Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help infected with unknown virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 vladius13

vladius13

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 16 November 2012 - 01:27 PM

all my web browsers suck up enourmous amounts of resorces when used. keep getting windows warnings about it.



DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.19019
Run by Travis at 14:48:49 on 2012-11-15
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2012.559 [GMT -8:00]
.
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn4\ytbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=114874&tt=4612_3&babsrc=HP_ss&mntrId=f23322fd00000000000000219b2cff0f
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\travis\appdata\roaming\micros~1\windows\startm~1\programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{43C9B85F-3174-4A9C-9EC5-360FF6EDDFDF} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\travis\appdata\roaming\mozilla\firefox\profiles\ni5ouyrs.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114874&tt=4612_3&babsrc=HP_ss&mntrId=f23322fd00000000000000219b2cff0f
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\travis\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\travis\appdata\roaming\mozilla\firefox\profiles\ni5ouyrs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\users\travis\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\travis\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f23322fd00000000000000219b2cff0f&q=
FF - user.js: extensions.BabylonToolbar.id - f23322fd00000000000000219b2cff0f
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15659
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.813:52:33
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - na
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2011-1-30 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2011-1-30 15856]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-11-8 17904]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2011-1-30 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-11-8 2996272]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-4-11 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 655944]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-4-11 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-8 1153368]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-8-24 5120]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-11-8 51632]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-3-17 16640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 22344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S1 US800_AA;Service for US-800 Driver;c:\windows\system32\drivers\US800Drv.sys [2012-3-27 72800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-11-12 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-11-12 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-11-12 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-11-12 25088]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-19 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 US800_01;Service for US800 WDM;c:\windows\system32\drivers\US800Wdm.sys [2012-3-27 30816]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-15 21:52:38 -------- d-----w- c:\program files\BabylonToolbar
2012-11-15 21:52:10 -------- d-----w- c:\programdata\Babylon
2012-11-15 21:52:09 -------- d-----w- c:\users\travis\appdata\roaming\Babylon
2012-11-06 10:50:21 -------- d-----w- c:\program files\SystemRequirementsLab
2012-11-05 01:20:45 -------- d-----w- c:\windows\system32\Roxio
2012-11-05 01:20:45 -------- d-----w- c:\windows\system32\My Videos
2012-11-04 04:10:12 99896 ----atw- c:\users\travis\appdata\roaming\microsoft\~DFKc92fa28.tmp
2012-11-04 04:10:12 18724 ----atw- c:\users\travis\appdata\roaming\microsoft\bass.dll
2012-11-03 18:50:11 -------- d-----w- c:\program files\FreeVideoCutter.exe
2012-10-19 19:52:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
==================== Find3M ====================
.
2012-10-09 15:26:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 15:26:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 22:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-21 20:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 14:51:36.70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 17 November 2012 - 06:59 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Emsisoft Anti-Malware
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated*


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.



These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 vladius13

vladius13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 17 November 2012 - 01:05 PM

Thank you for your reply. I did remove the emnisoft malware and here are the 3 things you asked for


Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````




# AdwCleaner v2.007 - Logfile created 11/17/2012 at 09:49:48
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# User : Travis - TRAVIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Travis\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Travis\AppData\Local\Conduit
Folder Deleted : C:\Users\Travis\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Travis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Travis\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Travis\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Travis\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\ni5ouyrs.default\ConduitCommon
Folder Deleted : C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\ni5ouyrs.default\CT3072253
Folder Deleted : C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\ni5ouyrs.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B8A4D6C-F860-4E1C-90EE-902AF2DB165D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D98B38B-3016-4DAF-8238-094A21F261C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19019

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114874&tt=4612_3&babsrc=HP_ss&mntrId=f23322fd00000000000000219b2cff0f --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=114874&tt=4612_3&babsrc=NT_ss&mntrId=f23322fd00000000000000219b2cff0f --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\ni5ouyrs.default\prefs.js

C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\ni5ouyrs.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Sun Aug 12 2012 09:00:51 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "6-9-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Thu Nov 15 2012 13:53:36 GMT-0800 (Pacific Standa[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "12-8-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft52E.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Sun Aug 12 2012 09:00:38 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Thu Nov 15 2012 13:53:31 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Sun Aug 12 2012 09:00:48 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Wed Sep 05 2012 14:16:58 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Wed Sep 05 2012 14:16:56 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Thu Nov 15 2012 13:53:19 GMT-0800 (Pacific Standard [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Thu Nov 15 2012 13:53:18 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1352964170");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Thu Nov 15 2012 13:53:18 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN14818269119749183");
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 0);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "53756E2041756720313220323031322030393A30303A35352[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E776565626C792E636F6D2F7[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Thu Nov 15 2012 13:53:33 GMT-0800 (Pacific [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Thu Nov 15 2012 13:53:31 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Thu Nov 15 2012 13:53:31 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c22[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Travis\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "cb9ac04d-a090-43c6-b1b1-3111070a1401");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 15 2012 13:53:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 15 2012 13:53:31 GMT-0800 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "82f26898-a9c7-45ed-8385-6917ecc50740");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=114874&tt=4612_3&babsrc=HP_s[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "f23322fd00000000000000219b2cff0f");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15659");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "na");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=114874&tt=4612_[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.813:52:33");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2] : urls_to_restore_on_startup ="session": { "restore_on_startup": 4, [ "hxxp://search.babylon.com/?affID=114874&tt=4612_3&babsrc=HP_ss&mntrId=f23322fd00000000000000219b2cff0f" ] },
Deleted [l.561] : homepage = "hxxp://search.babylon.com/?affID=114874&tt=4612_3&babsrc=HP_ss&mntrId=f23322fd00000000000000219b2cff0f",

*************************

AdwCleaner[S1].txt - [19036 octets] - [17/11/2012 09:49:48]

########## EOF - C:\AdwCleaner[S1].txt - [19097 octets] ##########






RogueKiller V8.3.0 [Nov 17 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Travis [Admin rights]
Mode : Remove -- Date : 11/17/2012 09:58:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] ctfmon.lnk @Travis : C:\Windows\System32\rundll32.exe|C:\Users\Travis\AppData\Local\Temp\abby0_tar.exe,FQ10 -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] ROOT : C:\Users\Travis\AppData\Roaming\Adobe\plugs --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Users\Travis\AppData\Roaming\Adobe\shed --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS +++++
--- User ---
[MBR] c2fd2f532a1681edafc3d0931cd711be
[BSP] de219fe929de7f53f6ad983aae5b34bf : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223377 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 29fd9c83d6550f2a6183a2e07a5032da
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2048 | Size: 15383 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11172012_02d0958.txt >>
RKreport[1]_S_11172012_02d0957.txt ; RKreport[2]_D_11172012_02d0958.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 17 November 2012 - 04:03 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vladius13

vladius13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 18 November 2012 - 11:43 AM

hi

so i ran combofix yesteday and it ran all night and has been locked in the same place since yesterday afternoon. I did not touch anything. It was deleteing a folder called ntuninstall when it stopped. not sure what to do

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 18 November 2012 - 12:57 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 vladius13

vladius13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 18 November 2012 - 07:28 PM

ok, so when i tried to first run in safe mode it gave me a warning that avg 2012 antivirus and malware was running., i tried to go and disable but was unable to find diable in safemode so i just removed avg off the computer. renbooted and antempted combofix again and got same warning that avg was running even though i had uninstalled it. proceeded anyway wwith scan. gave me messages during scan that said unable to process without administrator rights but then continued anyway.


