Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ridding my PC of Generic30.heh


  • Please log in to reply
24 replies to this topic

#1 tobytucker

tobytucker

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 02 December 2012 - 06:32 AM

I'm trying to delete virus Generic30.HEH and have studied the manual option to delete. However, when I search for the 'random.exe' on my processes in task manager its nowhere to be found. Can anyone offer any advice, steps to remove it manually or free software that light remove it?

I was recommended to come to these forums from the web and would be really grateful for any help.

Many thanks :thumbup2:


*Moderator Edit: Moved topic from Vista to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 02 December 2012 - 09:19 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:41 PM

Posted 02 December 2012 - 11:22 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 02 December 2012 - 02:16 PM

Many thanks Narenxp ... I'm a novice so it may take me a day or two when I find time but I will follow your instructions and be back in touch ;-) cheers

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:41 PM

Posted 02 December 2012 - 03:36 PM

:thumbup2:

#5 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 03 December 2012 - 04:51 AM

Hi again Narenxp,

Have run the reports. Can't find an attachment option ... do you want me to copy the contents of the whole reports and paste them in a reply? I ask because its a big file! ;-)

Cheers again,

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:41 PM

Posted 03 December 2012 - 11:35 AM

Yes :)

#7 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 04 December 2012 - 04:25 AM

This is the log from TDS Killer. It states it processed 407 objects and was unable to locate any threats;

