7656 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:53:53.0354 7656 NDProxy - ok
23:53:53.0409 7656 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:53:53.0440 7656 Net Driver HPZ12 - ok
23:53:53.0474 7656 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:53:53.0512 7656 NetBIOS - ok
23:53:53.0555 7656 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:53:53.0574 7656 netbt - ok
23:53:53.0595 7656 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
23:53:53.0599 7656 Netlogon - ok
23:53:53.0645 7656 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:53:53.0656 7656 Netman - ok
23:53:53.0690 7656 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:53:53.0723 7656 netprofm - ok
23:53:53.0783 7656 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:53:53.0969 7656 NetTcpPortSharing - ok
23:53:54.0127 7656 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
23:53:54.0402 7656 NETw3v32 - ok
23:53:54.0439 7656 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:53:54.0484 7656 nfrd960 - ok
23:53:54.0555 7656 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:53:54.0567 7656 NlaSvc - ok
23:53:54.0613 7656 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:53:54.0687 7656 Npfs - ok
23:53:54.0796 7656 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:53:54.0805 7656 nsi - ok
23:53:54.0848 7656 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:53:54.0892 7656 nsiproxy - ok
23:53:55.0002 7656 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:53:55.0072 7656 Ntfs - ok
23:53:55.0098 7656 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:53:55.0151 7656 ntrigdigi - ok
23:53:55.0183 7656 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:53:55.0219 7656 Null - ok
23:53:55.0255 7656 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:53:55.0297 7656 nvraid - ok
23:53:55.0327 7656 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:53:55.0356 7656 nvstor - ok
23:53:55.0387 7656 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:53:55.0440 7656 nv_agp - ok
23:53:55.0448 7656 NwlnkFlt - ok
23:53:55.0460 7656 NwlnkFwd - ok
23:53:55.0587 7656 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:53:55.0616 7656 odserv - ok
23:53:55.0669 7656 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:53:55.0711 7656 ohci1394 - ok
23:53:55.0764 7656 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:53:55.0784 7656 ose - ok
23:53:55.0849 7656 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:53:55.0945 7656 p2pimsvc - ok
23:53:55.0980 7656 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:53:55.0994 7656 p2psvc - ok
23:53:56.0047 7656 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:53:56.0091 7656 Parport - ok
23:53:56.0129 7656 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:53:56.0162 7656 partmgr - ok
23:53:56.0193 7656 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:53:56.0225 7656 Parvdm - ok
23:53:56.0262 7656 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:53:56.0267 7656 PcaSvc - ok
23:53:56.0314 7656 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:53:56.0359 7656 pci - ok
23:53:56.0411 7656 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
23:53:56.0449 7656 pciide - ok
23:53:56.0529 7656 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:53:56.0570 7656 pcmcia - ok
23:53:56.0624 7656 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
23:53:56.0658 7656 pcouffin - ok
23:53:56.0732 7656 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:53:56.0801 7656 PEAUTH - ok
23:53:56.0906 7656 [ 56652AF63296E1B0304162C5E7DB5FAF ] PfFilter C:\Program Files\IObit\Protected Folder\pffilter.sys
23:53:56.0951 7656 PfFilter - ok
23:53:57.0015 7656 [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1 ] pinger C:\Toshiba\IVP\ISM\pinger.exe
23:53:57.0095 7656 pinger - ok
23:53:57.0180 7656 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:53:57.0260 7656 pla - ok
23:53:57.0303 7656 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:53:57.0314 7656 PlugPlay - ok
23:53:57.0383 7656 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:53:57.0424 7656 Pml Driver HPZ12 - ok
23:53:57.0479 7656 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:53:57.0489 7656 PNRPAutoReg - ok
23:53:57.0509 7656 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:53:57.0517 7656 PNRPsvc - ok
23:53:57.0552 7656 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:53:57.0617 7656 PolicyAgent - ok
23:53:57.0674 7656 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:53:57.0713 7656 PptpMiniport - ok
23:53:57.0809 7656 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:53:58.0003 7656 Processor - ok
23:53:58.0045 7656 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:53:58.0082 7656 ProfSvc - ok
23:53:58.0117 7656 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
23:53:58.0121 7656 ProtectedStorage - ok
23:53:58.0154 7656 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:53:58.0158 7656 PSched - ok
23:53:58.0174 7656 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:53:58.0186 7656 PxHelp20 - ok
23:53:58.0269 7656 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:53:58.0332 7656 ql2300 - ok
23:53:58.0363 7656 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:53:58.0393 7656 ql40xx - ok
23:53:58.0444 7656 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:53:58.0485 7656 QWAVE - ok
23:53:58.0535 7656 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:53:58.0567 7656 QWAVEdrv - ok
23:53:58.0664 7656 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
23:53:58.0709 7656 RapiMgr - ok
23:53:58.0746 7656 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:53:58.0782 7656 RasAcd - ok
23:53:58.0825 7656 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:53:58.0865 7656 RasAuto - ok
23:53:58.0898 7656 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:53:58.0936 7656 Rasl2tp - ok
23:53:58.0980 7656 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:53:58.0990 7656 RasMan - ok
23:53:59.0017 7656 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:53:59.0026 7656 RasPppoe - ok
23:53:59.0057 7656 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:53:59.0066 7656 RasSstp - ok
23:53:59.0098 7656 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:53:59.0153 7656 rdbss - ok
23:53:59.0201 7656 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:53:59.0234 7656 RDPCDD - ok
23:53:59.0333 7656 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:53:59.0389 7656 rdpdr - ok
23:53:59.0399 7656 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:53:59.0412 7656 RDPENCDD - ok
23:53:59.0466 7656 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:53:59.0507 7656 RDPWD - ok
23:53:59.0556 7656 [ 6799A96873BF74F5C640B02CA04AA50C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
23:53:59.0603 7656 RegFilter - ok
23:53:59.0657 7656 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:53:59.0704 7656 RemoteAccess - ok
23:53:59.0753 7656 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:53:59.0792 7656 RemoteRegistry - ok
23:53:59.0843 7656 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
23:53:59.0871 7656 RimUsb - ok
23:53:59.0919 7656 [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
23:53:59.0953 7656 RimVSerPort - ok
23:54:00.0017 7656 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
23:54:00.0024 7656 ROOTMODEM - ok
23:54:00.0076 7656 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:54:00.0084 7656 RpcLocator - ok
23:54:00.0116 7656 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:54:00.0125 7656 RpcSs - ok
23:54:00.0176 7656 [ FEDD2710B75BE3ECF078ADACE790C423 ] RsFx0102 C:\Windows\system32\DRIVERS\RsFx0102.sys
23:54:00.0220 7656 RsFx0102 - ok
23:54:00.0267 7656 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:54:00.0307 7656 rspndr - ok
23:54:00.0368 7656 [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
23:54:00.0405 7656 RTL8169 - ok
23:54:00.0440 7656 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
23:54:00.0443 7656 SamSs - ok