Here is the combofix log

ComboFix 12-11-16.02 - Travis 11/18/2012 16:02:52.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2012.1593 [GMT -8:00]
Running from: c:\users\Travis\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\data
c:\data\default\us_sres.data
c:\program files\FreeVideoCutter.exe
c:\program files\FreeVideoCutter.exe\avcodec-54.dll
c:\program files\FreeVideoCutter.exe\avdevice-54.dll
c:\program files\FreeVideoCutter.exe\avfilter-2.dll
c:\program files\FreeVideoCutter.exe\avformat-54.dll
c:\program files\FreeVideoCutter.exe\avresample-0.dll
c:\program files\FreeVideoCutter.exe\avutil-51.dll
c:\program files\FreeVideoCutter.exe\ffmpeg.exe
c:\program files\FreeVideoCutter.exe\FreeVideoCutter.exe
c:\program files\FreeVideoCutter.exe\postproc-52.dll
c:\program files\FreeVideoCutter.exe\swresample-0.dll
c:\program files\FreeVideoCutter.exe\swscale-2.dll
c:\program files\FreeVideoCutter.exe\unins000.dat
c:\program files\FreeVideoCutter.exe\unins000.exe
c:\programdata\c4c1621p8kfir33u284ea0l6j4q2e68frt1sy3
c:\programdata\rat_0ybba.pad
c:\users\Travis\AppData\Roaming\Microsoft\~DFKc92fa28.tmp
c:\users\Travis\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Travis\AppData\Roaming\Microsoft\bass.dll
c:\users\Travis\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Travis\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Travis\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Travis\undisker.exe
c:\windows\$NtUninstallKB61928$
c:\windows\$NtUninstallKB61928$\2449579030\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB61928$\2449579030\L\ogejidap
c:\windows\$NtUninstallKB61928$\2483725592
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-19 00:11 . 2012-11-19 00:11 -------- d-----w- c:\users\Travis\AppData\Local\temp
2012-11-19 00:11 . 2012-11-19 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 10:50 . 2012-11-06 10:50 -------- d-----w- c:\program files\SystemRequirementsLab
2012-11-05 01:20 . 2012-11-05 01:20 -------- d-----w- c:\windows\system32\Roxio
2012-11-05 01:20 . 2012-11-05 01:20 -------- d-----w- c:\windows\system32\My Videos
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 19:53 . 2012-10-19 19:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-09 15:26 . 2012-05-12 01:02 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 15:26 . 2011-12-08 05:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 20:01 . 2012-10-10 00:36 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 20:01 . 2011-02-27 02:26 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 23:10 . 2012-05-12 01:06 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn4\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-13 895376]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-07-23 2908536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Travis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2012-04-27 16:12 6065784 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 20:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-02-10 19:03 745472 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2009-06-11 17:17 3618104 ------w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-07-30 23:05 497000 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 23:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 19:50 84464 ----a-w- c:\program files\Roxio 2010\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 09:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 1400 Series]
2006-10-11 12:01 143360 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBUA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-30 00:52 136176 ----atw- c:\users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-20 22:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 06:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 20:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-10 01:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 16:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-19 06:19 6265376 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\US800Pane]
2010-07-13 17:08 1781344 ----a-w- c:\windows\System32\US800Pan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-07-13 22:03 895376 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [x]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 15:26]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 14:35]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 14:35]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2075724100-1879240344-121661643-1000Core.job
- c:\users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-26 00:52]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2075724100-1879240344-121661643-1000UA.job
- c:\users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-26 00:52]
.
2012-11-17 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-04-11 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\ni5ouyrs.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-emsisoft anti-malware - c:\program files\Emsisoft Anti-Malware\a2guard.exe
AddRemove-US800 Audio Driver Setup - c:\program files\TASCAM\US800\uninst.exe Software\TASCAM\US800\Setup
AddRemove-{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1 - c:\program files\FreeVideoCutter.exe\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-18 16:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2075724100-1879240344-121661643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
**%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2075724100-1879240344-121661643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
**%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2075724100-1879240344-121661643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%$**]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2075724100-1879240344-121661643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%$**\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-18 16:12:58
ComboFix-quarantined-files.txt 2012-11-19 00:12
.
Pre-Run: 38,726,909,952 bytes free
Post-Run: 38,599,737,344 bytes free
.
- - End Of File - - CD430A9362B112D39167836E2CF02303

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 18 November 2012 - 08:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 vladius13

vladius13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 18 November 2012 - 10:54 PM