19:26:41.0509 4848 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:26:41.0963 4848 ============================================================
19:26:41.0964 4848 Current date / time: 2012/12/02 19:26:41.0963
19:26:41.0964 4848 SystemInfo:
19:26:41.0964 4848
19:26:41.0964 4848 OS Version: 6.0.6002 ServicePack: 2.0
19:26:41.0964 4848 Product type: Workstation
19:26:41.0964 4848 ComputerName: ALAN-PC
19:26:41.0965 4848 UserName: Alan
19:26:41.0965 4848 Windows directory: C:\Windows
19:26:41.0965 4848 System windows directory: C:\Windows
19:26:41.0965 4848 Processor architecture: Intel x86
19:26:41.0965 4848 Number of processors: 2
19:26:41.0965 4848 Page size: 0x1000
19:26:41.0965 4848 Boot type: Normal boot
19:26:41.0965 4848 ============================================================
19:26:43.0469 4848 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:26:43.0469 4848 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D92650, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'
19:26:43.0489 4848 ============================================================
19:26:43.0489 4848 \Device\Harddisk0\DR0:
19:26:43.0489 4848 MBR partitions:
19:26:43.0489 4848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x94BD000
19:26:43.0489 4848 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x97AB800, BlocksNum 0x926DEB0
19:26:43.0489 4848 \Device\Harddisk1\DR1:
19:26:43.0499 4848 MBR partitions:
19:26:43.0499 4848 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
19:26:43.0499 4848 ============================================================
19:26:43.0529 4848 C: <-> \Device\Harddisk0\DR0\Partition1
19:26:43.0569 4848 E: <-> \Device\Harddisk0\DR0\Partition2
19:26:43.0659 4848 D: <-> \Device\Harddisk1\DR1\Partition1
19:26:43.0659 4848 ============================================================
19:26:43.0659 4848 Initialize success
19:26:43.0659 4848 ============================================================
19:27:16.0160 6840 ============================================================
19:27:16.0160 6840 Scan started
19:27:16.0160 6840 Mode: Manual; TDLFS;
19:27:16.0160 6840 ============================================================
19:27:16.0924 6840 ================ Scan system memory ========================
19:27:16.0924 6840 System memory - ok
19:27:16.0940 6840 ================ Scan services =============================
19:27:17.0155 6840 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:27:17.0185 6840 ACPI - ok
19:27:17.0295 6840 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:27:17.0315 6840 AdobeARMservice - ok
19:27:17.0425 6840 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:27:17.0425 6840 AdobeFlashPlayerUpdateSvc - ok
19:27:17.0495 6840 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:27:17.0535 6840 adp94xx - ok
19:27:17.0555 6840 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:27:17.0585 6840 adpahci - ok
19:27:17.0615 6840 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:27:17.0625 6840 adpu160m - ok
19:27:17.0655 6840 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:27:17.0665 6840 adpu320 - ok
19:27:17.0715 6840 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:27:17.0715 6840 AeLookupSvc - ok
19:27:17.0765 6840 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:27:17.0785 6840 AFD - ok
19:27:17.0845 6840 [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
19:27:17.0915 6840 AgereSoftModem - ok
19:27:17.0955 6840 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:27:17.0965 6840 agp440 - ok
19:27:17.0995 6840 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:27:18.0005 6840 aic78xx - ok
19:27:18.0035 6840 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:27:18.0045 6840 ALG - ok
19:27:18.0065 6840 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:27:18.0075 6840 aliide - ok
19:27:18.0115 6840 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:27:18.0135 6840 amdagp - ok
19:27:18.0165 6840 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:27:18.0175 6840 amdide - ok
19:27:18.0225 6840 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:27:18.0245 6840 AmdK7 - ok
19:27:18.0275 6840 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:27:18.0295 6840 AmdK8 - ok
19:27:18.0355 6840 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:27:18.0355 6840 Appinfo - ok
19:27:18.0415 6840 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:27:18.0435 6840 Apple Mobile Device - ok
19:27:18.0465 6840 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:27:18.0475 6840 arc - ok
19:27:18.0525 6840 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:27:18.0535 6840 arcsas - ok
19:27:18.0585 6840 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:27:18.0595 6840 AsyncMac - ok
19:27:18.0645 6840 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:27:18.0655 6840 atapi - ok
19:27:18.0705 6840 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:27:18.0715 6840 AudioEndpointBuilder - ok
19:27:18.0732 6840 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:27:18.0735 6840 Audiosrv - ok
19:27:18.0811 6840 [ B9AE3C63A53396CD669EF8AE9C9CBD85 ] avg8emc C:\PROGRA~1\AVG\AVG8\avgemc.exe
19:27:18.0840 6840 avg8emc - ok
19:27:18.0893 6840 [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
19:27:19.0118 6840 avg8wd - ok
19:27:19.0220 6840 [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86 C:\Windows\System32\Drivers\avgldx86.sys
19:27:19.0252 6840 AvgLdx86 - ok
19:27:19.0260 6840 [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86 C:\Windows\System32\Drivers\avgmfx86.sys
19:27:19.0273 6840 AvgMfx86 - ok
19:27:19.0308 6840 [ 92D8E1E8502E649B60E70074EB29C380 ] AvgTdiX C:\Windows\System32\Drivers\avgtdix.sys
19:27:19.0324 6840 AvgTdiX - ok
19:27:19.0398 6840 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
19:27:19.0411 6840 avgtp - ok
19:27:19.0462 6840 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:27:19.0471 6840 Beep - ok
19:27:19.0512 6840 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:27:19.0534 6840 BFE - ok
19:27:19.0615 6840 BITCOMET_HELPER_SERVICE - ok
19:27:19.0667 6840 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
19:27:19.0696 6840 BITS - ok
19:27:19.0733 6840 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:27:19.0749 6840 blbdrive - ok
19:27:19.0807 6840 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:27:19.0888 6840 Bonjour Service - ok
19:27:19.0924 6840 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:27:19.0941 6840 bowser - ok
19:27:19.0970 6840 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:27:19.0982 6840 BrFiltLo - ok