23:54:00.0467 7656 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:54:00.0477 7656 sbp2port - ok
23:54:00.0564 7656 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
23:54:00.0646 7656 SBSDWSCService - ok
23:54:00.0701 7656 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:54:00.0745 7656 SCardSvr - ok
23:54:00.0810 7656 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:54:00.0826 7656 Schedule - ok
23:54:00.0880 7656 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:54:00.0882 7656 SCPolicySvc - ok
23:54:00.0924 7656 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:54:00.0928 7656 sdbus - ok
23:54:00.0963 7656 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:54:01.0014 7656 SDRSVC - ok
23:54:01.0072 7656 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:54:01.0102 7656 secdrv - ok
23:54:01.0130 7656 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:54:01.0138 7656 seclogon - ok
23:54:01.0161 7656 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:54:01.0169 7656 SENS - ok
23:54:01.0202 7656 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:54:01.0208 7656 Serenum - ok
23:54:01.0235 7656 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:54:01.0271 7656 Serial - ok
23:54:01.0308 7656 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:54:01.0314 7656 sermouse - ok
23:54:01.0389 7656 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:54:01.0395 7656 SessionEnv - ok
23:54:01.0433 7656 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:54:01.0462 7656 sffdisk - ok
23:54:01.0500 7656 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:54:01.0507 7656 sffp_mmc - ok
23:54:01.0541 7656 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:54:01.0548 7656 sffp_sd - ok
23:54:01.0566 7656 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:54:01.0572 7656 sfloppy - ok
23:54:01.0622 7656 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:54:01.0680 7656 SharedAccess - ok
23:54:01.0733 7656 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:54:01.0744 7656 ShellHWDetection - ok
23:54:01.0777 7656 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:54:01.0815 7656 sisagp - ok
23:54:01.0849 7656 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:54:01.0891 7656 SiSRaid2 - ok
23:54:01.0927 7656 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:54:01.0964 7656 SiSRaid4 - ok
23:54:02.0118 7656 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:54:02.0435 7656 slsvc - ok
23:54:02.0478 7656 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:54:02.0538 7656 SLUINotify - ok
23:54:02.0620 7656 [ 46B40982AF166BF89C3F51FB13E60D6D ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
23:54:02.0660 7656 SmartDefragDriver - ok
23:54:02.0712 7656 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:54:02.0723 7656 Smb - ok
23:54:02.0764 7656 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:54:02.0769 7656 SNMPTRAP - ok
23:54:02.0799 7656 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:54:02.0835 7656 spldr - ok
23:54:02.0882 7656 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:54:02.0899 7656 Spooler - ok
23:54:02.0956 7656 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:54:03.0100 7656 SQLAgent$SQLEXPRESS - ok
23:54:03.0173 7656 [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:54:03.0224 7656 SQLBrowser - ok
23:54:03.0267 7656 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:54:03.0323 7656 SQLWriter - ok
23:54:03.0375 7656 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:54:03.0424 7656 srv - ok
23:54:03.0452 7656 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:54:03.0464 7656 srv2 - ok
23:54:03.0496 7656 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:54:03.0542 7656 srvnet - ok
23:54:03.0584 7656 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:54:03.0624 7656 SSDPSRV - ok
23:54:03.0671 7656 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:54:03.0706 7656 ssmdrv - ok
23:54:03.0746 7656 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:54:03.0753 7656 SstpSvc - ok
23:54:03.0809 7656 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:54:03.0823 7656 stisvc - ok
23:54:03.0852 7656 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:54:03.0898 7656 swenum - ok
23:54:04.0105 7656 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:54:04.0300 7656 swprv - ok
23:54:04.0403 7656 [ E1292C1ED4DEB17B8A9B586D22CB2061 ] Swupdtmr c:\Toshiba\IVP\swupdate\swupdtmr.exe
23:54:04.0514 7656 Swupdtmr - ok
23:54:04.0560 7656 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:54:04.0610 7656 Symc8xx - ok
23:54:04.0652 7656 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:54:04.0686 7656 Sym_hi - ok
23:54:04.0729 7656 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:54:04.0777 7656 Sym_u3 - ok
23:54:04.0842 7656 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:54:04.0882 7656 SysMain - ok
23:54:04.0923 7656 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:54:04.0991 7656 TabletInputService - ok
23:54:05.0051 7656 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:54:05.0117 7656 TapiSrv - ok
23:54:05.0161 7656 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:54:05.0196 7656 TBS - ok
23:54:05.0268 7656 [ 2756186E287139310997090797E0182B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:54:05.0324 7656 Tcpip - ok
23:54:05.0350 7656 [ 2756186E287139310997090797E0182B ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:54:05.0359 7656 Tcpip6 - ok
23:54:05.0403 7656 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:54:05.0435 7656 tcpipreg - ok
23:54:05.0482 7656 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:54:05.0517 7656 tdcmdpst - ok
23:54:05.0562 7656 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:54:05.0600 7656 TDPIPE - ok
23:54:05.0627 7656 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:54:05.0664 7656 TDTCP - ok
23:54:05.0708 7656 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:54:05.0743 7656 tdx - ok
23:54:05.0776 7656 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:54:05.0815 7656 TermDD - ok
23:54:05.0864 7656 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:54:05.0882 7656 TermService - ok
23:54:05.0912 7656 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:54:05.0925 7656 Themes - ok
23:54:05.0949 7656 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:54:05.0955 7656 THREADORDER - ok
23:54:06.0007 7656 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
23:54:06.0087 7656 tifm21 - ok
23:54:06.0180 7656 [ E47F35A87FF0DA38DEF37A0EB0C2D2DF ] TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
23:54:06.0219 7656 TNaviSrv - ok
23:54:06.0268 7656 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
23:54:06.0283 7656 TODDSrv - ok
23:54:06.0329 7656 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
23:54:06.0405 7656 TosCoSrv - ok
23:54:06.0452 7656 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
23:54:06.0487 7656 TOSHIBA SMART Log Service - ok
23:54:06.0520 7656 Tosrfcom - ok
23:54:06.0547 7656 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
23:54:06.0553 7656 tosrfec - ok
23:54:06.0592 7656 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
23:54:06.0643 7656 tos_sps32 - ok
23:54:06.0657 7656 TpChoice - ok
23:54:06.0704 7656 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:54:06.0712 7656 TrkWks - ok
23:54:06.0773 7656 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:54:06.0806 7656 TrustedInstaller - ok
23:54:06.0856 7656 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:06.0896 7656 tssecsrv - ok
23:54:06.0946 7656 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:54:06.0985 7656 tunmp - ok
23:54:07.0037 7656 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:54:07.0040 7656 tunnel - ok
23:54:07.0085 7656 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:54:07.0149 7656 TVALZ - ok
23:54:07.0196 7656 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:54:07.0248 7656 uagp35 - ok
23:54:07.0301 7656 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:54:07.0320 7656 udfs - ok