19:50:09.0677 0508 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:50:11.0679 0508 ============================================================
19:50:11.0679 0508 Current date / time: 2012/11/18 19:50:11.0679
19:50:11.0679 0508 SystemInfo:
19:50:11.0679 0508
19:50:11.0679 0508 OS Version: 6.0.6001 ServicePack: 1.0
19:50:11.0679 0508 Product type: Workstation
19:50:11.0679 0508 ComputerName: TRAVIS-PC
19:50:11.0679 0508 UserName: Travis
19:50:11.0679 0508 Windows directory: C:\Windows
19:50:11.0679 0508 System windows directory: C:\Windows
19:50:11.0679 0508 Processor architecture: Intel x86
19:50:11.0679 0508 Number of processors: 2
19:50:11.0679 0508 Page size: 0x1000
19:50:11.0679 0508 Boot type: Normal boot
19:50:11.0679 0508 ============================================================
19:50:12.0013 0508 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:50:12.0038 0508 Drive \Device\Harddisk1\DR1 - Size: 0x3C1800000 (15.02 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:50:12.0041 0508 Drive \Device\Harddisk2\DR2 - Size: 0xEFFFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:50:12.0078 0508 ============================================================
19:50:12.0078 0508 \Device\Harddisk0\DR0:
19:50:12.0078 0508 MBR partitions:
19:50:12.0078 0508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:50:12.0078 0508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B448CA2
19:50:12.0078 0508 \Device\Harddisk1\DR1:
19:50:12.0079 0508 MBR partitions:
19:50:12.0079 0508 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0x1E0B800
19:50:12.0079 0508 \Device\Harddisk2\DR2:
19:50:12.0080 0508 MBR partitions:
19:50:12.0080 0508 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
19:50:12.0080 0508 ============================================================
19:50:12.0118 0508 C: <-> \Device\Harddisk0\DR0\Partition2
19:50:12.0145 0508 D: <-> \Device\Harddisk0\DR0\Partition1
19:50:12.0145 0508 ============================================================
19:50:12.0146 0508 Initialize success
19:50:12.0146 0508 ============================================================
19:50:18.0749 2700 ============================================================
19:50:18.0749 2700 Scan started
19:50:18.0749 2700 Mode: Manual;
19:50:18.0749 2700 ============================================================
19:50:19.0236 2700 ================ Scan system memory ========================
19:50:19.0236 2700 System memory - ok
19:50:19.0236 2700 ================ Scan services =============================
19:50:19.0425 2700 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
19:50:19.0430 2700 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
19:50:19.0565 2700 [ 0CEE59E4613BF65E2FD37E544AD66BDB ] ACPI C:\Windows\system32\drivers\acpi.sys
19:50:19.0569 2700 ACPI - ok
19:50:19.0703 2700 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
19:50:19.0707 2700 Adobe Version Cue CS3 - ok
19:50:19.0800 2700 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:50:19.0804 2700 AdobeFlashPlayerUpdateSvc - ok
19:50:19.0868 2700 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:50:19.0876 2700 adp94xx - ok
19:50:19.0900 2700 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:50:19.0905 2700 adpahci - ok
19:50:19.0927 2700 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:50:19.0929 2700 adpu160m - ok
19:50:19.0958 2700 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:50:19.0962 2700 adpu320 - ok
19:50:20.0024 2700 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:50:20.0026 2700 AeLookupSvc - ok
19:50:20.0046 2700 [ 97210CDE1BA95053CAD83D0FBB7C6A89 ] AERTFilters C:\Windows\system32\AERTSrv.exe
19:50:20.0048 2700 AERTFilters - ok
19:50:20.0097 2700 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
19:50:20.0102 2700 AFD - ok
19:50:20.0134 2700 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:50:20.0136 2700 agp440 - ok
19:50:20.0196 2700 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:50:20.0198 2700 aic78xx - ok
19:50:20.0234 2700 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:50:20.0236 2700 ALG - ok
19:50:20.0261 2700 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:50:20.0262 2700 aliide - ok
19:50:20.0292 2700 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:50:20.0294 2700 amdagp - ok
19:50:20.0324 2700 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:50:20.0325 2700 amdide - ok
19:50:20.0341 2700 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:50:20.0343 2700 AmdK7 - ok
19:50:20.0374 2700 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:50:20.0375 2700 AmdK8 - ok
19:50:20.0414 2700 [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus C:\Windows\system32\DRIVERS\lgandbus.sys
19:50:20.0415 2700 Andbus - ok
19:50:20.0437 2700 [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag.sys
19:50:20.0438 2700 AndDiag - ok
19:50:20.0463 2700 [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps C:\Windows\system32\DRIVERS\lgandgps.sys
19:50:20.0465 2700 AndGps - ok
19:50:20.0498 2700 [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem.sys
19:50:20.0499 2700 ANDModem - ok
19:50:20.0561 2700 [ 99B278C7206221B1F2A4743EB76CA049 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
19:50:20.0562 2700 AnyDVD - ok
19:50:20.0610 2700 [ 85ECE26F326C2D07BA77A60343468272 ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
19:50:20.0611 2700 Apowersoft_AudioDevice - ok
19:50:20.0665 2700 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:50:20.0667 2700 Appinfo - ok
19:50:20.0739 2700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:50:20.0741 2700 Apple Mobile Device - ok
19:50:20.0783 2700 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:50:20.0785 2700 arc - ok
19:50:20.0837 2700 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:50:20.0840 2700 arcsas - ok
19:50:20.0964 2700 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:50:20.0966 2700 aspnet_state - ok
19:50:21.0018 2700 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:50:21.0020 2700 AsyncMac - ok
19:50:21.0027 2700 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
19:50:21.0028 2700 atapi - ok
19:50:21.0086 2700 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:50:21.0090 2700 AudioEndpointBuilder - ok
19:50:21.0098 2700 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:50:21.0101 2700 Audiosrv - ok
19:50:21.0133 2700 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:50:21.0134 2700 Beep - ok
19:50:21.0149 2700 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
19:50:21.0156 2700 BFE - ok
19:50:21.0240 2700 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
19:50:21.0283 2700 BITS - ok
19:50:21.0330 2700 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:50:21.0331 2700 blbdrive - ok
19:50:21.0423 2700 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:50:21.0429 2700 Bonjour Service - ok
19:50:21.0470 2700 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:50:21.0472 2700 bowser - ok
19:50:21.0498 2700 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:50:21.0499 2700 BrFiltLo - ok
19:50:21.0534 2700 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:50:21.0535 2700 BrFiltUp - ok
19:50:21.0582 2700 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:50:21.0584 2700 Browser - ok
19:50:21.0621 2700 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:50:21.0623 2700 Brserid - ok
19:50:21.0651 2700 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:50:21.0653 2700 BrSerWdm - ok
19:50:21.0687 2700 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:50:21.0688 2700 BrUsbMdm - ok
19:50:21.0726 2700 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:50:21.0727 2700 BrUsbSer - ok
19:50:21.0747 2700 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:50:21.0748 2700 BTHMODEM - ok
19:50:21.0882 2700 catchme - ok
19:50:21.0933 2700 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:50:21.0935 2700 cdfs - ok
19:50:21.0984 2700 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:50:21.0986 2700 cdrom - ok
19:50:22.0052 2700 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
19:50:22.0053 2700 CertPropSvc - ok
19:50:22.0123 2700 [ 127D4D0E9F78834FFD1EEEA3FCFB47C1 ] CinemaNow Service C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
19:50:22.0126 2700 CinemaNow Service - ok
19:50:22.0179 2700 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:50:22.0180 2700 circlass - ok
19:50:22.0203 2700 [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS C:\Windows\system32\CLFS.sys
19:50:22.0207 2700 CLFS - ok
19:50:22.0266 2700 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:50:22.0268 2700 clr_optimization_v2.0.50727_32 - ok
19:50:22.0332 2700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:50:22.0336 2700 clr_optimization_v4.0.30319_32 - ok
19:50:22.0376 2700 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:50:22.0377 2700 cmdide - ok
19:50:22.0424 2700 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:50:22.0425 2700 Compbatt - ok
19:50:22.0431 2700 COMSysApp - ok
19:50:22.0473 2700 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:50:22.0475 2700 crcdisk - ok
19:50:22.0513 2700 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:50:22.0514 2700 Crusoe - ok
