Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange day (Cleaning Malware)


  • Please log in to reply
12 replies to this topic

#1 coxchris

coxchris

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:40 PM

Posted 08 November 2012 - 11:33 PM

Mods: if this counts as malware removal/Operating System error please help me determine either or.

Back story:

I have a client computer with me. Today I receive it and It had all kinds of junk Malware/ect you name it I have it.

Hopefully I got the virus/malware out I need help for that to verify that there is no more malware.

So I did the usual MSE and Malwarebytes. I couldn't use a self-tutorial because it had so much virus.

So After I did that all day the client said "when I put in a CD/DVD it wont play any disc"

So I troubleshoot it and it just spins and reply "Please insert a Disk" that all

What I have done

Installed MSE and Malwarebtyes
Run two completed sweeps several hours
CCleaner didn't use REG cleaner
Remove allot of programs some were Registry Cleaners
sfc /scan now "reported corrupted entries and cannot be fix"
run chkdsk /f
Try to troubleshoot CD/DVD didn't correct the problem

Basically I have it working without the CD/DVD reading because of the virus i believe

I will be backing off from it because I did what I could

I don't have any Recovery disc and I about to just say to reformat

Computer Specs
Windows Vista Home Premium
3GB of Ram
Gateway JM30 Laptop

I will be gone tomorrow so I will have this thread mark on replies so please move this if necessary. Thank you have a great evening.

Edited by hamluis, 09 November 2012 - 10:22 AM.
Moved from Vista to Am I Infected - Hamluis.

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:40 PM

Posted 13 November 2012 - 01:13 AM

Hi, coxchris! I'm going to try to help you out. :)

TDSSKiller

I need you to run a scan using TDSSKiller.

  • Download TDSSKiller from here, and save it to your desktop.
  • Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.
  • Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Double-click the MBAM shortcut on your desktop to open MBAM.
  • Click the Update tab, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, select the Perform full scan option on the main interface. Then click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

Please tell me how all of this went in your next reply.

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:40 PM

Posted 13 November 2012 - 01:04 PM

Hello Gunto,

Thank you for contacting me.

I was able to run TDSSKiller and it found 0 infections. That good right

Malwarebytes

I running a scan now and its look like its clean from all malware that its previously found and remove completely. I will provide you with a log shortly.