23:54:07.0365 7656 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:54:07.0427 7656 UI0Detect - ok
23:54:07.0525 7656 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:54:07.0572 7656 UleadBurningHelper - ok
23:54:07.0617 7656 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:54:07.0673 7656 uliagpkx - ok
23:54:07.0724 7656 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:54:07.0791 7656 uliahci - ok
23:54:07.0832 7656 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:54:07.0851 7656 UlSata - ok
23:54:07.0889 7656 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:54:07.0953 7656 ulsata2 - ok
23:54:07.0998 7656 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:54:08.0011 7656 umbus - ok
23:54:08.0166 7656 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:54:08.0376 7656 upnphost - ok
23:54:08.0406 7656 [ 115D1FC230548904DEA317867C924C4A ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
23:54:08.0441 7656 UrlFilter - ok
23:54:08.0495 7656 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:54:08.0528 7656 usbaudio - ok
23:54:08.0630 7656 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:08.0672 7656 usbccgp - ok
23:54:08.0726 7656 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:54:08.0748 7656 usbcir - ok
23:54:08.0793 7656 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:54:08.0825 7656 usbehci - ok
23:54:08.0867 7656 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:54:08.0884 7656 usbhub - ok
23:54:08.0910 7656 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:54:08.0946 7656 usbohci - ok
23:54:08.0998 7656 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:54:09.0032 7656 usbprint - ok
23:54:09.0083 7656 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:54:09.0093 7656 usbscan - ok
23:54:09.0130 7656 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:09.0167 7656 USBSTOR - ok
23:54:09.0218 7656 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:54:09.0225 7656 usbuhci - ok
23:54:09.0248 7656 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:54:09.0285 7656 usbvideo - ok
23:54:09.0332 7656 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
23:54:09.0360 7656 usb_rndisx - ok
23:54:09.0399 7656 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:54:09.0405 7656 UxSms - ok
23:54:09.0447 7656 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:54:09.0500 7656 vds - ok
23:54:09.0546 7656 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:09.0575 7656 vga - ok
23:54:09.0605 7656 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:54:09.0643 7656 VgaSave - ok
23:54:09.0680 7656 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:54:09.0716 7656 viaagp - ok
23:54:09.0751 7656 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:54:09.0803 7656 ViaC7 - ok
23:54:09.0834 7656 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:54:09.0843 7656 viaide - ok
23:54:09.0879 7656 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:54:09.0914 7656 volmgr - ok
23:54:09.0959 7656 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:54:10.0008 7656 volmgrx - ok
23:54:10.0042 7656 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:54:10.0084 7656 volsnap - ok
23:54:10.0129 7656 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:54:10.0170 7656 vsmraid - ok
23:54:10.0254 7656 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:54:10.0323 7656 VSS - ok
23:54:10.0389 7656 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:54:10.0402 7656 W32Time - ok
23:54:10.0439 7656 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:54:10.0474 7656 WacomPen - ok
23:54:10.0516 7656 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:54:10.0552 7656 Wanarp - ok
23:54:10.0560 7656 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:54:10.0562 7656 Wanarpv6 - ok
23:54:10.0608 7656 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
23:54:10.0655 7656 WcesComm - ok
23:54:10.0715 7656 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:54:10.0771 7656 wcncsvc - ok
23:54:10.0821 7656 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:54:10.0862 7656 WcsPlugInService - ok
23:54:10.0916 7656 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:54:10.0926 7656 Wd - ok
23:54:10.0970 7656 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:54:11.0000 7656 Wdf01000 - ok
23:54:11.0025 7656 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:54:11.0034 7656 WdiServiceHost - ok
23:54:11.0043 7656 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:54:11.0051 7656 WdiSystemHost - ok
23:54:11.0096 7656 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:54:11.0107 7656 WebClient - ok
23:54:11.0155 7656 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:54:11.0191 7656 Wecsvc - ok
23:54:11.0239 7656 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:54:11.0279 7656 wercplsupport - ok
23:54:11.0331 7656 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:54:11.0338 7656 WerSvc - ok
23:54:11.0393 7656 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:54:11.0446 7656 WinDefend - ok
23:54:11.0457 7656 WinHttpAutoProxySvc - ok
23:54:11.0542 7656 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:54:11.0560 7656 Winmgmt - ok
23:54:11.0735 7656 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:54:11.0808 7656 WinRM - ok
23:54:11.0864 7656 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
23:54:11.0925 7656 winusb - ok
23:54:11.0986 7656 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:54:12.0048 7656 Wlansvc - ok
23:54:12.0093 7656 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:54:12.0125 7656 WmiAcpi - ok
23:54:12.0192 7656 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:54:12.0210 7656 wmiApSrv - ok
23:54:12.0295 7656 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:54:12.0381 7656 WMPNetworkSvc - ok
23:54:12.0424 7656 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:54:12.0440 7656 WPCSvc - ok
23:54:12.0473 7656 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:54:12.0480 7656 WPDBusEnum - ok
23:54:12.0530 7656 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:54:12.0563 7656 WpdUsb - ok
23:54:12.0697 7656 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:54:12.0759 7656 WPFFontCache_v0400 - ok
23:54:12.0802 7656 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:54:12.0834 7656 ws2ifsl - ok
23:54:12.0883 7656 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
23:54:12.0891 7656 wscsvc - ok
23:54:12.0907 7656 WSearch - ok
23:54:13.0151 7656 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
23:54:13.0212 7656 wuauserv - ok
23:54:13.0301 7656 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:54:13.0308 7656 WUDFRd - ok
23:54:13.0347 7656 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:54:13.0367 7656 wudfsvc - ok
23:54:13.0658 7656 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:54:13.0790 7656 YahooAUService - ok
23:54:13.0856 7656 ================ Scan global ===============================
23:54:13.0910 7656 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:54:13.0962 7656 [ 9A7A3BC8DC7E7ECABA2478CED4C38CBD ] C:\Windows\system32\winsrv.dll
23:54:13.0999 7656 [ 9A7A3BC8DC7E7ECABA2478CED4C38CBD ] C:\Windows\system32\winsrv.dll
23:54:14.0050 7656 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:54:14.0069 7656 [Global] - ok
23:54:14.0070 7656 ================ Scan MBR ==================================
23:54:14.0087 7656 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
23:54:15.0534 7656 \Device\Harddisk0\DR0 - ok
23:54:15.0535 7656 ================ Scan VBR ==================================
23:54:15.0569 7656 [ 13C7915F17EFCDBDDDC252F34CD25EEF ] \Device\Harddisk0\DR0\Partition1
23:54:15.0572 7656 \Device\Harddisk0\DR0\Partition1 - ok
23:54:15.0573 7656 ============================================================
23:54:15.0573 7656 Scan finished
23:54:15.0574 7656 ============================================================
23:54:19.0243 6272 Detected object count: 0
23:54:19.0243 6272 Actual detected object count: 0