19:50:22.0571 2700 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:50:22.0574 2700 CryptSvc - ok
19:50:22.0632 2700 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:50:22.0651 2700 DcomLaunch - ok
19:50:22.0699 2700 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:50:22.0701 2700 DfsC - ok
19:50:22.0799 2700 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
19:50:22.0883 2700 DFSR - ok
19:50:22.0933 2700 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:50:22.0937 2700 Dhcp - ok
19:50:22.0989 2700 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
19:50:22.0989 2700 disk - ok
19:50:23.0041 2700 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:50:23.0044 2700 Dnscache - ok
19:50:23.0085 2700 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
19:50:23.0089 2700 dot3svc - ok
19:50:23.0131 2700 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:50:23.0134 2700 DPS - ok
19:50:23.0182 2700 [ A261867E0862BE565BC1F86D387C0805 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:50:23.0183 2700 drmkaud - ok
19:50:23.0223 2700 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:50:23.0229 2700 DXGKrnl - ok
19:50:23.0280 2700 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:50:23.0284 2700 e1express - ok
19:50:23.0336 2700 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:50:23.0338 2700 E1G60 - ok
19:50:23.0400 2700 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:50:23.0402 2700 EapHost - ok
19:50:23.0439 2700 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:50:23.0442 2700 Ecache - ok
19:50:23.0484 2700 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:50:23.0485 2700 ElbyCDIO - ok
19:50:23.0503 2700 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:50:23.0509 2700 elxstor - ok
19:50:23.0555 2700 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:50:23.0565 2700 EMDMgmt - ok
19:50:23.0645 2700 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:50:23.0646 2700 ErrDev - ok
19:50:23.0730 2700 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
19:50:23.0735 2700 EventSystem - ok
19:50:23.0789 2700 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
19:50:23.0793 2700 exfat - ok
19:50:23.0820 2700 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:50:23.0824 2700 fastfat - ok
19:50:23.0891 2700 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:50:23.0892 2700 fdc - ok
19:50:23.0936 2700 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:50:23.0937 2700 fdPHost - ok
19:50:23.0963 2700 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:50:23.0965 2700 FDResPub - ok
19:50:24.0012 2700 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:50:24.0014 2700 FileInfo - ok
19:50:24.0034 2700 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:50:24.0035 2700 Filetrace - ok
19:50:24.0084 2700 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:50:24.0119 2700 FLEXnet Licensing Service - ok
19:50:24.0174 2700 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:50:24.0175 2700 flpydisk - ok
19:50:24.0183 2700 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:50:24.0186 2700 FltMgr - ok
19:50:24.0261 2700 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:50:24.0263 2700 FontCache3.0.0.0 - ok
19:50:24.0313 2700 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:50:24.0314 2700 Fs_Rec - ok
19:50:24.0323 2700 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:50:24.0325 2700 gagp30kx - ok
19:50:24.0373 2700 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:50:24.0374 2700 GEARAspiWDM - ok
19:50:24.0428 2700 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
19:50:24.0445 2700 gpsvc - ok
19:50:24.0540 2700 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:50:24.0543 2700 gupdate - ok
19:50:24.0557 2700 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:50:24.0558 2700 gupdatem - ok
19:50:24.0618 2700 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:50:24.0620 2700 gusvc - ok
19:50:24.0660 2700 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:50:24.0661 2700 HDAudBus - ok
19:50:24.0718 2700 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:50:24.0719 2700 HidBth - ok
19:50:24.0739 2700 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:50:24.0740 2700 HidIr - ok
19:50:24.0764 2700 [ 53D5A2F9CE6AE47D7507727DF1DA79F8 ] hidserv C:\Windows\System32\hidserv.dll
19:50:24.0766 2700 hidserv - ok
19:50:24.0780 2700 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:50:24.0781 2700 HidUsb - ok
19:50:24.0823 2700 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:50:24.0827 2700 hkmsvc - ok
19:50:24.0849 2700 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:50:24.0851 2700 HpCISSs - ok
19:50:24.0910 2700 [ 33B02459E86D0A2B86A6B9FE19139390 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:50:24.0918 2700 HTTP - ok
19:50:24.0965 2700 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:50:24.0966 2700 i2omp - ok
19:50:25.0033 2700 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:50:25.0035 2700 i8042prt - ok
19:50:25.0098 2700 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:50:25.0105 2700 IAANTMON - ok
19:50:25.0126 2700 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\drivers\iastor.sys
19:50:25.0129 2700 iaStor - ok
19:50:25.0155 2700 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:50:25.0160 2700 iaStorV - ok
19:50:25.0242 2700 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:50:25.0284 2700 idsvc - ok
19:50:25.0549 2700 [ AA1636107C0C05A881BFBCE41142C70F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:50:25.0771 2700 igfx - ok
19:50:25.0821 2700 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:50:25.0823 2700 iirsp - ok
19:50:25.0867 2700 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
19:50:25.0885 2700 IKEEXT - ok
19:50:25.0999 2700 [ 9B89F2E3D705651DEC1F01033B9D6B24 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:50:26.0070 2700 IntcAzAudAddService - ok
19:50:26.0126 2700 [ 81486F0EB4238B65C317F97DE246C4AC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
19:50:26.0128 2700 IntcHdmiAddService - ok
19:50:26.0150 2700 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:50:26.0151 2700 intelide - ok
19:50:26.0168 2700 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:50:26.0170 2700 intelppm - ok
19:50:26.0212 2700 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:50:26.0214 2700 IPBusEnum - ok
19:50:26.0252 2700 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:50:26.0262 2700 IpFilterDriver - ok
19:50:26.0280 2700 [ CAD416B8A4309B5E1CE75425381E7D2F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:50:26.0282 2700 iphlpsvc - ok
19:50:26.0286 2700 IpInIp - ok
19:50:26.0302 2700 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:50:26.0304 2700 IPMIDRV - ok
19:50:26.0340 2700 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:50:26.0342 2700 IPNAT - ok
19:50:26.0426 2700 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:50:26.0450 2700 iPod Service - ok
19:50:26.0465 2700 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:50:26.0466 2700 IRENUM - ok
19:50:26.0480 2700 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:50:26.0482 2700 isapnp - ok
19:50:26.0527 2700 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:50:26.0529 2700 iScsiPrt - ok
19:50:26.0554 2700 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:50:26.0555 2700 iteatapi - ok
19:50:26.0618 2700 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:50:26.0623 2700 iteraid - ok
19:50:26.0644 2700 [ B07084095F8C03AADB9811C9DF14B5E4 ] JRAID C:\Windows\system32\drivers\jraid.sys
19:50:26.0647 2700 JRAID - ok
19:50:26.0672 2700 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:50:26.0691 2700 kbdclass - ok
19:50:26.0715 2700 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:50:26.0716 2700 kbdhid - ok
19:50:26.0758 2700 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
19:50:26.0759 2700 KeyIso - ok
19:50:26.0777 2700 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:50:26.0785 2700 KSecDD - ok
19:50:26.0831 2700 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:50:26.0837 2700 KtmRm - ok
19:50:26.0873 2700 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:50:26.0892 2700 LanmanServer - ok
19:50:26.0964 2700 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:50:26.0981 2700 LanmanWorkstation - ok
19:50:27.0021 2700 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:50:27.0026 2700 lltdio - ok
19:50:27.0060 2700 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:50:27.0064 2700 lltdsvc - ok
19:50:27.0083 2700 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:50:27.0084 2700 lmhosts - ok
19:50:27.0106 2700 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:50:27.0109 2700 LSI_FC - ok
19:50:27.0138 2700 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:50:27.0141 2700 LSI_SAS - ok
19:50:27.0193 2700 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:50:27.0210 2700 LSI_SCSI - ok
19:50:27.0250 2700 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:50:27.0252 2700 luafv - ok
19:50:27.0319 2700 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:50:27.0329 2700 MBAMProtector - ok