Logs are below
08:47:53.0389 4044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:47:53.0420 4044 ============================================================
08:47:53.0420 4044 Current date / time: 2012/11/13 08:47:53.0420
08:47:53.0420 4044 SystemInfo:
08:47:53.0420 4044
08:47:53.0420 4044 OS Version: 6.0.6002 ServicePack: 2.0
08:47:53.0420 4044 Product type: Workstation
08:47:53.0420 4044 ComputerName: OWNER
08:47:53.0420 4044 UserName: jeannette
08:47:53.0420 4044 Windows directory: C:\Windows
08:47:53.0420 4044 System windows directory: C:\Windows
08:47:53.0420 4044 Processor architecture: Intel x86
08:47:53.0420 4044 Number of processors: 2
08:47:53.0420 4044 Page size: 0x1000
08:47:53.0420 4044 Boot type: Normal boot
08:47:53.0420 4044 ============================================================
08:47:54.0434 4044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:47:54.0434 4044 ============================================================
08:47:54.0434 4044 \Device\Harddisk0\DR0:
08:47:54.0434 4044 MBR partitions:
08:47:54.0434 4044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1BDC4800
08:47:54.0434 4044 ============================================================
08:47:54.0465 4044 C: <-> \Device\Harddisk0\DR0\Partition1
08:47:54.0465 4044 ============================================================
08:47:54.0465 4044 Initialize success
08:47:54.0465 4044 ============================================================
08:47:59.0395 3336 ============================================================
08:47:59.0395 3336 Scan started
08:47:59.0395 3336 Mode: Manual;
08:47:59.0395 3336 ============================================================
08:47:59.0582 3336 ================ Scan system memory ========================
08:47:59.0582 3336 System memory - ok
08:47:59.0582 3336 ================ Scan services =============================
08:48:00.0019 3336 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
08:48:00.0034 3336 ACPI - ok
08:48:00.0097 3336 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:48:00.0097 3336 adp94xx - ok
08:48:00.0128 3336 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:48:00.0128 3336 adpahci - ok
08:48:00.0159 3336 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:48:00.0159 3336 adpu160m - ok
08:48:00.0190 3336 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:48:00.0206 3336 adpu320 - ok
08:48:00.0253 3336 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:48:00.0253 3336 AeLookupSvc - ok
08:48:00.0284 3336 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
08:48:00.0284 3336 AFD - ok
08:48:00.0331 3336 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:48:00.0331 3336 agp440 - ok
08:48:00.0378 3336 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:48:00.0378 3336 aic78xx - ok
08:48:00.0409 3336 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
08:48:00.0409 3336 ALG - ok
08:48:00.0440 3336 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
08:48:00.0440 3336 aliide - ok
08:48:00.0456 3336 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:48:00.0456 3336 amdagp - ok
08:48:00.0487 3336 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
08:48:00.0487 3336 amdide - ok
08:48:00.0534 3336 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
08:48:00.0534 3336 AmdK7 - ok
08:48:00.0565 3336 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:48:00.0565 3336 AmdK8 - ok
08:48:00.0580 3336 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
08:48:00.0580 3336 Appinfo - ok
08:48:00.0908 3336 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:48:00.0924 3336 Apple Mobile Device - ok
08:48:00.0955 3336 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
08:48:00.0955 3336 arc - ok
08:48:00.0986 3336 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:48:00.0986 3336 arcsas - ok
08:48:01.0033 3336 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:48:01.0033 3336 AsyncMac - ok
08:48:01.0064 3336 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
08:48:01.0064 3336 atapi - ok
08:48:01.0126 3336 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
08:48:01.0158 3336 athr - ok
08:48:01.0189 3336 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:48:01.0189 3336 AudioEndpointBuilder - ok
08:48:01.0204 3336 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:48:01.0204 3336 Audiosrv - ok
08:48:01.0251 3336 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
08:48:01.0251 3336 Beep - ok
08:48:01.0298 3336 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
08:48:01.0298 3336 BFE - ok
08:48:01.0454 3336 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
08:48:01.0470 3336 BITS - ok
08:48:01.0501 3336 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:48:01.0501 3336 blbdrive - ok
08:48:01.0594 3336 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:48:01.0610 3336 Bonjour Service - ok
08:48:01.0641 3336 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:48:01.0641 3336 bowser - ok
08:48:01.0688 3336 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:48:01.0688 3336 BrFiltLo - ok
08:48:01.0704 3336 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:48:01.0704 3336 BrFiltUp - ok
08:48:01.0735 3336 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
08:48:01.0735 3336 Browser - ok
08:48:01.0766 3336 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
08:48:01.0782 3336 Brserid - ok
08:48:01.0797 3336 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:48:01.0797 3336 BrSerWdm - ok
08:48:01.0828 3336 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:48:01.0828 3336 BrUsbMdm - ok
08:48:01.0860 3336 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
08:48:01.0860 3336 BrUsbSer - ok
08:48:01.0906 3336 [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
08:48:01.0906 3336 BthEnum - ok
08:48:01.0938 3336 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:48:01.0938 3336 BTHMODEM - ok
08:48:01.0953 3336 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:48:01.0953 3336 BthPan - ok
08:48:01.0984 3336 [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
08:48:01.0984 3336 BTHPORT - ok
08:48:02.0031 3336 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
08:48:02.0031 3336 BthServ - ok
08:48:02.0078 3336 [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
08:48:02.0094 3336 BTHUSB - ok
08:48:02.0140 3336 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:48:02.0140 3336 cdfs - ok
08:48:02.0187 3336 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:48:02.0218 3336 cdrom - ok
08:48:02.0265 3336 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
08:48:02.0265 3336 CertPropSvc - ok
08:48:02.0296 3336 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
08:48:02.0296 3336 circlass - ok
08:48:02.0328 3336 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
08:48:02.0328 3336 CLFS - ok
08:48:02.0546 3336 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:48:02.0562 3336 clr_optimization_v2.0.50727_32 - ok
08:48:02.0671 3336 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:48:02.0733 3336 clr_optimization_v4.0.30319_32 - ok
08:48:02.0764 3336 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:48:02.0780 3336 CmBatt - ok
08:48:02.0796 3336 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:48:02.0796 3336 cmdide - ok
08:48:02.0811 3336 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:48:02.0811 3336 Compbatt - ok
08:48:02.0811 3336 COMSysApp - ok
08:48:02.0842 3336 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:48:02.0842 3336 crcdisk - ok
08:48:02.0905 3336 [ D18893845AE1C5833B5B2EA9B7F5C670 ] CRFILTER C:\Windows\system32\DRIVERS\CRFILTER.sys
08:48:02.0905 3336 CRFILTER - ok
08:48:02.0936 3336 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
08:48:02.0936 3336 Crusoe - ok
08:48:02.0983 3336 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:48:02.0983 3336 CryptSvc - ok
08:48:03.0061 3336 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:48:03.0076 3336 DcomLaunch - ok
08:48:03.0108 3336 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:48:03.0108 3336 DfsC - ok
08:48:03.0248 3336 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
08:48:03.0342 3336 DFSR - ok
08:48:03.0451 3336 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:48:03.0466 3336 Dhcp - ok
08:48:03.0513 3336 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
08:48:03.0529 3336 disk - ok
08:48:03.0560 3336 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:48:03.0560 3336 Dnscache - ok
08:48:03.0622 3336 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:48:03.0622 3336 dot3svc - ok
08:48:03.0685 3336 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
08:48:03.0685 3336 Dot4 - ok