#5 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 October 2012 - 03:42 AM

Im going to post the log to aswMBR, but before I do I want you to know that while it was scanning I was surfing the net and once again my screen went blue and I turned the computer off, restarted the scan, here is the log:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 00:59:45
-----------------------------
00:59:45.908 OS Version: Windows 6.0.6002 Service Pack 2
00:59:45.908 Number of processors: 2 586 0xF0D
00:59:45.912 ComputerName: VALERCHIK-PC UserName: VaLeRcHiK
01:01:09.779 Initialize success
01:02:24.028 AVAST engine defs: 12101901
01:03:17.955 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
01:03:18.003 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
01:03:18.014 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
01:03:18.019 Disk 1 Vendor: ( Size: 1886MB BusType: 12
01:03:18.038 Disk 0 MBR read successfully
01:03:18.044 Disk 0 MBR scan
01:03:19.993 Disk 0 Windows VISTA default MBR code
01:03:20.010 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
01:03:20.776 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
01:03:20.850 Disk 0 scanning sectors +234440704
01:03:21.398 Disk 0 scanning C:\Windows\system32\drivers
01:03:56.165 Service scanning
01:05:13.835 Modules scanning
01:05:30.739 Disk 0 trace - called modules:
01:05:30.763
01:05:34.289 AVAST engine scan C:\Windows
01:05:41.617 AVAST engine scan C:\Windows\system32
01:17:41.325 AVAST engine scan C:\Windows\system32\drivers
01:18:15.362 AVAST engine scan C:\Users\VaLeRcHiK
01:32:01.685 AVAST engine scan C:\ProgramData
01:36:21.430 Scan finished successfully
01:40:12.163 Disk 0 MBR has been saved successfully to "C:\Users\VaLeRcHiK\Desktop\Val\MBR.dat"
01:40:12.201 The log file has been saved successfully to "C:\Users\VaLeRcHiK\Desktop\Val\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 20 October 2012 - 06:42 AM

Do not work on the PC or browse while scan is going on.