19:27:20.0022 6840 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:27:20.0034 6840 BrFiltUp - ok
19:27:20.0069 6840 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:27:20.0072 6840 Browser - ok
19:27:20.0101 6840 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:27:20.0116 6840 Brserid - ok
19:27:20.0155 6840 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:27:20.0169 6840 BrSerWdm - ok
19:27:20.0200 6840 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:27:20.0213 6840 BrUsbMdm - ok
19:27:20.0223 6840 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:27:20.0235 6840 BrUsbSer - ok
19:27:20.0277 6840 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:27:20.0293 6840 BTHMODEM - ok
19:27:20.0293 6840 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:27:20.0309 6840 cdfs - ok
19:27:20.0355 6840 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:27:20.0355 6840 cdrom - ok
19:27:20.0387 6840 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:27:20.0397 6840 CertPropSvc - ok
19:27:20.0437 6840 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:27:20.0447 6840 circlass - ok
19:27:20.0477 6840 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:27:20.0507 6840 CLFS - ok
19:27:20.0587 6840 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:20.0607 6840 clr_optimization_v2.0.50727_32 - ok
19:27:20.0707 6840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:20.0757 6840 clr_optimization_v4.0.30319_32 - ok
19:27:20.0777 6840 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:27:20.0797 6840 CmBatt - ok
19:27:20.0837 6840 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:27:20.0847 6840 cmdide - ok
19:27:20.0857 6840 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:27:20.0877 6840 Compbatt - ok
19:27:20.0877 6840 COMSysApp - ok
19:27:20.0927 6840 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
19:27:20.0947 6840 ConfigFree Service - ok
19:27:20.0957 6840 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:27:20.0967 6840 crcdisk - ok
19:27:20.0997 6840 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:27:21.0007 6840 Crusoe - ok
19:27:21.0077 6840 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:27:21.0097 6840 CryptSvc - ok
19:27:21.0157 6840 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:27:21.0167 6840 DcomLaunch - ok
19:27:21.0187 6840 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:27:21.0197 6840 DfsC - ok
19:27:21.0337 6840 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:27:21.0467 6840 DFSR - ok
19:27:21.0537 6840 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:27:21.0537 6840 Dhcp - ok
19:27:21.0577 6840 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:27:21.0597 6840 disk - ok
19:27:21.0647 6840 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:27:21.0677 6840 Dnscache - ok
19:27:21.0707 6840 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:27:21.0747 6840 dot3svc - ok
19:27:21.0797 6840 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:27:21.0807 6840 DPS - ok
19:27:21.0847 6840 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:27:21.0847 6840 drmkaud - ok
19:27:21.0907 6840 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:27:21.0937 6840 DXGKrnl - ok
19:27:21.0967 6840 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:27:21.0987 6840 E1G60 - ok
19:27:22.0037 6840 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:27:22.0037 6840 EapHost - ok
19:27:22.0097 6840 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:27:22.0117 6840 Ecache - ok
19:27:22.0187 6840 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:27:22.0207 6840 ehRecvr - ok
19:27:22.0217 6840 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:27:22.0227 6840 ehSched - ok
19:27:22.0237 6840 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:27:22.0247 6840 ehstart - ok
19:27:22.0287 6840 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:27:22.0317 6840 elxstor - ok
19:27:22.0369 6840 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:27:22.0415 6840 EMDMgmt - ok
19:27:22.0435 6840 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:27:22.0455 6840 ErrDev - ok
19:27:22.0500 6840 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:27:22.0505 6840 EventSystem - ok
19:27:22.0542 6840 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:27:22.0564 6840 exfat - ok
19:27:22.0599 6840 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:27:22.0620 6840 fastfat - ok
19:27:22.0648 6840 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:27:22.0659 6840 fdc - ok
19:27:22.0692 6840 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:27:22.0695 6840 fdPHost - ok
19:27:22.0713 6840 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:27:22.0717 6840 FDResPub - ok
19:27:22.0735 6840 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:27:22.0739 6840 FileInfo - ok
19:27:22.0753 6840 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:27:22.0766 6840 Filetrace - ok
19:27:22.0786 6840 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:27:22.0796 6840 flpydisk - ok
19:27:22.0826 6840 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:27:22.0873 6840 FltMgr - ok
19:27:22.0956 6840 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:27:22.0982 6840 FontCache - ok
19:27:23.0047 6840 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:27:23.0060 6840 FontCache3.0.0.0 - ok
19:27:23.0101 6840 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:27:23.0112 6840 Fs_Rec - ok
19:27:23.0151 6840 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
19:27:23.0163 6840 FwLnk - ok
19:27:23.0192 6840 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:27:23.0210 6840 gagp30kx - ok
19:27:23.0230 6840 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:27:23.0248 6840 GEARAspiWDM - ok
19:27:23.0325 6840 [ B39662E4C237AA25A2CD2379FF508099 ] GoogleDesktopManager-022208-143751 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:27:23.0343 6840 GoogleDesktopManager-022208-143751 - ok
19:27:23.0391 6840 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:27:23.0425 6840 gpsvc - ok
19:27:23.0465 6840 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:27:23.0494 6840 gusvc - ok
19:27:23.0528 6840 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:27:23.0550 6840 HdAudAddService - ok
19:27:23.0600 6840 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:27:23.0632 6840 HDAudBus - ok
19:27:23.0656 6840 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:27:23.0668 6840 HidBth - ok
19:27:23.0701 6840 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:27:23.0712 6840 HidIr - ok