08:48:03.0716 3336 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:48:03.0716 3336 Dot4Print - ok
08:48:03.0732 3336 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
08:48:03.0732 3336 dot4usb - ok
08:48:03.0794 3336 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
08:48:03.0810 3336 DPS - ok
08:48:03.0825 3336 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:48:03.0841 3336 drmkaud - ok
08:48:03.0872 3336 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:48:03.0888 3336 DXGKrnl - ok
08:48:03.0934 3336 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
08:48:03.0950 3336 E1G60 - ok
08:48:03.0981 3336 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
08:48:03.0981 3336 EapHost - ok
08:48:04.0028 3336 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
08:48:04.0044 3336 Ecache - ok
08:48:04.0231 3336 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:48:04.0246 3336 ehRecvr - ok
08:48:04.0262 3336 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
08:48:04.0262 3336 ehSched - ok
08:48:04.0278 3336 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
08:48:04.0278 3336 ehstart - ok
08:48:04.0340 3336 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:48:04.0340 3336 elxstor - ok
08:48:04.0512 3336 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:48:04.0527 3336 EMDMgmt - ok
08:48:04.0590 3336 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:48:04.0590 3336 ErrDev - ok
08:48:04.0683 3336 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
08:48:04.0683 3336 ETService - ok
08:48:04.0746 3336 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
08:48:04.0777 3336 EventSystem - ok
08:48:04.0824 3336 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
08:48:04.0824 3336 exfat - ok
08:48:04.0870 3336 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:48:04.0870 3336 fastfat - ok
08:48:04.0917 3336 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:48:04.0917 3336 fdc - ok
08:48:04.0948 3336 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
08:48:04.0948 3336 fdPHost - ok
08:48:04.0980 3336 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
08:48:04.0980 3336 FDResPub - ok
08:48:05.0011 3336 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:48:05.0011 3336 FileInfo - ok
08:48:05.0026 3336 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:48:05.0026 3336 Filetrace - ok
08:48:05.0058 3336 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:48:05.0058 3336 flpydisk - ok
08:48:05.0104 3336 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:48:05.0104 3336 FltMgr - ok
08:48:05.0245 3336 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
08:48:05.0276 3336 FontCache - ok
08:48:05.0338 3336 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:48:05.0338 3336 FontCache3.0.0.0 - ok
08:48:05.0354 3336 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:48:05.0354 3336 Fs_Rec - ok
08:48:05.0416 3336 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:48:05.0432 3336 gagp30kx - ok
08:48:05.0541 3336 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
08:48:05.0635 3336 GameConsoleService - ok
08:48:05.0682 3336 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
08:48:05.0682 3336 GEARAspiWDM - ok
08:48:05.0760 3336 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
08:48:05.0775 3336 gpsvc - ok
08:48:05.0900 3336 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:48:05.0916 3336 gupdate - ok
08:48:05.0931 3336 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:48:05.0931 3336 gupdatem - ok
08:48:06.0009 3336 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:48:06.0009 3336 HdAudAddService - ok
08:48:06.0087 3336 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:48:06.0087 3336 HDAudBus - ok
08:48:06.0118 3336 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:48:06.0118 3336 HidBth - ok
08:48:06.0150 3336 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
08:48:06.0150 3336 HidIr - ok
08:48:06.0165 3336 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
08:48:06.0165 3336 hidserv - ok
08:48:06.0212 3336 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:48:06.0212 3336 HidUsb - ok
08:48:06.0243 3336 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:48:06.0243 3336 hkmsvc - ok
08:48:06.0274 3336 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:48:06.0274 3336 HpCISSs - ok
08:48:06.0306 3336 [ 52BCC973C8AF399D02ED5F295D7F06C5 ] hpnuhst C:\Windows\system32\DRIVERS\hpnuhst.sys
08:48:06.0306 3336 hpnuhst - ok
08:48:06.0337 3336 [ E94387098ADB489CE7F6BA47A4FAA014 ] HPNUHUB C:\Windows\system32\DRIVERS\hpnuhub.sys
08:48:06.0337 3336 HPNUHUB - ok
08:48:06.0384 3336 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:48:06.0399 3336 HTTP - ok
08:48:06.0415 3336 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:48:06.0430 3336 i2omp - ok
08:48:06.0462 3336 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:48:06.0462 3336 i8042prt - ok
08:48:06.0477 3336 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:48:06.0493 3336 iaStor - ok
08:48:06.0508 3336 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:48:06.0508 3336 iaStorV - ok
08:48:06.0602 3336 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:48:06.0633 3336 idsvc - ok
08:48:07.0398 3336 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
08:48:07.0632 3336 igfx - ok
08:48:07.0663 3336 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:48:07.0678 3336 iirsp - ok
08:48:07.0725 3336 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
08:48:07.0741 3336 IKEEXT - ok
08:48:07.0772 3336 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
08:48:07.0772 3336 int15 - ok
08:48:08.0146 3336 [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:48:08.0178 3336 IntcAzAudAddService - ok
08:48:08.0240 3336 [ 8DAB99684CFE8B4DDD5D6D0C5D55FDAC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
08:48:08.0240 3336 IntcHdmiAddService - ok
08:48:08.0287 3336 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
08:48:08.0287 3336 intelide - ok
08:48:08.0318 3336 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:48:08.0334 3336 intelppm - ok
08:48:08.0349 3336 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:48:08.0349 3336 IPBusEnum - ok
08:48:08.0380 3336 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:48:08.0380 3336 IpFilterDriver - ok
08:48:08.0443 3336 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:48:08.0474 3336 iphlpsvc - ok
08:48:08.0474 3336 IpInIp - ok
08:48:08.0521 3336 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:48:08.0536 3336 IPMIDRV - ok
08:48:08.0568 3336 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:48:08.0599 3336 IPNAT - ok
08:48:08.0677 3336 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:48:08.0692 3336 iPod Service - ok
08:48:08.0724 3336 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:48:08.0724 3336 IRENUM - ok
08:48:08.0770 3336 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:48:08.0770 3336 isapnp - ok
08:48:08.0817 3336 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:48:08.0817 3336 iScsiPrt - ok
08:48:08.0833 3336 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:48:08.0848 3336 iteatapi - ok
08:48:08.0864 3336 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:48:08.0864 3336 iteraid - ok
08:48:08.0895 3336 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:48:08.0895 3336 kbdclass - ok
08:48:08.0926 3336 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:48:08.0958 3336 kbdhid - ok
08:48:08.0989 3336 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
08:48:08.0989 3336 KeyIso - ok
08:48:09.0036 3336 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:48:09.0036 3336 KSecDD - ok
08:48:09.0082 3336 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:48:09.0098 3336 KtmRm - ok
08:48:09.0129 3336 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
08:48:09.0129 3336 LanmanServer - ok
08:48:09.0192 3336 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:48:09.0207 3336 LanmanWorkstation - ok
08:48:09.0254 3336 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:48:09.0254 3336 lltdio - ok
08:48:09.0285 3336 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:48:09.0285 3336 lltdsvc - ok
08:48:09.0316 3336 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:48:09.0316 3336 lmhosts - ok
08:48:09.0348 3336 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:48:09.0348 3336 LSI_FC - ok
08:48:09.0379 3336 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:48:09.0379 3336 LSI_SAS - ok
08:48:09.0426 3336 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:48:09.0441 3336 LSI_SCSI - ok
08:48:09.0488 3336 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
08:48:09.0488 3336 luafv - ok