#7 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 October 2012 - 12:50 PM

Eset log:


C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\Giant Savings\Giant Savings.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\Users\VaLeRcHiK\Desktop\Downloads\DownloadManagerSetup (1).exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined
C:\Users\VaLeRcHiK\Desktop\Downloads\DownloadManagerSetup (2).exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined
C:\Users\VaLeRcHiK\Desktop\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined
C:\Users\VaLeRcHiK\Desktop\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\VaLeRcHiK\Desktop\Downloads\sd2-setup220.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\VaLeRcHiK\Desktop\Downloads\unlocker-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 20 October 2012 - 12:53 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 October 2012 - 04:38 PM

Malwarebytes found no threats. Here is the log:


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.18.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19120
VaLeRcHiK :: VALERCHIK-PC [administrator]

10/20/2012 11:48:22 AM
mbam-log-2012-10-20 (11-48-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349826
Time elapsed: 2 hour(s), 21 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 October 2012 - 04:50 PM

Mini tool box log:


MiniToolBox by Farbar Version: 23-07-2012
Ran by VaLeRcHiK (administrator) on 20-10-2012 at 14:42:29
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


::1 localhost


========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 3 (Disconnected)
Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
add address name="Local Area Connection 3" address=0.0.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : VaLeRcHiK-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-1F-E1-00-FF-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d60:2d3c:a94b:fac0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 20, 2012 10:41:42 AM
Lease Expires . . . . . . . . . . : Sunday, October 21, 2012 10:41:40 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 285220833
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-90-8F-FF-00-1E-EC-35-87-54
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1E-EC-35-87-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{38345E4D-9E2C-42F5-AC8A-C5DAC44F2AD7}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{351B4D5E-97A6-4F75-AFE4-23498080A938}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4cd:3276:f5ff:fffc(Preferred)
Link-local IPv6 Address . . . . . : fe80::4cd:3276:f5ff:fffc%23(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 10.0.0.1

Name: google.com
Addresses: 2001:4860:4007:801::1004
74.125.224.167
74.125.224.168
74.125.224.169
74.125.224.174
74.125.224.160
74.125.224.161
74.125.224.162
74.125.224.163
74.125.224.164
74.125.224.165
74.125.224.166



Pinging google.com [74.125.224.174] with 32 bytes of data:

Reply from 74.125.224.174: bytes=32 time=47ms TTL=54

Reply from 74.125.224.174: bytes=32 time=48ms TTL=54



Ping statistics for 74.125.224.174:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 48ms, Average = 47ms

Server: UnKnown
Address: 10.0.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=501ms TTL=51

Reply from 72.30.38.140: bytes=32 time=646ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 501ms, Maximum = 646ms, Average = 573ms

Server: UnKnown
Address: 10.0.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 1f e1 00 ff 0c ...... Atheros AR5007EG Wireless Network Adapter
10 ...00 1e ec 35 87 54 ...... Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
20 ...00 00 00 00 00 00 00 e0 isatap.{38345E4D-9E2C-42F5-AC8A-C5DAC44F2AD7}
24 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22 ...00 00 00 00 00 00 00 e0 isatap.{351B4D5E-97A6-4F75-AFE4-23498080A938}
23 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.3 25
10.0.0.0 255.255.255.0 On-link 10.0.0.3 281
10.0.0.3 255.255.255.255 On-link 10.0.0.3 281
10.0.0.255 255.255.255.255 On-link 10.0.0.3 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
23 18 ::/0 On-link
1 306 ::1/128 On-link
23 18 2001::/32 On-link
23 266 2001:0:4137:9e76:4cd:3276:f5ff:fffc/128
On-link
11 281 fe80::/64 On-link
23 266 fe80::/64 On-link
23 266 fe80::4cd:3276:f5ff:fffc/128
On-link
11 281 fe80::8d60:2d3c:a94b:fac0/128
On-link
1 306 ff00::/8 On-link
23 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/20/2012 11:48:05 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/20/2012 01:33:21 AM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.6002.18311, time stamp 0x4c8e2d72, faulting module drmv2clt.dll, version 11.0.6002.18005, time stamp 0x49e03752, exception code 0x80000004, fault offset 0x000949d1,
process id 0x14ec, application start time 0xwmplayer.exe0.

Error: (10/20/2012 01:31:01 AM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.6002.18311, time stamp 0x4c8e2d72, faulting module BlackBox.dll, version 11.0.6002.18005, time stamp 0x49e0370b, exception code 0x80000004, fault offset 0x00061428,
process id 0xd28, application start time 0xwmplayer.exe0.

Error: (10/20/2012 00:37:28 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/20/2012 00:36:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 00:21:05 PM) (Source: Application Error) (User: )
Description: Faulting application ONENOTEM.EXE, version 12.0.6500.5000, time stamp 0x49a6b036, faulting module rapi.dll_unloaded, version 0.0.0.0, time stamp 0x4549bd9c, exception code 0xc0000005, fault offset 0x73ba3e5b,
process id 0x16c4, application start time 0xONENOTEM.EXE0.

Error: (10/19/2012 00:14:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/19/2012 00:13:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2012 06:51:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/18/2012 06:51:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/20/2012 10:41:36 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.0.0.3 for the Network Card with network address 001FE100FF0C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (10/20/2012 02:15:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0){1D9EE362-7370-4F17-A8A0-AACA097D03C5}200

Error: (10/20/2012 00:41:36 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (10/20/2012 00:36:23 AM) (Source: Service Control Manager) (User: )
Description: Superfetch%%2

Error: (10/20/2012 00:36:17 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/20/2012 00:36:17 AM) (Source: Service Control Manager) (User: )
Description: avast! iAVS4 Control Service%%3

Error: (10/20/2012 00:35:35 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:33:54 AM on 10/20/2012 was unexpected.