19:27:23.0746 6840 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
19:27:23.0761 6840 hidserv - ok
19:27:23.0796 6840 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:27:23.0806 6840 HidUsb - ok
19:27:23.0841 6840 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:27:23.0849 6840 hkmsvc - ok
19:27:23.0881 6840 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:27:23.0892 6840 HpCISSs - ok
19:27:23.0951 6840 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:27:23.0970 6840 HSFHWAZL - ok
19:27:24.0034 6840 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:27:24.0125 6840 HSF_DPV - ok
19:27:24.0171 6840 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:27:24.0187 6840 HSXHWAZL - ok
19:27:24.0234 6840 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:27:24.0265 6840 HTTP - ok
19:27:24.0296 6840 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:27:24.0312 6840 i2omp - ok
19:27:24.0343 6840 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:27:24.0359 6840 i8042prt - ok
19:27:24.0390 6840 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:27:24.0400 6840 iaStor - ok
19:27:24.0430 6840 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:27:24.0460 6840 iaStorV - ok
19:27:24.0530 6840 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:27:24.0600 6840 idsvc - ok
19:27:24.0690 6840 [ 6FB1858D1F0923D122B0331865695041 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:27:24.0800 6840 igfx - ok
19:27:24.0830 6840 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:27:24.0840 6840 iirsp - ok
19:27:24.0890 6840 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:27:24.0920 6840 IKEEXT - ok
19:27:25.0000 6840 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:27:25.0130 6840 IntcAzAudAddService - ok
19:27:25.0150 6840 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:27:25.0150 6840 intelide - ok
19:27:25.0190 6840 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:27:25.0200 6840 intelppm - ok
19:27:25.0230 6840 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:27:25.0240 6840 IPBusEnum - ok
19:27:25.0270 6840 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:27:25.0290 6840 IpFilterDriver - ok
19:27:25.0311 6840 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:27:25.0334 6840 iphlpsvc - ok
19:27:25.0344 6840 IpInIp - ok
19:27:25.0364 6840 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:27:25.0379 6840 IPMIDRV - ok
19:27:25.0398 6840 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:27:25.0414 6840 IPNAT - ok
19:27:25.0507 6840 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:27:25.0563 6840 iPod Service - ok
19:27:25.0584 6840 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:27:25.0597 6840 IRENUM - ok
19:27:25.0624 6840 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:27:25.0639 6840 isapnp - ok
19:27:25.0693 6840 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:27:25.0710 6840 iScsiPrt - ok
19:27:25.0734 6840 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:27:25.0748 6840 iteatapi - ok
19:27:25.0766 6840 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:27:25.0780 6840 iteraid - ok
19:27:25.0800 6840 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:27:25.0815 6840 kbdclass - ok
19:27:25.0833 6840 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:27:25.0847 6840 kbdhid - ok
19:27:25.0881 6840 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:27:25.0900 6840 KeyIso - ok
19:27:26.0027 6840 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:27:26.0107 6840 KSecDD - ok
19:27:26.0149 6840 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:27:26.0175 6840 KtmRm - ok
19:27:26.0210 6840 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
19:27:26.0234 6840 LanmanServer - ok
19:27:26.0298 6840 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:27:26.0323 6840 LanmanWorkstation - ok
19:27:26.0351 6840 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:27:26.0356 6840 lltdio - ok
19:27:26.0387 6840 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:27:26.0421 6840 lltdsvc - ok
19:27:26.0456 6840 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:27:26.0461 6840 lmhosts - ok
19:27:26.0506 6840 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:27:26.0523 6840 LSI_FC - ok
19:27:26.0547 6840 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:27:26.0565 6840 LSI_SAS - ok
19:27:26.0583 6840 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:27:26.0589 6840 LSI_SCSI - ok
19:27:26.0617 6840 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:27:26.0623 6840 luafv - ok
19:27:26.0714 6840 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
19:27:26.0755 6840 McComponentHostService - ok
19:27:26.0779 6840 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:27:26.0812 6840 Mcx2Svc - ok
19:27:26.0832 6840 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:27:26.0853 6840 mdmxsdk - ok
19:27:26.0896 6840 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:27:26.0907 6840 megasas - ok
19:27:26.0935 6840 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:27:27.0021 6840 MegaSR - ok
19:27:27.0047 6840 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:27:27.0052 6840 MMCSS - ok
19:27:27.0071 6840 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:27:27.0082 6840 Modem - ok
19:27:27.0098 6840 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:27:27.0110 6840 monitor - ok
19:27:27.0119 6840 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:27:27.0132 6840 mouclass - ok
19:27:27.0158 6840 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:27:27.0167 6840 mouhid - ok
19:27:27.0232 6840 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:27:27.0236 6840 MountMgr - ok
19:27:27.0314 6840 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:27:27.0338 6840 MozillaMaintenance - ok
19:27:27.0371 6840 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:27:27.0387 6840 mpio - ok
19:27:27.0415 6840 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:27:27.0419 6840 mpsdrv - ok
19:27:27.0461 6840 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:27:27.0488 6840 MpsSvc - ok
19:27:27.0517 6840 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:27:27.0530 6840 Mraid35x - ok
19:27:27.0550 6840 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:27:27.0570 6840 MRxDAV - ok
19:27:27.0602 6840 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:27:27.0626 6840 mrxsmb - ok
19:27:27.0655 6840 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:27:27.0676 6840 mrxsmb10 - ok
19:27:27.0704 6840 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:27:27.0718 6840 mrxsmb20 - ok