08:48:09.0566 3336 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:48:09.0582 3336 Mcx2Svc - ok
08:48:09.0628 3336 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
08:48:09.0628 3336 megasas - ok
08:48:09.0675 3336 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
08:48:09.0691 3336 MegaSR - ok
08:48:09.0722 3336 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
08:48:09.0722 3336 MMCSS - ok
08:48:09.0753 3336 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
08:48:09.0753 3336 Modem - ok
08:48:09.0784 3336 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:48:09.0784 3336 monitor - ok
08:48:09.0800 3336 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:48:09.0800 3336 mouclass - ok
08:48:09.0816 3336 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:48:09.0816 3336 mouhid - ok
08:48:09.0831 3336 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:48:09.0831 3336 MountMgr - ok
08:48:09.0878 3336 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
08:48:09.0894 3336 MpFilter - ok
08:48:09.0925 3336 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
08:48:09.0940 3336 mpio - ok
08:48:10.0112 3336 [ A69630D039C38018689190234F866D77 ] MpKsldcb0aeec c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB0F9A3B-021C-4423-8114-6022075EF622}\MpKsldcb0aeec.sys
08:48:10.0112 3336 MpKsldcb0aeec - ok
08:48:10.0143 3336 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:48:10.0159 3336 mpsdrv - ok
08:48:10.0190 3336 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
08:48:10.0206 3336 MpsSvc - ok
08:48:10.0237 3336 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:48:10.0237 3336 Mraid35x - ok
08:48:10.0268 3336 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:48:10.0268 3336 MRxDAV - ok
08:48:10.0315 3336 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:48:10.0315 3336 mrxsmb - ok
08:48:10.0362 3336 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:48:10.0377 3336 mrxsmb10 - ok
08:48:10.0393 3336 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:48:10.0393 3336 mrxsmb20 - ok
08:48:10.0440 3336 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
08:48:10.0440 3336 msahci - ok
08:48:10.0471 3336 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:48:10.0486 3336 msdsm - ok
08:48:10.0518 3336 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
08:48:10.0518 3336 MSDTC - ok
08:48:10.0549 3336 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:48:10.0549 3336 Msfs - ok
08:48:10.0580 3336 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:48:10.0580 3336 msisadrv - ok
08:48:10.0611 3336 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:48:10.0642 3336 MSiSCSI - ok
08:48:10.0642 3336 msiserver - ok
08:48:10.0705 3336 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:48:10.0705 3336 MSKSSRV - ok
08:48:10.0752 3336 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:48:10.0752 3336 MsMpSvc - ok
08:48:10.0783 3336 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:48:10.0783 3336 MSPCLOCK - ok
08:48:10.0798 3336 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:48:10.0798 3336 MSPQM - ok
08:48:10.0845 3336 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:48:10.0845 3336 MsRPC - ok
08:48:10.0892 3336 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:48:10.0892 3336 mssmbios - ok
08:48:10.0939 3336 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:48:10.0939 3336 MSTEE - ok
08:48:10.0986 3336 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
08:48:10.0986 3336 MTsensor - ok
08:48:11.0017 3336 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
08:48:11.0017 3336 Mup - ok
08:48:11.0048 3336 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
08:48:11.0064 3336 napagent - ok
08:48:11.0126 3336 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:48:11.0142 3336 NativeWifiP - ok
08:48:11.0220 3336 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:48:11.0235 3336 NDIS - ok
08:48:11.0298 3336 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:48:11.0298 3336 NdisTapi - ok
08:48:11.0313 3336 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:48:11.0313 3336 Ndisuio - ok
08:48:11.0344 3336 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:48:11.0360 3336 NdisWan - ok
08:48:11.0376 3336 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:48:11.0376 3336 NDProxy - ok
08:48:11.0391 3336 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:48:11.0391 3336 NetBIOS - ok
08:48:11.0422 3336 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:48:11.0422 3336 netbt - ok
08:48:11.0469 3336 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
08:48:11.0469 3336 Netlogon - ok
08:48:11.0563 3336 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
08:48:11.0578 3336 Netman - ok
08:48:11.0610 3336 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
08:48:11.0610 3336 netprofm - ok
08:48:11.0641 3336 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:48:11.0641 3336 NetTcpPortSharing - ok
08:48:12.0780 3336 [ 9CA26DCCF0B84A6FF2B54FBB2A94520B ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
08:48:13.0934 3336 NETw5v32 - ok
08:48:13.0981 3336 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:48:13.0981 3336 nfrd960 - ok
08:48:14.0028 3336 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:48:14.0028 3336 NisDrv - ok
08:48:14.0199 3336 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
08:48:14.0215 3336 NisSrv - ok
08:48:14.0246 3336 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:48:14.0262 3336 NlaSvc - ok
08:48:14.0293 3336 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:48:14.0293 3336 Npfs - ok
08:48:14.0308 3336 npggsvc - ok
08:48:14.0340 3336 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
08:48:14.0340 3336 nsi - ok
08:48:14.0355 3336 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:48:14.0355 3336 nsiproxy - ok
08:48:14.0652 3336 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:48:14.0761 3336 Ntfs - ok
08:48:14.0792 3336 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
08:48:14.0792 3336 ntrigdigi - ok
08:48:14.0808 3336 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
08:48:14.0808 3336 Null - ok
08:48:14.0839 3336 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:48:14.0839 3336 nvraid - ok
08:48:14.0854 3336 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:48:14.0854 3336 nvstor - ok
08:48:14.0886 3336 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:48:14.0886 3336 nv_agp - ok
08:48:14.0886 3336 NwlnkFlt - ok
08:48:14.0901 3336 NwlnkFwd - ok
08:48:15.0057 3336 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:48:15.0073 3336 odserv - ok
08:48:15.0120 3336 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:48:15.0120 3336 ohci1394 - ok
08:48:15.0166 3336 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:48:15.0166 3336 ose - ok
08:48:15.0229 3336 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:48:15.0244 3336 p2pimsvc - ok
08:48:15.0260 3336 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
08:48:15.0260 3336 p2psvc - ok
08:48:15.0322 3336 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
08:48:15.0338 3336 Parport - ok
08:48:15.0385 3336 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:48:15.0400 3336 partmgr - ok
08:48:15.0416 3336 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
08:48:15.0416 3336 Parvdm - ok
08:48:15.0447 3336 [ 1BF91F352D746AD7469FA71783B5FAE8 ] PCAMp50 C:\Windows\system32\Drivers\PCAMp50.sys
08:48:15.0447 3336 PCAMp50 - ok
08:48:15.0478 3336 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\Windows\system32\Drivers\PCASp50.sys
08:48:15.0478 3336 PCASp50 - ok
08:48:15.0525 3336 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
08:48:15.0525 3336 PcaSvc - ok
08:48:15.0556 3336 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
08:48:15.0556 3336 pci - ok
08:48:15.0588 3336 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
08:48:15.0588 3336 pciide - ok
08:48:15.0619 3336 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:48:15.0619 3336 pcmcia - ok
08:48:15.0650 3336 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:48:15.0666 3336 PEAUTH - ok
08:48:15.0744 3336 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
08:48:15.0790 3336 pla - ok
08:48:15.0822 3336 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:48:15.0822 3336 PlugPlay - ok
08:48:15.0868 3336 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:48:15.0868 3336 PNRPAutoReg - ok
08:48:15.0946 3336 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:48:15.0946 3336 PNRPsvc - ok
08:48:16.0087 3336 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:48:16.0118 3336 PolicyAgent - ok
08:48:16.0134 3336 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:48:16.0134 3336 PptpMiniport - ok