Error: (10/19/2012 00:24:49 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (10/19/2012 00:23:15 PM) (Source: Service Control Manager) (User: )
Description: TPM Base Services

Error: (10/19/2012 00:22:48 PM) (Source: DCOM) (User: )
Description: {ED081F25-6A77-4C89-B689-C6E15C582EC1}


Microsoft Office Sessions:
=========================
Error: (12/12/2011 10:15:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/28/2011 00:06:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3635 seconds with 1680 seconds of active time. This session ended with a crash.

Error: (03/07/2011 08:34:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1502 seconds with 420 seconds of active time. This session ended with a crash.

Error: (03/01/2011 05:44:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 378 seconds with 180 seconds of active time. This session ended with a crash.

Error: (03/01/2011 05:25:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 475 seconds with 60 seconds of active time. This session ended with a crash.

Error: (01/26/2011 01:44:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 657 seconds with 120 seconds of active time. This session ended with a crash.

Error: (12/13/2010 01:22:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79030 seconds with 1740 seconds of active time. This session ended with a crash.

Error: (08/29/2010 02:34:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 124439 seconds with 420 seconds of active time. This session ended with a crash.

Error: (05/17/2010 03:01:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 239 seconds with 60 seconds of active time. This session ended with a crash.

Error: (05/17/2010 02:57:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2507 seconds with 480 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6425.1000)
32 Bit HP CIO Components Installer (Version: 1.0.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveMail (Version: 5.8.18)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Shockwave Player 11.5 (Version: 11.5)
Advanced SystemCare 4 (Version: 4.1.0)
ALPS Touch Pad Driver (Version: 7.0.301.4)
Atheros Driver Installation Program (Version: 7.1)
Atheros Wi-Fi Protected Setup Library
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
Babylon toolbar on IE
BlackBerry Desktop Software 4.7 (Version: 4.7.0.32)
BPD_Scan (Version: 3.00.0000)
Browser Manager
CCleaner (Version: 3.23)
CD/DVD Drive Acoustic Silencer (Version: 2.02.01)
Cisco Systems VPN Client 5.0.00.0340 (Version: 5.0.0)
DVD MovieFactory for TOSHIBA (Version: 5.51)
DVDFab Platinum 4.0.2.5 Beta Registered (Version: 4.0.2.5)
Easy Grade Pro
EGP Web Plugin (Version: 4.1)
ExamView Assessment Suite
Full Tilt Poker (Version: 4.30.0.WIN.FullTilt.COM)
GearDrvs (Version: 1)
General Ledger Software for Bath Designs Inc. (Version: 6.00.000)
Giant Savings (Version: 1.20.150.150)
Google Chrome (Version: 22.0.1229.94)
Google Desktop (Version: 5.9.1005.12335)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
HP Officejet J3600 Series (Version: 1.0)
Integrated Accounting Stage Coach Ver 3.0
Intel® Graphics Media Accelerator Driver
IObit Malware Fighter (Version: 1.0)
IObit Unlocker (Version: 1.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 3 (Version: 1.6.0.30)
Juniper Networks Setup Client (Version: 2.0.0.3217)
Juniper Networks Setup Client Activex Control (Version: 2.0.0.3)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
magicJack (Version: 2.0.6073.4252)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MathPlayer (Version: 2.1b)
Memeo AutoBackup (Version: 3.00.3023)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server VSS Writer (Version: 10.0.1600.22)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Microsoft XML Parser (Version: 8.20.8730.4)
Mozilla Firefox (3.6.10) (Version: 3.6.10 (en-US))
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network Play System (Patching)
Norton 360 (Version: 1.2.0.10)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PhotoJoy (Version: 2.0.4.1171)
PhotoJoy US Toolbar (Version: 6.5.2.8)
Picasa 2 (Version: 2.0)
Protected Folder
QuickBooks Financial Center (Version: 1.00.0000)
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5559)
Scan (Version: 8.1.0.0)
Smart Defrag 2 (Version: 2.2)
Spybot - Search & Destroy (Version: 1.6.2)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22)
SQL Server System CLR Types (Version: 10.0.1600.22)
SSH Secure Shell
TeacherWorks
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001)
The Sims
TIPCI (Version: 2.00.0001)
TOSHIBA Assist (Version: 2.01.05)
TOSHIBA ConfigFree (Version: 7.1.27)
TOSHIBA Disc Creator (Version: 2.0.1.1a)
TOSHIBA DVD PLAYER (Version: 1.20.10)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.48.0.3C)
TOSHIBA Games (Version: 1.0.0.52)
TOSHIBA Hardware Setup (Version: 1.48.0.11C)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Software Upgrades (Version: 4.3)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 1.48.0.8C)
TOSHIBA Value Added Package (Version: 1.1.14)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Utility Common Driver (Version: 0.0.50.7C)
Visual C++ 8.0 ATL (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
VitalSource Bookshelf (Version: 5.04.0010)
VLC media player 1.1.11 (Version: 1.1.11)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 91%
Total physical RAM: 1013.69 MB
Available physical RAM: 85.82 MB
Total Pagefile: 2684.06 MB
Available Pagefile: 496.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.05 MB