19:50:27.0418 2700 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:50:27.0424 2700 MBAMService - ok
19:50:27.0474 2700 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
19:50:27.0476 2700 MBAMSwissArmy - ok
19:50:27.0562 2700 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:50:27.0567 2700 McComponentHostService - ok
19:50:27.0594 2700 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:50:27.0595 2700 megasas - ok
19:50:27.0657 2700 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:50:27.0663 2700 MegaSR - ok
19:50:27.0720 2700 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:50:27.0722 2700 MMCSS - ok
19:50:27.0765 2700 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:50:27.0766 2700 Modem - ok
19:50:27.0786 2700 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:50:27.0786 2700 monitor - ok
19:50:27.0797 2700 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:50:27.0798 2700 mouclass - ok
19:50:27.0816 2700 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:50:27.0817 2700 mouhid - ok
19:50:27.0834 2700 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:50:27.0836 2700 MountMgr - ok
19:50:27.0912 2700 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:50:27.0915 2700 MozillaMaintenance - ok
19:50:27.0932 2700 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:50:27.0935 2700 mpio - ok
19:50:27.0991 2700 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:50:27.0993 2700 mpsdrv - ok
19:50:28.0038 2700 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
19:50:28.0056 2700 MpsSvc - ok
19:50:28.0072 2700 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:50:28.0073 2700 Mraid35x - ok
19:50:28.0118 2700 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:50:28.0121 2700 MRxDAV - ok
19:50:28.0168 2700 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:50:28.0169 2700 mrxsmb - ok
19:50:28.0230 2700 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:50:28.0240 2700 mrxsmb10 - ok
19:50:28.0253 2700 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:50:28.0255 2700 mrxsmb20 - ok
19:50:28.0270 2700 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
19:50:28.0271 2700 msahci - ok
19:50:28.0315 2700 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:50:28.0318 2700 msdsm - ok
19:50:28.0355 2700 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:50:28.0358 2700 MSDTC - ok
19:50:28.0397 2700 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:50:28.0398 2700 Msfs - ok
19:50:28.0410 2700 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:50:28.0411 2700 msisadrv - ok
19:50:28.0456 2700 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:50:28.0460 2700 MSiSCSI - ok
19:50:28.0465 2700 msiserver - ok
19:50:28.0502 2700 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:50:28.0504 2700 MSKSSRV - ok
19:50:28.0532 2700 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:50:28.0533 2700 MSPCLOCK - ok
19:50:28.0578 2700 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:50:28.0580 2700 MSPQM - ok
19:50:28.0605 2700 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:50:28.0609 2700 MsRPC - ok
19:50:28.0619 2700 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:50:28.0620 2700 mssmbios - ok
19:50:28.0638 2700 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:50:28.0639 2700 MSTEE - ok
19:50:28.0658 2700 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
19:50:28.0660 2700 Mup - ok
19:50:28.0707 2700 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
19:50:28.0724 2700 napagent - ok
19:50:28.0758 2700 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:50:28.0761 2700 NativeWifiP - ok
19:50:28.0921 2700 [ F46070DDADA5C396B1F2EBF1C46DBB08 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:50:28.0957 2700 NBService - ok
19:50:29.0028 2700 [ C8560010A542B5DCA94C62468DC20784 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:50:29.0036 2700 NDIS - ok
19:50:29.0054 2700 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:50:29.0056 2700 NdisTapi - ok
19:50:29.0076 2700 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:50:29.0077 2700 Ndisuio - ok
19:50:29.0101 2700 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:50:29.0104 2700 NdisWan - ok
19:50:29.0164 2700 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:50:29.0165 2700 NDProxy - ok
19:50:29.0219 2700 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:50:29.0220 2700 NetBIOS - ok
19:50:29.0236 2700 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:50:29.0242 2700 netbt - ok
19:50:29.0256 2700 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
19:50:29.0258 2700 Netlogon - ok
19:50:29.0300 2700 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:50:29.0304 2700 Netman - ok
19:50:29.0341 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:50:29.0343 2700 NetMsmqActivator - ok
19:50:29.0347 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:50:29.0348 2700 NetPipeActivator - ok
19:50:29.0370 2700 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:50:29.0374 2700 netprofm - ok
19:50:29.0391 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:50:29.0392 2700 NetTcpActivator - ok
19:50:29.0397 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:50:29.0398 2700 NetTcpPortSharing - ok
19:50:29.0423 2700 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:50:29.0425 2700 nfrd960 - ok
19:50:29.0446 2700 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:50:29.0450 2700 NlaSvc - ok
19:50:29.0595 2700 [ 433049770B810D7C83C5C94CDB3E09D2 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:50:29.0607 2700 NMIndexingService - ok
19:50:29.0706 2700 [ 431ADA51E9D032F533548688CE5A2A24 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
19:50:29.0708 2700 nosGetPlusHelper - ok
19:50:29.0774 2700 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
19:50:29.0785 2700 NPF - ok
19:50:29.0829 2700 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:50:29.0830 2700 Npfs - ok
19:50:29.0873 2700 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:50:29.0887 2700 nsi - ok
19:50:29.0923 2700 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:50:29.0924 2700 nsiproxy - ok
19:50:29.0973 2700 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:50:30.0024 2700 Ntfs - ok
19:50:30.0045 2700 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:50:30.0046 2700 ntrigdigi - ok
19:50:30.0061 2700 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:50:30.0062 2700 Null - ok
19:50:30.0111 2700 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:50:30.0113 2700 nvraid - ok
19:50:30.0131 2700 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:50:30.0132 2700 nvstor - ok
19:50:30.0151 2700 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:50:30.0153 2700 nv_agp - ok
19:50:30.0157 2700 NwlnkFlt - ok
19:50:30.0164 2700 NwlnkFwd - ok
19:50:30.0200 2700 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:50:30.0202 2700 ohci1394 - ok
19:50:30.0255 2700 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:50:30.0273 2700 p2pimsvc - ok
19:50:30.0298 2700 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
19:50:30.0305 2700 p2psvc - ok
19:50:30.0315 2700 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:50:30.0317 2700 Parport - ok
19:50:30.0351 2700 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:50:30.0352 2700 partmgr - ok
19:50:30.0367 2700 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:50:30.0368 2700 Parvdm - ok
19:50:30.0389 2700 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:50:30.0392 2700 PcaSvc - ok
19:50:30.0401 2700 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
19:50:30.0405 2700 pci - ok
19:50:30.0417 2700 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:50:30.0418 2700 pciide - ok
19:50:30.0468 2700 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:50:30.0472 2700 pcmcia - ok
19:50:30.0506 2700 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:50:30.0550 2700 PEAUTH - ok
19:50:30.0654 2700 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:50:30.0713 2700 pla - ok
19:50:30.0759 2700 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:50:30.0776 2700 PlugPlay - ok
19:50:30.0805 2700 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:50:30.0813 2700 PNRPAutoReg - ok
19:50:30.0839 2700 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:50:30.0846 2700 PNRPsvc - ok
19:50:30.0880 2700 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:50:30.0886 2700 PolicyAgent - ok
19:50:30.0927 2700 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:50:30.0928 2700 PptpMiniport - ok
19:50:30.0942 2700 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:50:30.0944 2700 Processor - ok
19:50:30.0982 2700 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
19:50:30.0987 2700 ProfSvc - ok
19:50:30.0997 2700 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:50:30.0999 2700 ProtectedStorage - ok
19:50:31.0026 2700 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:50:31.0028 2700 PSched - ok
19:50:31.0085 2700 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:50:31.0086 2700 PxHelp20 - ok
19:50:31.0132 2700 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:50:31.0160 2700 ql2300 - ok