08:48:16.0165 3336 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
08:48:16.0165 3336 Processor - ok
08:48:16.0212 3336 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
08:48:16.0227 3336 ProfSvc - ok
08:48:16.0243 3336 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:48:16.0243 3336 ProtectedStorage - ok
08:48:16.0290 3336 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
08:48:16.0368 3336 PSI_SVC_2 - ok
08:48:16.0477 3336 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:48:16.0508 3336 ql2300 - ok
08:48:16.0539 3336 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:48:16.0539 3336 ql40xx - ok
08:48:16.0570 3336 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
08:48:16.0586 3336 QWAVE - ok
08:48:16.0602 3336 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:48:16.0602 3336 QWAVEdrv - ok
08:48:16.0617 3336 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:48:16.0617 3336 RasAcd - ok
08:48:16.0633 3336 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
08:48:16.0633 3336 RasAuto - ok
08:48:16.0664 3336 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:48:16.0664 3336 Rasl2tp - ok
08:48:16.0711 3336 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
08:48:16.0711 3336 RasMan - ok
08:48:16.0758 3336 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:48:16.0758 3336 RasPppoe - ok
08:48:16.0789 3336 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:48:16.0789 3336 RasSstp - ok
08:48:16.0820 3336 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:48:16.0820 3336 rdbss - ok
08:48:16.0851 3336 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:48:16.0851 3336 RDPCDD - ok
08:48:16.0882 3336 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
08:48:16.0882 3336 rdpdr - ok
08:48:16.0882 3336 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:48:16.0882 3336 RDPENCDD - ok
08:48:16.0945 3336 [ 79C6DF8477250F5C54F7C5AE1D6B814E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:48:16.0960 3336 RDPWD - ok
08:48:17.0007 3336 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:48:17.0007 3336 RemoteAccess - ok
08:48:17.0038 3336 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:48:17.0054 3336 RemoteRegistry - ok
08:48:17.0085 3336 [ 34CC78C06587718C2AD6D3AA83B1F072 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:48:17.0101 3336 RFCOMM - ok
08:48:17.0148 3336 [ EEC7EE5675294B03E88AA868540007C1 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
08:48:17.0148 3336 RMCAST - ok
08:48:17.0179 3336 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
08:48:17.0179 3336 RpcLocator - ok
08:48:17.0194 3336 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
08:48:17.0210 3336 RpcSs - ok
08:48:17.0226 3336 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:48:17.0226 3336 rspndr - ok
08:48:17.0272 3336 [ 2CC77C65216A8BB4677E637120D5731D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
08:48:17.0272 3336 RTL8169 - ok
08:48:17.0272 3336 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
08:48:17.0272 3336 SamSs - ok
08:48:17.0304 3336 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:48:17.0304 3336 sbp2port - ok
08:48:17.0335 3336 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:48:17.0335 3336 SCardSvr - ok
08:48:17.0382 3336 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
08:48:17.0397 3336 Schedule - ok
08:48:17.0413 3336 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:48:17.0413 3336 SCPolicySvc - ok
08:48:17.0444 3336 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:48:17.0444 3336 SDRSVC - ok
08:48:17.0538 3336 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
08:48:17.0553 3336 SeaPort - ok
08:48:17.0678 3336 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:48:17.0678 3336 secdrv - ok
08:48:17.0709 3336 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
08:48:17.0725 3336 seclogon - ok
08:48:17.0756 3336 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
08:48:17.0756 3336 SENS - ok
08:48:17.0772 3336 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:48:17.0772 3336 Serenum - ok
08:48:17.0787 3336 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
08:48:17.0787 3336 Serial - ok
08:48:17.0834 3336 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:48:17.0850 3336 sermouse - ok
08:48:17.0881 3336 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
08:48:17.0896 3336 SessionEnv - ok
08:48:17.0912 3336 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:48:17.0912 3336 sffdisk - ok
08:48:17.0928 3336 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:48:17.0928 3336 sffp_mmc - ok
08:48:17.0943 3336 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:48:17.0943 3336 sffp_sd - ok
08:48:17.0959 3336 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:48:17.0959 3336 sfloppy - ok
08:48:17.0990 3336 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:48:17.0990 3336 SharedAccess - ok
08:48:18.0037 3336 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:48:18.0037 3336 ShellHWDetection - ok
08:48:18.0068 3336 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:48:18.0068 3336 sisagp - ok
08:48:18.0084 3336 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:48:18.0084 3336 SiSRaid2 - ok
08:48:18.0115 3336 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:48:18.0115 3336 SiSRaid4 - ok
08:48:18.0396 3336 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
08:48:18.0489 3336 slsvc - ok
08:48:18.0520 3336 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:48:18.0536 3336 SLUINotify - ok
08:48:18.0552 3336 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:48:18.0552 3336 Smb - ok
08:48:18.0583 3336 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:48:18.0583 3336 SNMPTRAP - ok
08:48:18.0786 3336 [ 0302BC619D4A723317E7F8EB0C362BD3 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
08:48:18.0817 3336 SNP2UVC - ok
08:48:18.0832 3336 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
08:48:18.0832 3336 spldr - ok
08:48:18.0864 3336 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
08:48:18.0895 3336 Spooler - ok
08:48:18.0926 3336 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:48:18.0942 3336 srv - ok
08:48:18.0988 3336 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:48:19.0004 3336 srv2 - ok
08:48:19.0020 3336 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:48:19.0020 3336 srvnet - ok
08:48:19.0066 3336 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:48:19.0066 3336 SSDPSRV - ok
08:48:19.0113 3336 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:48:19.0113 3336 SstpSvc - ok
08:48:19.0144 3336 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:48:19.0144 3336 StillCam - ok
08:48:19.0207 3336 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
08:48:19.0207 3336 stisvc - ok
08:48:19.0238 3336 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:48:19.0238 3336 swenum - ok
08:48:19.0285 3336 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
08:48:19.0300 3336 swprv - ok
08:48:19.0316 3336 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:48:19.0332 3336 Symc8xx - ok
08:48:19.0347 3336 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:48:19.0347 3336 Sym_hi - ok
08:48:19.0378 3336 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:48:19.0378 3336 Sym_u3 - ok
08:48:19.0425 3336 [ 8CC32B5C9A89CAEA4EFB68B2606E15E5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:48:19.0425 3336 SynTP - ok
08:48:19.0659 3336 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
08:48:19.0722 3336 SysMain - ok
08:48:19.0753 3336 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:48:19.0800 3336 TabletInputService - ok
08:48:19.0878 3336 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:48:19.0893 3336 TapiSrv - ok
08:48:19.0940 3336 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
08:48:19.0940 3336 TBS - ok
08:48:20.0096 3336 [ 16731B631F28F63CD9F4CB60940E7DDD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:48:20.0096 3336 Tcpip - ok
08:48:20.0455 3336 [ 16731B631F28F63CD9F4CB60940E7DDD ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:48:20.0470 3336 Tcpip6 - ok
08:48:20.0486 3336 [ 3FC13F09AF9BE487C7B4FAC4070A036C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:48:20.0502 3336 tcpipreg - ok
08:48:20.0548 3336 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:48:20.0548 3336 TDPIPE - ok
08:48:20.0564 3336 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:48:20.0580 3336 TDTCP - ok
08:48:20.0611 3336 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:48:20.0626 3336 tdx - ok
08:48:20.0642 3336 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:48:20.0642 3336 TermDD - ok
08:48:20.0767 3336 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
08:48:20.0845 3336 TermService - ok