========================= Partitions: =====================================

1 Drive c: (SQ004680V03) (Fixed) (Total:110.32 GB) (Free:58.64 GB) NTFS

========================= Users: ========================================

User accounts for \\VALERCHIK-PC

Administrator Guest VaLeRcHiK

========================= Restore Points ==================================

17-09-2012 02:31:50 Scheduled Checkpoint
18-09-2012 09:06:56 Windows Update
20-09-2012 07:53:45 Scheduled Checkpoint
21-09-2012 09:18:47 Windows Update
25-09-2012 08:50:55 Windows Update
29-09-2012 08:44:58 Windows Update
02-10-2012 08:30:46 Windows Update
04-10-2012 04:20:27 Scheduled Checkpoint
05-10-2012 13:42:30 Windows Update
10-10-2012 09:07:56 Windows Update
12-10-2012 09:10:55 Windows Update
16-10-2012 13:34:06 Windows Update
18-10-2012 14:51:48 Windows Update
20-10-2012 09:08:43 Windows Update

**** End of log ****

#11 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 October 2012 - 04:55 PM

Farbar log:


Farbar Service Scanner Version: 19-10-2012
Ran by VaLeRcHiK (administrator) on 20-10-2012 at 14:54:16
Running from "C:\Users\VaLeRcHiK\Desktop\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-08-10 17:20] - [2011-06-17 13:13] - 0905104 ____A (Microsoft Corporation) 2756186E287139310997090797E0182B

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 19:24] - [2008-01-20 19:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#12 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 October 2012 - 05:13 PM

I accidentally clicked search on AdwareCleaner, then clicked delete, anyway here is the log:


# AdwCleaner v2.005 - Logfile created 10/20/2012 at 14:58:52
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : VaLeRcHiK - VALERCHIK-PC
# Boot Mode : Normal
# Running from : C:\Users\VaLeRcHiK\Desktop\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\searchplugins\Conduit.xml
File Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\searchplugins\funmoods.xml
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Funmoods
Folder Deleted : C:\Program Files\Giant Savings
Folder Deleted : C:\Program Files\PhotoJoy_US
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Local\Conduit
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Local\Giant Savings
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\VaLeRcHiK\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\VaLeRcHiK\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\VaLeRcHiK\AppData\LocalLow\PhotoJoy_US
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Babylon
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\ConduitCommon
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\CT3074349
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\extensions\{f2c43291-151e-499c-98a7-923c120b88fa}
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\extensions\crossriderapp4479@crossrider.com
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\VaLeRcHiK\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll c:\progra~1\google\google~1\goec62~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\AppDataLow\Software\PhotoJoy_US
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PhotoJoy_US Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2C43291-151E-499C-98A7-923C120B88FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2C43291-151E-499C-98A7-923C120B88FA}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{451F2BDC-62B8-47E6-BA54-819CBE5BC9C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F2C43291-151E-499C-98A7-923C120B88FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3074349
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EECE3F6-84C7-44CE-8711-35F62A61A800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B0D76E4-1666-40B6-BD53-E7FE2363D95C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2C43291-151E-499C-98A7-923C120B88FA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{451F2BDC-62B8-47E6-BA54-819CBE5BC9C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoJoy_US Toolbar
Key Deleted : HKLM\Software\PhotoJoy_US
Key Deleted : HKU\S-1-5-21-2066649881-2314559920-4138184296-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F2C43291-151E-499C-98A7-923C120B88FA}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F2C43291-151E-499C-98A7-923C120B88FA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F2C43291-151E-499C-98A7-923C120B88FA}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19120

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtCtDtD0F0FtD0CtD0CyEzztN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=808901180 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtCtDtD0F0FtD0CtD0CyEzztN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=808901180 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110790&tt=270912_7a_3912_7&babsrc=HP_ss&mntrId=b0be0c48000000000000001fe100ff0c --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtCtDtD0F0FtD0CtD0CyEzztN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=808901180 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.10 (en-US)

Profile name : default
File : C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\prefs.js

C:\Users\VaLeRcHiK\AppData\Roaming\Mozilla\Firefox\Profiles\dti659sh.default\user.js ... Deleted !