19:50:31.0177 2700 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:50:31.0180 2700 ql40xx - ok
19:50:31.0216 2700 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:50:31.0223 2700 QWAVE - ok
19:50:31.0263 2700 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:50:31.0264 2700 QWAVEdrv - ok
19:50:31.0340 2700 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:50:31.0401 2700 R300 - ok
19:50:31.0414 2700 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:50:31.0415 2700 RasAcd - ok
19:50:31.0462 2700 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:50:31.0466 2700 RasAuto - ok
19:50:31.0517 2700 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:50:31.0519 2700 Rasl2tp - ok
19:50:31.0574 2700 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll
19:50:31.0580 2700 RasMan - ok
19:50:31.0589 2700 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:50:31.0590 2700 RasPppoe - ok
19:50:31.0601 2700 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:50:31.0603 2700 RasSstp - ok
19:50:31.0648 2700 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:50:31.0653 2700 rdbss - ok
19:50:31.0679 2700 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:50:31.0680 2700 RDPCDD - ok
19:50:31.0722 2700 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:50:31.0727 2700 rdpdr - ok
19:50:31.0753 2700 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:50:31.0754 2700 RDPENCDD - ok
19:50:31.0778 2700 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:50:31.0783 2700 RDPWD - ok
19:50:31.0840 2700 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:50:31.0843 2700 RemoteAccess - ok
19:50:31.0883 2700 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:50:31.0887 2700 RemoteRegistry - ok
19:50:32.0025 2700 [ FF578453D3B3ADAAB22D7151D7F9E592 ] RoxMediaDB12 C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
19:50:32.0060 2700 RoxMediaDB12 - ok
19:50:32.0107 2700 [ 71B38B8DF1A9B55FC0FB64958CC7B9DD ] RoxWatch12 C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
19:50:32.0112 2700 RoxWatch12 - ok
19:50:32.0157 2700 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
19:50:32.0159 2700 rpcapd - ok
19:50:32.0189 2700 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:50:32.0191 2700 RpcLocator - ok
19:50:32.0220 2700 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
19:50:32.0227 2700 RpcSs - ok
19:50:32.0274 2700 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:50:32.0276 2700 rspndr - ok
19:50:32.0337 2700 [ 2FC33077F85D7DC0D03678C06D43898C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
19:50:32.0339 2700 RTL8169 - ok
19:50:32.0348 2700 [ 7F8D15EE000577BE703537849D4F9397 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
19:50:32.0349 2700 RtNdPt60 - ok
19:50:32.0395 2700 [ 0B2D5D2341437D7D7E1A6C7BBCE3786A ] SahdIa32 C:\Windows\system32\Drivers\SahdIa32.sys
19:50:32.0396 2700 SahdIa32 - ok
19:50:32.0418 2700 [ 7A5F65B16249AF2BC9D18D815F5D7172 ] SaibIa32 C:\Windows\system32\Drivers\SaibIa32.sys
19:50:32.0419 2700 SaibIa32 - ok
19:50:32.0466 2700 [ E333C9515822DE586A3FF759A0C9B7BF ] SaibVd32 C:\Windows\system32\Drivers\SaibVd32.sys
19:50:32.0467 2700 SaibVd32 - ok
19:50:32.0480 2700 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
19:50:32.0481 2700 SamSs - ok
19:50:32.0508 2700 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:50:32.0511 2700 sbp2port - ok
19:50:32.0639 2700 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:50:32.0648 2700 SBSDWSCService - ok
19:50:32.0699 2700 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:50:32.0703 2700 SCardSvr - ok
19:50:32.0767 2700 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
19:50:32.0787 2700 Schedule - ok
19:50:32.0796 2700 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
19:50:32.0797 2700 SCPolicySvc - ok
19:50:32.0829 2700 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:50:32.0833 2700 SDRSVC - ok
19:50:32.0902 2700 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:50:32.0903 2700 secdrv - ok
19:50:32.0941 2700 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:50:32.0944 2700 seclogon - ok
19:50:32.0956 2700 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
19:50:32.0960 2700 SENS - ok
19:50:32.0997 2700 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:50:32.0998 2700 Serenum - ok
19:50:33.0023 2700 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:50:33.0026 2700 Serial - ok
19:50:33.0041 2700 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:50:33.0043 2700 sermouse - ok
19:50:33.0092 2700 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:50:33.0096 2700 SessionEnv - ok
19:50:33.0116 2700 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:50:33.0117 2700 sffdisk - ok
19:50:33.0131 2700 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:50:33.0132 2700 sffp_mmc - ok
19:50:33.0146 2700 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:50:33.0147 2700 sffp_sd - ok
19:50:33.0195 2700 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:50:33.0196 2700 sfloppy - ok
19:50:33.0245 2700 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:50:33.0250 2700 SharedAccess - ok
19:50:33.0294 2700 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:50:33.0300 2700 ShellHWDetection - ok
19:50:33.0319 2700 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:50:33.0321 2700 sisagp - ok
19:50:33.0342 2700 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:50:33.0344 2700 SiSRaid2 - ok
19:50:33.0368 2700 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:50:33.0370 2700 SiSRaid4 - ok
19:50:33.0489 2700 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
19:50:33.0563 2700 slsvc - ok
19:50:33.0572 2700 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:50:33.0576 2700 SLUINotify - ok
19:50:33.0627 2700 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:50:33.0629 2700 Smb - ok
19:50:33.0641 2700 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:50:33.0644 2700 SNMPTRAP - ok
19:50:33.0689 2700 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:50:33.0690 2700 spldr - ok
19:50:33.0730 2700 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
19:50:33.0735 2700 Spooler - ok
19:50:33.0786 2700 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:50:33.0790 2700 srv - ok
19:50:33.0834 2700 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:50:33.0837 2700 srv2 - ok
19:50:33.0851 2700 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:50:33.0854 2700 srvnet - ok
19:50:33.0893 2700 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:50:33.0899 2700 SSDPSRV - ok
19:50:33.0943 2700 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
19:50:33.0944 2700 SSPORT - ok
19:50:34.0007 2700 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:50:34.0011 2700 SstpSvc - ok
19:50:34.0044 2700 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:50:34.0045 2700 StillCam - ok
19:50:34.0092 2700 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
19:50:34.0101 2700 stisvc - ok
19:50:34.0146 2700 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:50:34.0147 2700 stllssvr - ok
19:50:34.0193 2700 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:50:34.0194 2700 swenum - ok
19:50:34.0240 2700 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
19:50:34.0248 2700 swprv - ok
19:50:34.0265 2700 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:50:34.0267 2700 Symc8xx - ok
19:50:34.0282 2700 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:50:34.0283 2700 Sym_hi - ok
19:50:34.0301 2700 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:50:34.0302 2700 Sym_u3 - ok
19:50:34.0331 2700 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
19:50:34.0348 2700 SysMain - ok
19:50:34.0399 2700 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:50:34.0402 2700 TabletInputService - ok
19:50:34.0420 2700 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:50:34.0427 2700 TapiSrv - ok
19:50:34.0440 2700 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:50:34.0444 2700 TBS - ok
19:50:34.0514 2700 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:50:34.0548 2700 Tcpip - ok
19:50:34.0581 2700 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:50:34.0588 2700 Tcpip6 - ok
19:50:34.0633 2700 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:50:34.0634 2700 tcpipreg - ok
19:50:34.0643 2700 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:50:34.0644 2700 TDPIPE - ok
19:50:34.0657 2700 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:50:34.0658 2700 TDTCP - ok
19:50:34.0710 2700 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:50:34.0712 2700 tdx - ok
19:50:34.0722 2700 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:50:34.0724 2700 TermDD - ok
19:50:34.0767 2700 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
19:50:34.0776 2700 TermService - ok
19:50:34.0793 2700 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
19:50:34.0797 2700 Themes - ok
19:50:34.0808 2700 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:50:34.0810 2700 THREADORDER - ok
19:50:34.0819 2700 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:50:34.0823 2700 TrkWks - ok
19:50:34.0872 2700 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:50:34.0873 2700 TrustedInstaller - ok