08:48:20.0876 3336 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
08:48:20.0892 3336 Themes - ok
08:48:20.0907 3336 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
08:48:20.0907 3336 THREADORDER - ok
08:48:20.0970 3336 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
08:48:20.0985 3336 TrkWks - ok
08:48:21.0048 3336 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:48:21.0079 3336 TrustedInstaller - ok
08:48:21.0126 3336 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:48:21.0126 3336 tssecsrv - ok
08:48:21.0157 3336 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:48:21.0157 3336 tunmp - ok
08:48:21.0172 3336 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:48:21.0172 3336 tunnel - ok
08:48:21.0188 3336 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:48:21.0204 3336 uagp35 - ok
08:48:21.0250 3336 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:48:21.0266 3336 udfs - ok
08:48:21.0313 3336 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:48:21.0313 3336 UI0Detect - ok
08:48:21.0360 3336 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:48:21.0375 3336 uliagpkx - ok
08:48:21.0391 3336 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:48:21.0391 3336 uliahci - ok
08:48:21.0422 3336 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:48:21.0422 3336 UlSata - ok
08:48:21.0453 3336 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:48:21.0453 3336 ulsata2 - ok
08:48:21.0469 3336 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:48:21.0469 3336 umbus - ok
08:48:21.0500 3336 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
08:48:21.0516 3336 upnphost - ok
08:48:21.0531 3336 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
08:48:21.0562 3336 USBAAPL - ok
08:48:21.0609 3336 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:48:21.0609 3336 usbaudio - ok
08:48:21.0640 3336 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:48:21.0640 3336 usbccgp - ok
08:48:21.0687 3336 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:48:21.0687 3336 usbcir - ok
08:48:21.0734 3336 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:48:21.0734 3336 usbehci - ok
08:48:21.0750 3336 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:48:21.0750 3336 usbhub - ok
08:48:21.0765 3336 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:48:21.0765 3336 usbohci - ok
08:48:21.0796 3336 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:48:21.0796 3336 usbprint - ok
08:48:21.0859 3336 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:48:21.0874 3336 usbscan - ok
08:48:21.0906 3336 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:48:21.0906 3336 USBSTOR - ok
08:48:21.0921 3336 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:48:21.0921 3336 usbuhci - ok
08:48:21.0952 3336 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:48:21.0952 3336 usbvideo - ok
08:48:21.0999 3336 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
08:48:21.0999 3336 UxSms - ok
08:48:22.0030 3336 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
08:48:22.0062 3336 vds - ok
08:48:22.0077 3336 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:48:22.0077 3336 vga - ok
08:48:22.0093 3336 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
08:48:22.0093 3336 VgaSave - ok
08:48:22.0108 3336 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:48:22.0108 3336 viaagp - ok
08:48:22.0155 3336 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
08:48:22.0155 3336 ViaC7 - ok
08:48:22.0171 3336 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
08:48:22.0171 3336 viaide - ok
08:48:22.0171 3336 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:48:22.0171 3336 volmgr - ok
08:48:22.0202 3336 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:48:22.0218 3336 volmgrx - ok
08:48:22.0218 3336 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:48:22.0233 3336 volsnap - ok
08:48:22.0264 3336 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:48:22.0264 3336 vsmraid - ok
08:48:22.0311 3336 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
08:48:22.0327 3336 VSS - ok
08:48:22.0545 3336 [ 980E45498392E6659D2E7C44E7DE2336 ] vToolbarUpdater C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
08:48:22.0561 3336 vToolbarUpdater - ok
08:48:22.0608 3336 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
08:48:22.0623 3336 W32Time - ok
08:48:22.0654 3336 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:48:22.0654 3336 WacomPen - ok
08:48:22.0670 3336 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:48:22.0670 3336 Wanarp - ok
08:48:22.0670 3336 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:48:22.0670 3336 Wanarpv6 - ok
08:48:22.0701 3336 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:48:22.0717 3336 wcncsvc - ok
08:48:22.0748 3336 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:48:22.0748 3336 WcsPlugInService - ok
08:48:22.0779 3336 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
08:48:22.0779 3336 Wd - ok
08:48:22.0810 3336 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:48:22.0826 3336 Wdf01000 - ok
08:48:22.0842 3336 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:48:22.0842 3336 WdiServiceHost - ok
08:48:22.0842 3336 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:48:22.0842 3336 WdiSystemHost - ok
08:48:22.0904 3336 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
08:48:22.0920 3336 WebClient - ok
08:48:22.0951 3336 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:48:22.0966 3336 Wecsvc - ok
08:48:22.0998 3336 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:48:22.0998 3336 wercplsupport - ok
08:48:23.0029 3336 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
08:48:23.0044 3336 WerSvc - ok
08:48:23.0154 3336 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:48:23.0185 3336 WinDefend - ok
08:48:23.0185 3336 WinHttpAutoProxySvc - ok
08:48:23.0466 3336 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:48:23.0481 3336 Winmgmt - ok
08:48:23.0544 3336 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
08:48:23.0575 3336 WinRM - ok
08:48:23.0637 3336 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:48:23.0653 3336 Wlansvc - ok
08:48:23.0809 3336 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:48:23.0856 3336 wlidsvc - ok
08:48:23.0887 3336 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:48:23.0902 3336 WmiAcpi - ok
08:48:23.0949 3336 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:48:23.0949 3336 wmiApSrv - ok
08:48:24.0043 3336 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:48:24.0058 3336 WMPNetworkSvc - ok
08:48:24.0090 3336 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:48:24.0090 3336 WPCSvc - ok
08:48:24.0121 3336 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:48:24.0121 3336 WPDBusEnum - ok
08:48:24.0168 3336 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
08:48:24.0168 3336 WpdUsb - ok
08:48:24.0495 3336 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:48:24.0542 3336 WPFFontCache_v0400 - ok
08:48:24.0573 3336 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:48:24.0573 3336 ws2ifsl - ok
08:48:24.0604 3336 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
08:48:24.0604 3336 wscsvc - ok
08:48:24.0604 3336 WSearch - ok
08:48:24.0714 3336 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
08:48:24.0760 3336 wuauserv - ok
08:48:24.0823 3336 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:48:24.0823 3336 WUDFRd - ok
08:48:24.0870 3336 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:48:24.0870 3336 wudfsvc - ok
08:48:24.0885 3336 ================ Scan global ===============================
08:48:24.0916 3336 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:48:24.0963 3336 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:48:24.0979 3336 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:48:25.0010 3336 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
08:48:25.0026 3336 [Global] - ok
08:48:25.0026 3336 ================ Scan MBR ==================================
08:48:25.0026 3336 [ 8C9F9E03865C35F0F3829A23CDA42F5D ] \Device\Harddisk0\DR0
08:48:27.0319 3336 \Device\Harddisk0\DR0 - ok
08:48:27.0319 3336 ================ Scan VBR ==================================
08:48:27.0334 3336 [ 2FBF8EB8B7D881B195EB80D7E5713A96 ] \Device\Harddisk0\DR0\Partition1
08:48:27.0350 3336 \Device\Harddisk0\DR0\Partition1 - ok
08:48:27.0350 3336 ============================================================
08:48:27.0350 3336 Scan finished
08:48:27.0350 3336 ============================================================
08:48:27.0366 4092 Detected object count: 0
08:48:27.0366 4092 Actual detected object count: 0
08:48:54.0369 3996 Deinitialize success