19:27:27.0762 6840 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
19:27:27.0794 6840 msahci - ok
19:27:27.0810 6840 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:27:27.0825 6840 msdsm - ok
19:27:27.0856 6840 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:27:27.0872 6840 MSDTC - ok
19:27:27.0919 6840 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:27:27.0919 6840 Msfs - ok
19:27:27.0966 6840 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:27:27.0966 6840 msisadrv - ok
19:27:27.0997 6840 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:27:28.0028 6840 MSiSCSI - ok
19:27:28.0028 6840 msiserver - ok
19:27:28.0075 6840 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:27:28.0090 6840 MSKSSRV - ok
19:27:28.0090 6840 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:27:28.0106 6840 MSPCLOCK - ok
19:27:28.0122 6840 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:27:28.0137 6840 MSPQM - ok
19:27:28.0168 6840 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:27:28.0200 6840 MsRPC - ok
19:27:28.0231 6840 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:27:28.0246 6840 mssmbios - ok
19:27:28.0262 6840 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:27:28.0278 6840 MSTEE - ok
19:27:28.0309 6840 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:27:28.0324 6840 Mup - ok
19:27:28.0371 6840 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:27:28.0387 6840 napagent - ok
19:27:28.0418 6840 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:27:28.0434 6840 NativeWifiP - ok
19:27:28.0480 6840 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:27:28.0543 6840 NDIS - ok
19:27:28.0574 6840 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:27:28.0590 6840 NdisTapi - ok
19:27:28.0605 6840 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:27:28.0605 6840 Ndisuio - ok
19:27:28.0652 6840 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:27:28.0668 6840 NdisWan - ok
19:27:28.0699 6840 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:27:28.0699 6840 NDProxy - ok
19:27:28.0761 6840 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
19:27:28.0777 6840 Netaapl - ok
19:27:28.0792 6840 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:27:28.0808 6840 NetBIOS - ok
19:27:28.0839 6840 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:27:28.0855 6840 netbt - ok
19:27:28.0886 6840 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:27:28.0886 6840 Netlogon - ok
19:27:28.0917 6840 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:27:28.0933 6840 Netman - ok
19:27:28.0948 6840 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:27:28.0948 6840 netprofm - ok
19:27:28.0978 6840 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:28.0988 6840 NetTcpPortSharing - ok
19:27:29.0008 6840 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:27:29.0018 6840 nfrd960 - ok
19:27:29.0058 6840 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:27:29.0058 6840 NlaSvc - ok
19:27:29.0078 6840 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:27:29.0088 6840 Npfs - ok
19:27:29.0138 6840 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:27:29.0148 6840 nsi - ok
19:27:29.0158 6840 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:27:29.0178 6840 nsiproxy - ok
19:27:29.0238 6840 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:27:29.0298 6840 Ntfs - ok
19:27:29.0328 6840 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:27:29.0338 6840 ntrigdigi - ok
19:27:29.0348 6840 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:27:29.0358 6840 Null - ok
19:27:29.0388 6840 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:27:29.0408 6840 nvraid - ok
19:27:29.0428 6840 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:27:29.0438 6840 nvstor - ok
19:27:29.0468 6840 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:27:29.0478 6840 nv_agp - ok
19:27:29.0488 6840 NwlnkFlt - ok
19:27:29.0498 6840 NwlnkFwd - ok
19:27:29.0518 6840 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:27:29.0538 6840 ohci1394 - ok
19:27:29.0588 6840 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:27:29.0638 6840 p2pimsvc - ok
19:27:29.0658 6840 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:27:29.0668 6840 p2psvc - ok
19:27:29.0708 6840 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:27:29.0718 6840 Parport - ok
19:27:29.0778 6840 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:27:29.0798 6840 partmgr - ok
19:27:29.0828 6840 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:27:29.0838 6840 Parvdm - ok
19:27:29.0878 6840 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:27:29.0888 6840 PcaSvc - ok
19:27:29.0918 6840 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:27:29.0928 6840 pci - ok
19:27:29.0958 6840 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:27:29.0978 6840 pciide - ok
19:27:30.0028 6840 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:27:30.0048 6840 pcmcia - ok
19:27:30.0098 6840 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:27:30.0168 6840 PEAUTH - ok
19:27:30.0268 6840 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:27:30.0330 6840 pla - ok
19:27:30.0469 6840 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:27:30.0499 6840 PlugPlay - ok
19:27:30.0534 6840 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:27:30.0543 6840 PNRPAutoReg - ok
19:27:30.0578 6840 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:27:30.0587 6840 PNRPsvc - ok
19:27:30.0620 6840 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:27:30.0649 6840 PolicyAgent - ok
19:27:30.0696 6840 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:27:30.0713 6840 PptpMiniport - ok
19:27:30.0750 6840 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:27:30.0770 6840 Processor - ok
19:27:30.0793 6840 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:27:30.0822 6840 ProfSvc - ok
19:27:30.0839 6840 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:27:30.0841 6840 ProtectedStorage - ok
19:27:30.0871 6840 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:27:30.0887 6840 PSched - ok
19:27:30.0901 6840 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:27:30.0925 6840 PxHelp20 - ok
19:27:30.0995 6840 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:27:31.0087 6840 ql2300 - ok
19:27:31.0110 6840 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:27:31.0128 6840 ql40xx - ok
19:27:31.0162 6840 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:27:31.0170 6840 QWAVE - ok
19:27:31.0189 6840 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:27:31.0194 6840 QWAVEdrv - ok