19:50:34.0915 2700 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:50:34.0917 2700 tssecsrv - ok
19:50:34.0975 2700 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:50:34.0977 2700 tunmp - ok
19:50:35.0000 2700 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:50:35.0001 2700 tunnel - ok
19:50:35.0018 2700 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:50:35.0020 2700 uagp35 - ok
19:50:35.0035 2700 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:50:35.0040 2700 udfs - ok
19:50:35.0082 2700 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:50:35.0085 2700 UI0Detect - ok
19:50:35.0097 2700 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:50:35.0098 2700 uliagpkx - ok
19:50:35.0153 2700 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:50:35.0158 2700 uliahci - ok
19:50:35.0169 2700 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:50:35.0172 2700 UlSata - ok
19:50:35.0185 2700 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:50:35.0188 2700 ulsata2 - ok
19:50:35.0202 2700 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:50:35.0204 2700 umbus - ok
19:50:35.0216 2700 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:50:35.0223 2700 upnphost - ok
19:50:35.0276 2700 [ 30A1A6C260DFC0A045D8151894D05B87 ] US800_01 C:\Windows\system32\DRIVERS\US800Wdm.sys
19:50:35.0277 2700 US800_01 - ok
19:50:35.0327 2700 [ EE32D3B513635C1E4FEC40C4D04DE269 ] US800_AA C:\Windows\system32\DRIVERS\US800Drv.sys
19:50:35.0330 2700 US800_AA - ok
19:50:35.0383 2700 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:50:35.0384 2700 USBAAPL - ok
19:50:35.0433 2700 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:50:35.0435 2700 usbaudio - ok
19:50:35.0477 2700 [ 4073A94046D5F1025766EEFD6ABDC8DB ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:50:35.0479 2700 usbccgp - ok
19:50:35.0538 2700 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:50:35.0540 2700 usbcir - ok
19:50:35.0592 2700 [ 8625E96957CB855413628ABB306C7B89 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:50:35.0594 2700 usbehci - ok
19:50:35.0610 2700 [ BC1912EBB127B4E0905C7574349C6DCE ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:50:35.0614 2700 usbhub - ok
19:50:35.0625 2700 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:50:35.0627 2700 usbohci - ok
19:50:35.0632 2700 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:50:35.0633 2700 usbprint - ok
19:50:35.0643 2700 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:50:35.0645 2700 USBSTOR - ok
19:50:35.0658 2700 [ 4BA9542F67C63979761F1E0B8AB7141F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:50:35.0659 2700 usbuhci - ok
19:50:35.0701 2700 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
19:50:35.0705 2700 UxSms - ok
19:50:35.0727 2700 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
19:50:35.0745 2700 vds - ok
19:50:35.0760 2700 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:50:35.0762 2700 vga - ok
19:50:35.0804 2700 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:50:35.0806 2700 VgaSave - ok
19:50:35.0821 2700 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:50:35.0823 2700 viaagp - ok
19:50:35.0872 2700 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:50:35.0874 2700 ViaC7 - ok
19:50:35.0884 2700 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:50:35.0886 2700 viaide - ok
19:50:35.0902 2700 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:50:35.0904 2700 volmgr - ok
19:50:35.0924 2700 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:50:35.0930 2700 volmgrx - ok
19:50:35.0943 2700 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:50:35.0947 2700 volsnap - ok
19:50:35.0959 2700 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:50:35.0962 2700 vsmraid - ok
19:50:36.0031 2700 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
19:50:36.0059 2700 VSS - ok
19:50:36.0073 2700 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
19:50:36.0081 2700 W32Time - ok
19:50:36.0095 2700 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:50:36.0097 2700 WacomPen - ok
19:50:36.0147 2700 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:50:36.0149 2700 Wanarp - ok
19:50:36.0153 2700 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:50:36.0154 2700 Wanarpv6 - ok
19:50:36.0183 2700 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:50:36.0213 2700 wcncsvc - ok
19:50:36.0267 2700 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:50:36.0270 2700 WcsPlugInService - ok
19:50:36.0283 2700 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:50:36.0285 2700 Wd - ok
19:50:36.0333 2700 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:50:36.0350 2700 Wdf01000 - ok
19:50:36.0360 2700 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:50:36.0363 2700 WdiServiceHost - ok
19:50:36.0376 2700 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:50:36.0379 2700 WdiSystemHost - ok
19:50:36.0398 2700 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
19:50:36.0404 2700 WebClient - ok
19:50:36.0449 2700 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:50:36.0454 2700 Wecsvc - ok
19:50:36.0510 2700 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:50:36.0513 2700 wercplsupport - ok
19:50:36.0563 2700 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
19:50:36.0568 2700 WerSvc - ok
19:50:36.0635 2700 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:50:36.0639 2700 WinDefend - ok
19:50:36.0647 2700 WinHttpAutoProxySvc - ok
19:50:36.0718 2700 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:50:36.0722 2700 Winmgmt - ok
19:50:36.0796 2700 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:50:36.0828 2700 WinRM - ok
19:50:36.0898 2700 [ F03110711B17AD31271CB2BAF0DBB2B1 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
19:50:36.0899 2700 WinUSB - ok
19:50:36.0951 2700 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:50:36.0976 2700 Wlansvc - ok
19:50:36.0985 2700 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:50:36.0986 2700 WmiAcpi - ok
19:50:37.0031 2700 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:50:37.0034 2700 wmiApSrv - ok
19:50:37.0102 2700 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:50:37.0124 2700 WMPNetworkSvc - ok
19:50:37.0162 2700 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:50:37.0167 2700 WPCSvc - ok
19:50:37.0183 2700 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:50:37.0187 2700 WPDBusEnum - ok
19:50:37.0219 2700 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:50:37.0221 2700 WpdUsb - ok
19:50:37.0320 2700 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:50:37.0340 2700 WPFFontCache_v0400 - ok
19:50:37.0375 2700 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:50:37.0376 2700 ws2ifsl - ok
19:50:37.0386 2700 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
19:50:37.0390 2700 wscsvc - ok
19:50:37.0442 2700 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:50:37.0443 2700 WSDPrintDevice - ok
19:50:37.0448 2700 WSearch - ok
19:50:37.0549 2700 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
19:50:37.0601 2700 wuauserv - ok
19:50:37.0644 2700 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:50:37.0647 2700 WUDFRd - ok
19:50:37.0696 2700 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:50:37.0700 2700 wudfsvc - ok
19:50:37.0744 2700 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:50:37.0770 2700 YahooAUService - ok
19:50:37.0796 2700 ================ Scan global ===============================
19:50:37.0837 2700 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:50:37.0883 2700 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:50:37.0899 2700 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:50:37.0951 2700 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
19:50:37.0958 2700 [Global] - ok
19:50:37.0958 2700 ================ Scan MBR ==================================
19:50:37.0991 2700 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
19:50:38.0371 2700 \Device\Harddisk0\DR0 - ok
19:50:38.0375 2700 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR1
19:50:38.0381 2700 \Device\Harddisk1\DR1 - ok
19:50:38.0386 2700 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
19:50:38.0391 2700 \Device\Harddisk2\DR2 - ok
19:50:38.0392 2700 ================ Scan VBR ==================================
19:50:38.0405 2700 [ 7329D7C7D89EBAD941EF1F665F1F3DE2 ] \Device\Harddisk0\DR0\Partition1
19:50:38.0406 2700 \Device\Harddisk0\DR0\Partition1 - ok
19:50:38.0423 2700 [ DA9A4CDFF19D388EDDAE3D7C4B742726 ] \Device\Harddisk0\DR0\Partition2
19:50:38.0424 2700 \Device\Harddisk0\DR0\Partition2 - ok
19:50:38.0428 2700 [ CDC1E255CBBB79212CD838E1817924CB ] \Device\Harddisk1\DR1\Partition1
19:50:38.0429 2700 \Device\Harddisk1\DR1\Partition1 - ok
19:50:38.0432 2700 [ 5D6D2253547B0D59882731B608ADE738 ] \Device\Harddisk2\DR2\Partition1
19:50:38.0433 2700 \Device\Harddisk2\DR2\Partition1 - ok
19:50:38.0434 2700 ============================================================
19:50:38.0434 2700 Scan finished
19:50:38.0434 2700 ============================================================
19:50:38.0441 3192 Detected object count: 0
19:50:38.0441 3192 Actual detected object count: 0






aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-18 19:51:50
-----------------------------
19:51:50.625 OS Version: Windows 6.0.6001 Service Pack 1
19:51:50.625 Number of processors: 2 586 0x170A
19:51:50.625 ComputerName: TRAVIS-PC UserName: Travis
19:52:04.102 Initialize success
19:52:55.977 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:52:55.982 Disk 0 Vendor: ST325031 4.AD Size: 238418MB BusType: 3
19:52:55.996 Disk 0 MBR read successfully
19:52:55.999 Disk 0 MBR scan
19:52:56.002 Disk 0 Windows VISTA default MBR code
19:52:56.005 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:52:56.018 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:52:56.036 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223377 MB offset 30801920
19:52:56.055 Disk 0 scanning sectors +488279202
19:52:56.129 Disk 0 scanning C:\Windows\system32\drivers
19:53:02.421 Service scanning
19:53:20.569 Modules scanning
19:53:26.754 Disk 0 trace - called modules:
19:53:26.772 ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys iastor.sys hal.dll
19:53:26.778 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86075560]
19:53:26.784 3 CLASSPNP.SYS[881b0745] -> nt!IofCallDriver -> [0x86075ba0]
19:53:26.790 5 SahdIa32.sys[8815c939] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84db9028]
19:53:26.796 Scan finished successfully
19:53:33.343 Disk 0 MBR has been saved successfully to "C:\Users\Travis\Desktop\MBR.dat"
19:53:33.348 The log file has been saved successfully to "C:\Users\Travis\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 18 November 2012 - 11:22 PM

how are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 vladius13

vladius13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 19 November 2012 - 12:51 PM

couple of weird things still

should internety explorer take up so much memory

i show 4 windows under processes

1st= 8,000k
2nd 548,276k
3rd 72,680
4th 45,012


also i notice i get alot of pages showing up as random code, have to refresh once or twice to see actiual page. This just started happening since we started doing these fixes.

Thanks

#12 vladius13

vladius13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 19 November 2012 - 12:56 PM

couple of weird things still

should internety explorer take up so much memory

i show 4 windows under processes

1st= 8,000k
2nd 548,276k
3rd 72,680
4th 45,012


also i notice i get alot of pages showing up as random code, have to refresh once or twice to see actiual page. This just started happening since we started doing these fixes.

Thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 19 November 2012 - 03:32 PM

Hello


I would like you to go here - http://www.malwarebytes.org/products/mbar/ and run this tool for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 vladius13

vladius13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 20 November 2012 - 06:27 PM

ran that and says no malware detected

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 20 November 2012 - 08:40 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users