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.12.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
jeannette :: OWNER [administrator]

11/13/2012 8:50:02 AMS
mbam-log-2012-11-13 (08-50-02).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362325
Time elapsed: 1 hour(s), 23 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by coxchris, 13 November 2012 - 01:19 PM.

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:40 PM

Posted 13 November 2012 - 10:42 PM

Hi,

Logs are clean so far, but I'm not ruling out malware just yet.

SUPERAntiSpyware

I need you to run a scan with SUPERAntiSpyware.

  • Download SAS from here, and save it to your desktop.
  • Double click the installer to start the installation. If you do not want to start the trial of the full version, please decline, and feel free to uncheck options to install external toolbars/software, unless you want them. Otherwise, follow the prompts and let the program install.
  • Once the program is done installing and updating, tick the Complete Scan option on the interface, and press the big Scan your Computer... button. Ensure that the options Activate Scan Boost™ > Low boost and Scan inside .ZIP archives are selected and Start Complete Scan.
  • After scanning, be sure to remove all detected threats if any were detected. If asked to reboot to remove threats, do so immediately.
  • Once finished, return to the main interface, go to View Scan Logs and view the newest log. Copy and paste it into your reply.

ESET Online Scanner

I need you to run a scan with ESET Online Scanner.

  • Download the scanner from here, and save it to your desktop.
  • Double click the file to install the program. Once it's done, accept the terms of use and click Start. Be sure the following settings are checked before beginning:
    Scan archives
    Remove found threats
    Scan potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology
  • Once the scan is done, if anything was found, click List of found threats, and then Export to text file..., and save the log to your desktop.
  • Click << Back, and then Finish. If you have to reboot, do so immediately.
  • After ESET finishes scanning and removing threats, copy and paste the log into your reply.

Please tell me how all of this went in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:40 PM

Posted 14 November 2012 - 02:06 PM

Gunto,

I had alot of infections with SAS and ESET they run successfully I ran ESET first because it found 8 infections and during the scan my Windows Update was working again because it wasn't working yesurday. It had some problems with syncing with the windows update sever but Its now got 250ish updates

I had the same problem with the CD/DVD drive it still doesn't read any disc but the BIOS/Windows sees it.