19:27:31.0209 6840 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:27:31.0223 6840 RasAcd - ok
19:27:31.0237 6840 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:27:31.0244 6840 RasAuto - ok
19:27:31.0257 6840 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:27:31.0271 6840 Rasl2tp - ok
19:27:31.0307 6840 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:27:31.0331 6840 RasMan - ok
19:27:31.0368 6840 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:27:31.0378 6840 RasPppoe - ok
19:27:31.0416 6840 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:27:31.0429 6840 RasSstp - ok
19:27:31.0457 6840 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:27:31.0477 6840 rdbss - ok
19:27:31.0503 6840 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:27:31.0512 6840 RDPCDD - ok
19:27:31.0539 6840 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:27:31.0570 6840 rdpdr - ok
19:27:31.0579 6840 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:27:31.0588 6840 RDPENCDD - ok
19:27:31.0625 6840 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:27:31.0641 6840 RDPWD - ok
19:27:31.0722 6840 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:27:31.0726 6840 RemoteAccess - ok
19:27:31.0752 6840 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:27:31.0775 6840 RemoteRegistry - ok
19:27:31.0806 6840 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:27:31.0811 6840 RpcLocator - ok
19:27:31.0842 6840 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:27:31.0851 6840 RpcSs - ok
19:27:31.0869 6840 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:27:31.0873 6840 rspndr - ok
19:27:31.0905 6840 [ 7157E70A90CCE49DEB8885D23A073A39 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
19:27:31.0921 6840 RTL8169 - ok
19:27:31.0966 6840 [ B71D269B9AB5417963E986126C12B9FC ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
19:27:31.0997 6840 RTL8187B - ok
19:27:32.0047 6840 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
19:27:32.0061 6840 RtlProt - ok
19:27:32.0081 6840 [ 9FF7D9CF3A5F296613588B0E8DB83AFE ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
19:27:32.0096 6840 RTSTOR - ok
19:27:32.0117 6840 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:27:32.0119 6840 SamSs - ok
19:27:32.0142 6840 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:27:32.0158 6840 sbp2port - ok
19:27:32.0188 6840 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:27:32.0209 6840 SCardSvr - ok
19:27:32.0256 6840 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:27:32.0264 6840 Schedule - ok
19:27:32.0284 6840 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:27:32.0285 6840 SCPolicySvc - ok
19:27:32.0312 6840 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:27:32.0320 6840 SDRSVC - ok
19:27:32.0338 6840 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:27:32.0341 6840 secdrv - ok
19:27:32.0362 6840 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:27:32.0366 6840 seclogon - ok
19:27:32.0390 6840 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:27:32.0393 6840 SENS - ok
19:27:32.0415 6840 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:27:32.0428 6840 Serenum - ok
19:27:32.0461 6840 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:27:32.0477 6840 Serial - ok
19:27:32.0522 6840 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:27:32.0534 6840 sermouse - ok
19:27:32.0574 6840 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:27:32.0582 6840 SessionEnv - ok
19:27:32.0602 6840 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:27:32.0617 6840 sffdisk - ok
19:27:32.0634 6840 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:27:32.0649 6840 sffp_mmc - ok
19:27:32.0662 6840 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:27:32.0678 6840 sffp_sd - ok
19:27:32.0698 6840 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:27:32.0712 6840 sfloppy - ok
19:27:32.0767 6840 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:27:32.0779 6840 SharedAccess - ok
19:27:32.0815 6840 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:27:32.0845 6840 ShellHWDetection - ok
19:27:32.0867 6840 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:27:32.0884 6840 sisagp - ok
19:27:32.0906 6840 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:27:32.0922 6840 SiSRaid2 - ok
19:27:32.0965 6840 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:27:32.0996 6840 SiSRaid4 - ok
19:27:33.0121 6840 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:27:33.0183 6840 slsvc - ok
19:27:33.0230 6840 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:27:33.0245 6840 SLUINotify - ok
19:27:33.0277 6840 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:27:33.0292 6840 Smb - ok
19:27:33.0339 6840 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:27:33.0339 6840 SNMPTRAP - ok
19:27:33.0355 6840 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:27:33.0355 6840 spldr - ok
19:27:33.0386 6840 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:27:33.0401 6840 Spooler - ok
19:27:33.0448 6840 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:27:33.0464 6840 srv - ok
19:27:33.0495 6840 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:27:33.0511 6840 srv2 - ok
19:27:33.0542 6840 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:27:33.0557 6840 srvnet - ok
19:27:33.0573 6840 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:27:33.0589 6840 SSDPSRV - ok
19:27:33.0599 6840 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:27:33.0599 6840 SstpSvc - ok
19:27:33.0649 6840 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:27:33.0689 6840 stisvc - ok
19:27:33.0719 6840 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:27:33.0729 6840 swenum - ok
19:27:33.0769 6840 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:27:33.0819 6840 swprv - ok
19:27:33.0859 6840 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:27:33.0879 6840 Symc8xx - ok
19:27:33.0899 6840 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:27:33.0999 6840 Sym_hi - ok
19:27:34.0059 6840 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:27:34.0069 6840 Sym_u3 - ok
19:27:34.0109 6840 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:27:34.0129 6840 SynTP - ok
19:27:34.0189 6840 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:27:34.0219 6840 SysMain - ok
19:27:34.0259 6840 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:27:34.0259 6840 TabletInputService - ok
19:27:34.0289 6840 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:27:34.0309 6840 TapiSrv - ok