Deleted : user_pref("CT3074349..clientLogIsEnabled", true);
Deleted : user_pref("CT3074349..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3074349..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3074349.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3074349.AppTrackingLastCheckTime", "Fri Aug 24 2012 23:24:56 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT3074349.CTID", "CT3074349");
Deleted : user_pref("CT3074349.CurrentServerDate", "16-12-2011");
Deleted : user_pref("CT3074349.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3074349.DialogsGetterLastCheckTime", "Fri Aug 24 2012 23:24:53 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT3074349.DownloadReferralCookieData", "");
Deleted : user_pref("CT3074349.FirstServerDate", "16-9-2011");
Deleted : user_pref("CT3074349.FirstTime", true);
Deleted : user_pref("CT3074349.FirstTimeFF3", true);
Deleted : user_pref("CT3074349.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3074349.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3074349.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3074349.HasUserGlobalKeys", true);
Deleted : user_pref("CT3074349.Initialize", true);
Deleted : user_pref("CT3074349.InitializeCommonPrefs", true);
Deleted : user_pref("CT3074349.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3074349.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT3074349.InstalledDate", "Thu Sep 15 2011 23:26:50 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3074349.InvalidateCache", false);
Deleted : user_pref("CT3074349.IsAlertDBUpdated", true);
Deleted : user_pref("CT3074349.IsGrouping", false);
Deleted : user_pref("CT3074349.IsInitSetupIni", true);
Deleted : user_pref("CT3074349.IsMulticommunity", false);
Deleted : user_pref("CT3074349.IsOpenThankYouPage", false);
Deleted : user_pref("CT3074349.IsOpenUninstallPage", true);
Deleted : user_pref("CT3074349.LanguagePackLastCheckTime", "Fri Aug 24 2012 23:24:46 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT3074349.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3074349.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3074349.LastLogin_3.6.0.10", "Fri Aug 24 2012 23:24:56 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3074349.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT3074349.Locale", "en");
Deleted : user_pref("CT3074349.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3074349.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3074349.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3074349.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3074349.OriginalFirstVersion", "3.6.0.10");
Deleted : user_pref("CT3074349.RadioIsPodcast", false);
Deleted : user_pref("CT3074349.RadioLastCheckTime", "Fri Aug 24 2012 23:24:36 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3074349.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3074349.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3074349.RadioMediaID", "9962");
Deleted : user_pref("CT3074349.RadioMediaType", "Media Player");
Deleted : user_pref("CT3074349.RadioMenuSelectedID", "EBRadioMenu_CT30743499962");
Deleted : user_pref("CT3074349.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3074349.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3074349.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3074349.SavedHomepage", "www.yahoo.com");
Deleted : user_pref("CT3074349.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3074349.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3074349.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3074349.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3074349.SearchInNewTabLastCheckTime", "Fri Aug 24 2012 23:24:34 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT3074349.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3074349.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3074349.ServiceMapLastCheckTime", "Fri Aug 24 2012 23:24:44 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT3074349.SettingsLastCheckTime", "Fri Aug 24 2012 23:24:33 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3074349.SettingsLastUpdate", "1340631517");
Deleted : user_pref("CT3074349.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3074349.ThirdPartyComponentsLastCheck", "Fri Aug 24 2012 23:24:32 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT3074349.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3074349.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3074349.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3074349");
Deleted : user_pref("CT3074349.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3074349.UserID", "UN20136588622187102");
Deleted : user_pref("CT3074349.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3074349.WeatherNetwork", "");
Deleted : user_pref("CT3074349.WeatherPollDate", "Fri Aug 24 2012 23:24:37 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3074349.WeatherUnit", "F");
Deleted : user_pref("CT3074349.alertChannelId", "1465784");
Deleted : user_pref("CT3074349.backendstorage.facebook_ctid_connect_send_new", "73656E646564");
Deleted : user_pref("CT3074349.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT3074349.backendstorage.facebook_user_locale", "656E");
Deleted : user_pref("CT3074349.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3074349.globalFirstTimeInfoLastCheckTime", "Fri Aug 24 2012 23:24:56 GMT-0700 (Pacific [...]
Deleted : user_pref("CT3074349.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3074349.initDone", true);
Deleted : user_pref("CT3074349.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3074349.isFirstRadioInstallation", false);
Deleted : user_pref("CT3074349.myStuffEnabled", true);
Deleted : user_pref("CT3074349.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3074349.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3074349.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3074349.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3074349.oldAppsList", "129446538071425236,129574421762864744,111,129574421763479940,100[...]
Deleted : user_pref("CT3074349.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3074349.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3074349.testingCtid", "");
Deleted : user_pref("CT3074349.toolbarAppMetaDataLastCheckTime", "Fri Aug 24 2012 23:24:48 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3074349.toolbarContextMenuLastCheckTime", "Fri Aug 24 2012 23:24:46 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3074349.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3074349&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "PhotoJoy US Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3074349/CT3074349[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1465784/1461438/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3074349", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3074349",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3074349&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\VaLeRcHiK\\AppData\\Roaming\\Mozill[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3074349");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3074349");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3074349");
Deleted : user_pref("CommunityToolbar.globalUserId", "6ab1807d-c42c-4c40-a83a-d5ce63c8932e");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3074349");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Aug 24 2012 23:25:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Aug 24 2012 23:24:42 GMT-070[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Aug 24 2012 23:24:34 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "d03f37da-7aef-480b-8b4e-c86974c9589d");
Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Deleted : user_pref("browser.search.defaultthis.engineName", "PhotoJoy US Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3074349&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "Funmoods");
Deleted : user_pref("browser.startup.homepage", "hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN[...]
Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Deleted : user_pref("keyword.URL", "hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDt[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110790&tt=270912_7a_3912_7&babsrc=[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Users\VaLeRcHiK\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [26917 octets] - [20/10/2012 14:57:40]
AdwCleaner[S1].txt - [27344 octets] - [20/10/2012 14:58:52]

########## EOF - C:\AdwCleaner[S1].txt - [27405 octets] ##########

#13 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 October 2012 - 07:11 PM

Junkware removal log:


Junkware Removal Tool (JRT) by Thisisu
Version: 1.8.6 (10.20.2012)
OS: Windows Vista ™ Home Premium x86
Ran by VaLeRcHiK on Sat 10/20/2012 at 15:15:00.29
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values:

Successfully deleted: [VALUE] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: ["BrowserMngr Start Page"] from hkey_users\S-1-5-21-2066649881-2314559920-4138184296-1000\software\microsoft\internet explorer\main
Successfully deleted: [BrowserMngrDefaultScope] from hkey_users\S-1-5-21-2066649881-2314559920-4138184296-1000\software\microsoft\internet explorer\searchscopes



*** Registry Keys:

Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [KEY] hkey_classes_root\clsid\{98889811-442d-49dd-99d7-dc866be87dbc}



*** Files:

Successfully deleted: [FILE] "C:\Users\VaLeRcHiK\AppData\Local\funmoods-speeddial_sf.crx"



*** Folders:

Failed to delete: [FOLDER-LOCKED!] "C:\Users\All Users\browser manager"
Failed to delete: [FOLDER-LOCKED!] "C:\ProgramData\browser manager"



*** FireFox detected and repaired

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 20 October 2012 - 09:36 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#15 Vcali

Vcali
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 22 October 2012 - 02:17 AM

Rkill log:



Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/22/2012 12:14:53 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

::1 localhost

Program finished at: 10/22/2012 12:15:54 AM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users