If you have some more things to do with it I can extend my day to give it back to the client. I was going to release it back to her tomorrow

Here is your logs

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/14/2012 at 10:26 AM

Application Version : 5.6.1014

Core Rules Database Version : 9583
Trace Rules Database Version: 7395

Scan type : Complete Scan
Total Scan Time : 00:49:01

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 603
Memory threats detected : 0
Registry items scanned : 37342
Registry threats detected : 18
File items scanned : 39144
File threats detected : 31

Browser Hijacker.Internet Explorer Settings Hijack
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2164&q={searchTerms} ]

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Adware.Zugo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
HKU\S-1-5-21-3105131991-3054754549-3784593915-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9D425283-D487-4337-BAB6-AB8354A81457}
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
HKU\S-1-5-21-3105131991-3054754549-3784593915-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}

Adware.HBHelper
HKU\S-1-5-21-3105131991-3054754549-3784593915-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKU\S-1-5-21-3105131991-3054754549-3784593915-1000_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Adware.ShopAtHomeSelect
HKU\S-1-5-21-3105131991-3054754549-3784593915-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.Tracking Cookie
.casalemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JEANNETTE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
core.insightexpressai.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
crackle.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
indieclick.3janecdn.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
media.heavy.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
media.mtvnservices.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
media.scanscout.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
media1.break.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
objects.tremormedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4FSTN6DD ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.US.E-PLANNING[1].TXT [ /ADS.US.E-PLANNING ]

Eset report

Please be advice I remove the quarantined files but not the application so the items in this report no longer active on this system


C:\limewire2\LimeWireSetup2.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files\Babylon\Babylon-Pro\Utils\MyBabylonTB(178).exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\WeatherBlinkEI\Installr\1.bin\gcEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\WeatherBlinkEI\Installr\1.bin\gcEZSETP.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\WeatherBlinkEI\Installr\1.bin\NPgcEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\jeannette\AppData\Roaming\87083D59D8B3A1E87E2BEB606D3C048A\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\jeannette\AppData\Roaming\87083D59D8B3A1E87E2BEB606D3C048A\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3R9C4TG\script_card[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3R9C4TG\script_card[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3R9C4TG\script_card[3] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3R9C4TG\script_card[4] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3R9C4TG\script_card[5] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3R9C4TG\script_card[6] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3R9C4TG\script_card[7] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCA0DT9UO Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCA1PZIV6 Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCAA1GV9W Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCADM14TM Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCAG7XWJW Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCALQJ22J Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCAUZ8QBH Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCAY0H1Q9 Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_cardCAYUA5VN Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[10] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[11] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[2] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[3] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[4] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[5] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[6] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[7] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[8] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5JWMXMD\script_card[9] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined

Please let me know if you have any other suggestion for me to do. Thank you for your continuing help. Yesterday I became A+ Certified but have only some experiences with advance removal of male ware and spyware.

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:40 PM

Posted 15 November 2012 - 01:22 AM

Hi,

Very good that certain problems are being fixed! :) I have a couple more things to try before I'd consider this complicated enough for the malware log forum.

AdwCleaner

I need you to run AdwCleaner to see if it removes anything.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.
  • Once rebooted, a text file will open up. Please copy and paste it into your reply.

RogueKiller

I need you to run RogueKiller to see if it removes anything.

  • Download RogueKiller from here, and save it to your desktop.
  • Close all open programs.
  • Double click the file on your desktop. Once the automatic check completes, hit the Scan button.
  • Once the full scan has finished, click on the Delete button. Once it's done removing things, open the newest log on your desktop (should be called RKreport[2].txt) and copy and paste it into your reply.

Please tell me how all of this went in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:40 PM

Posted 15 November 2012 - 11:38 AM

Gunto,

They both completed successfully

# AdwCleaner v2.007 - Logfile created 11/15/2012 at 08:19:46
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : jeannette - OWNER
# Boot Mode : Normal
# Running from : C:\Users\jeannette\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\user.js
File Deleted : C:\Users\JEANNE~1\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\system32\conduitEngine.tmp
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\facemoods.com
Folder Deleted : C:\Program Files\PageRage
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\jeannette\AppData\Local\Conduit
Folder Deleted : C:\Users\jeannette\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\jeannette\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jeannette\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\jeannette\AppData\LocalLow\PageRage
Folder Deleted : C:\Users\jeannette\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\jeannette\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\jeannette\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PageRage
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\FCTB000060497
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TBSB05974
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.3
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB05974
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB05974.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000060497
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B7A0FA-718D-4DB3-BDEE-3AF42BB72661}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A27403CD-906F-4173-B91A-06F0A386D4D1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PageRage Toolbar
Key Deleted : HKLM\Software\PageRage
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19222

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80291&lng=en --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80291 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\jeannette\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://search.babylon.com/home?AF=55555",
Deleted [l.1435] : homepage = "hxxp://search.babylon.com/home?AF=55555",

*************************

AdwCleaner[R1].txt - [21039 octets] - [15/11/2012 08:18:06]
AdwCleaner[S1].txt - [20594 octets] - [15/11/2012 08:19:46]

########## EOF - C:\AdwCleaner[S1].txt - [20655 octets] ##########


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : jeannette [Admin rights]
Mode : Remove -- Date : 11/15/2012 08:32:25

Bad processes : 1
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermProc]

Registry Entries : 6
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4789 : wscript.exe C:\Users\JEANNE~1\AppData\Local\Temp\launchie.vbs //B -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:25477) -> NOT REMOVED, USE PROXYFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[Tr.Karagany][FOLDER] ROOT : C:\Users\jeannette\AppData\Roaming\Adobe\plugs --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Users\jeannette\AppData\Roaming\Adobe\shed --> REMOVED

Driver : [LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: Hitachi HTS543225L9A300 +++++
--- User ---
[MBR] 00d91e31038824e4212871129b812651
[BSP] 09446556b244f9f942add80c45c63eeb : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10240 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 228233 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11152012_02d0832.txt >>
RKreport[1]_S_11152012_02d0831.txt ; RKreport[2]_D_11152012_02d0832.txt

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:40 PM

Posted 15 November 2012 - 10:23 PM

Hi,

Are you still having the CD/DVD problems?

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:40 PM

Posted 15 November 2012 - 10:24 PM

Yes I am

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#10 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:40 PM

Posted 15 November 2012 - 10:26 PM

and its looks like its one component not a drive bay

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#11 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:40 PM

Posted 15 November 2012 - 10:28 PM

Hi,

Alright, I can't tell if this is advanced malware or a driver issue at this point, but either way, I'll need you to do the following.


Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#12 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:40 PM

Posted 15 November 2012 - 10:30 PM

Thank you so much for the help

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#13 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:03:40 PM

Posted 16 November 2012 - 02:12 PM

http://www.bleepingcomputer.com/forums/topic475395.html

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users