19:27:34.0341 6840 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:27:34.0346 6840 TBS - ok
19:27:34.0411 6840 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:27:34.0462 6840 Tcpip - ok
19:27:34.0485 6840 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:27:34.0492 6840 Tcpip6 - ok
19:27:34.0525 6840 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:27:34.0535 6840 tcpipreg - ok
19:27:34.0580 6840 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:27:34.0594 6840 tdcmdpst - ok
19:27:34.0618 6840 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:27:34.0630 6840 TDPIPE - ok
19:27:34.0645 6840 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:27:34.0658 6840 TDTCP - ok
19:27:34.0707 6840 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:27:34.0722 6840 tdx - ok
19:27:34.0779 6840 [ CE0B5D587839614A16480D7B8395FFE9 ] TempoMonitoringService C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
19:27:34.0794 6840 TempoMonitoringService - ok
19:27:34.0812 6840 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:27:34.0840 6840 TermDD - ok
19:27:34.0868 6840 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:27:34.0894 6840 TermService - ok
19:27:34.0917 6840 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:27:34.0922 6840 Themes - ok
19:27:34.0940 6840 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:27:34.0943 6840 THREADORDER - ok
19:27:35.0011 6840 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
19:27:35.0032 6840 TNaviSrv - ok
19:27:35.0070 6840 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
19:27:35.0106 6840 TODDSrv - ok
19:27:35.0158 6840 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:27:35.0180 6840 TosCoSrv - ok
19:27:35.0213 6840 [ DCA621CE31CA604C762001883E385DF8 ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
19:27:35.0251 6840 TOSHIBA SMART Log Service - ok
19:27:35.0295 6840 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
19:27:35.0337 6840 tos_sps32 - ok
19:27:35.0365 6840 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:27:35.0373 6840 TrkWks - ok
19:27:35.0432 6840 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:27:35.0451 6840 TrustedInstaller - ok
19:27:35.0485 6840 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:27:35.0497 6840 tssecsrv - ok
19:27:35.0529 6840 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:27:35.0542 6840 tunmp - ok
19:27:35.0564 6840 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:27:35.0576 6840 tunnel - ok
19:27:35.0613 6840 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:27:35.0632 6840 TVALZ - ok
19:27:35.0658 6840 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:27:35.0676 6840 uagp35 - ok
19:27:35.0740 6840 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:27:35.0771 6840 udfs - ok
19:27:35.0799 6840 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:27:35.0806 6840 UI0Detect - ok
19:27:35.0888 6840 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:27:35.0916 6840 UleadBurningHelper - ok
19:27:35.0948 6840 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:27:35.0973 6840 uliagpkx - ok
19:27:36.0018 6840 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:27:36.0080 6840 uliahci - ok
19:27:36.0096 6840 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:27:36.0111 6840 UlSata - ok
19:27:36.0143 6840 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:27:36.0158 6840 ulsata2 - ok
19:27:36.0174 6840 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:27:36.0189 6840 umbus - ok
19:27:36.0205 6840 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:27:36.0221 6840 upnphost - ok
19:27:36.0267 6840 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:27:36.0267 6840 USBAAPL - ok
19:27:36.0299 6840 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:27:36.0314 6840 usbccgp - ok
19:27:36.0345 6840 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:27:36.0345 6840 usbcir - ok
19:27:36.0392 6840 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:27:36.0408 6840 usbehci - ok
19:27:36.0439 6840 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:27:36.0455 6840 usbhub - ok
19:27:36.0470 6840 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:27:36.0486 6840 usbohci - ok
19:27:36.0501 6840 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:27:36.0517 6840 usbprint - ok
19:27:36.0564 6840 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:27:36.0564 6840 usbscan - ok
19:27:36.0595 6840 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:27:36.0611 6840 USBSTOR - ok
19:27:36.0642 6840 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:27:36.0657 6840 usbuhci - ok
19:27:36.0673 6840 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:27:36.0704 6840 usbvideo - ok
19:27:36.0720 6840 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:27:36.0751 6840 UxSms - ok
19:27:36.0782 6840 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:27:36.0829 6840 vds - ok
19:27:36.0845 6840 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:27:36.0860 6840 vga - ok
19:27:36.0860 6840 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:27:36.0876 6840 VgaSave - ok
19:27:36.0907 6840 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:27:36.0923 6840 viaagp - ok
19:27:36.0954 6840 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:27:36.0969 6840 ViaC7 - ok
19:27:37.0016 6840 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:27:37.0032 6840 viaide - ok
19:27:37.0094 6840 [ 26DC11428CE061766D00B7254547869B ] VmbService C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
19:27:37.0110 6840 VmbService - ok
19:27:37.0141 6840 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:27:37.0141 6840 volmgr - ok
19:27:37.0172 6840 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:27:37.0203 6840 volmgrx - ok
19:27:37.0235 6840 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:27:37.0266 6840 volsnap - ok
19:27:37.0281 6840 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:27:37.0297 6840 vsmraid - ok
19:27:37.0359 6840 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:27:37.0422 6840 VSS - ok
19:27:37.0515 6840 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
19:27:37.0562 6840 vToolbarUpdater13.2.0 - ok
19:27:37.0609 6840 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:27:37.0625 6840 W32Time - ok
19:27:37.0656 6840 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:27:37.0671 6840 WacomPen - ok
19:27:37.0703 6840 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:27:37.0718 6840 Wanarp - ok
19:27:37.0718 6840 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:27:37.0718 6840 Wanarpv6 - ok
19:27:37.0749 6840 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:27:37.0779 6840 wcncsvc - ok
19:27:37.0809 6840 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:27:37.0819 6840 WcsPlugInService - ok
19:27:37.0839 6840 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:27:37.0859 6840 Wd - ok
19:27:37.0979 6840 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:27:38.0149 6840 Wdf01000 - ok
19:27:38.0169 6840 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:27:38.0179 6840 WdiServiceHost - ok
19:27:38.0179 6840 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:27:38.0179 6840 WdiSystemHost - ok
19:27:38.0209 6840 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:27:38.0239 6840 WebClient - ok
19:27:38.0269 6840 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:27:38.0299 6840 Wecsvc - ok
19:27:38.0319 6840 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:27:38.0329 6840 wercplsupport - ok
19:27:38.0359 6840 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:27:38.0389 6840 WerSvc - ok
19:27:38.0419 6840 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:27:38.0449 6840 winachsf - ok
19:27:38.0509 6840 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:27:38.0529 6840 WinDefend - ok
19:27:38.0539 6840 WinHttpAutoProxySvc - ok
19:27:38.0589 6840 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:27:38.0609 6840 Winmgmt - ok
19:27:38.0679 6840 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:27:38.0819 6840 WinRM - ok
19:27:38.0879 6840 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:27:38.0919 6840 Wlansvc - ok
19:27:38.0949 6840 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:27:38.0959 6840 WmiAcpi - ok
19:27:38.0989 6840 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:27:39.0019 6840 wmiApSrv - ok
19:27:39.0099 6840 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:27:39.0139 6840 WMPNetworkSvc - ok
19:27:39.0159 6840 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:27:39.0199 6840 WPCSvc - ok
19:27:39.0239 6840 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:27:39.0269 6840 WPDBusEnum - ok
19:27:39.0319 6840 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:27:39.0329 6840 WpdUsb - ok
19:27:39.0433 6840 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:27:39.0472 6840 WPFFontCache_v0400 - ok
19:27:39.0490 6840 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:27:39.0501 6840 ws2ifsl - ok
19:27:39.0528 6840 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
19:27:39.0548 6840 wscsvc - ok
19:27:39.0555 6840 WSearch - ok
19:27:39.0643 6840 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:27:39.0678 6840 wuauserv - ok
19:27:39.0729 6840 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:27:39.0746 6840 WUDFRd - ok
19:27:39.0790 6840 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:27:39.0795 6840 wudfsvc - ok
19:27:39.0817 6840 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
19:27:39.0829 6840 XAudio - ok
19:27:39.0870 6840 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
19:27:39.0937 6840 XAudioService - ok
19:27:39.0968 6840 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:27:39.0999 6840 ZTEusbmdm6k - ok
19:27:40.0015 6840 [ 453A60F8DC22FC296BC482CBF3EFF213 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
19:27:40.0030 6840 ZTEusbnet - ok
19:27:40.0077 6840 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:27:40.0093 6840 ZTEusbnmea - ok
19:27:40.0124 6840 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:27:40.0139 6840 ZTEusbser6k - ok
19:27:40.0186 6840 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
19:27:40.0202 6840 ZTEusbvoice - ok
19:27:40.0233 6840 ================ Scan global ===============================
19:27:40.0264 6840 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:27:40.0327 6840 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:27:40.0358 6840 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:27:40.0405 6840 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:27:40.0405 6840 [Global] - ok
19:27:40.0405 6840 ================ Scan MBR ==================================
19:27:40.0420 6840 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:27:41.0044 6840 \Device\Harddisk0\DR0 - ok
19:27:41.0075 6840 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
19:27:43.0066 6840 \Device\Harddisk1\DR1 - ok
19:27:43.0066 6840 ================ Scan VBR ==================================
19:27:43.0106 6840 [ ECEBF6A2979034E3150F23ECC1AFE19C ] \Device\Harddisk0\DR0\Partition1
19:27:43.0116 6840 \Device\Harddisk0\DR0\Partition1 - ok
19:27:43.0136 6840 [ F27CF74E463DEED3426E330764737B8D ] \Device\Harddisk0\DR0\Partition2
19:27:43.0136 6840 \Device\Harddisk0\DR0\Partition2 - ok
19:27:43.0156 6840 [ 33AAF07428F2CD5854B037FD241BDBFF ] \Device\Harddisk1\DR1\Partition1
19:27:43.0176 6840 \Device\Harddisk1\DR1\Partition1 - ok
19:27:43.0176 6840 ============================================================
19:27:43.0176 6840 Scan finished
19:27:43.0176 6840 ============================================================
19:27:43.0196 2272 Detected object count: 0
19:27:43.0196 2272 Actual detected object count: 0
09:41:17.0953 4728 Deinitialize success

Mail 2 to follow.

#8 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 04 December 2012 - 05:32 AM

This is the aswMBR report. I've run this a number of times and it appears to stop at the same point. Don't know if this is right or wrong. Will attempt to run in safe mode but not sure how to do this so, if you feel this is necessary, if you could give me some directions to enable me to do this, I'll run another report;

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 10:04:22
-----------------------------
10:04:22.851 OS Version: Windows 6.0.6002 Service Pack 2
10:04:22.852 Number of processors: 2 586 0xF0D
10:04:22.853 ComputerName: ALAN-PC UserName: Alan
10:04:23.743 Initialize success
10:04:40.175 AVAST engine defs: 12120200
10:04:58.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:04:58.550 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
10:04:58.576 Disk 0 MBR read successfully
10:04:58.588 Disk 0 MBR scan
10:04:58.596 Disk 0 Windows VISTA default MBR code
10:04:58.613 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:04:58.643 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76154 MB offset 3074048
10:04:58.676 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 74971 MB offset 159037440
10:04:58.713 Disk 0 scanning sectors +312579760
10:04:58.831 Disk 0 scanning C:\Windows\system32\drivers
10:05:18.869 Service scanning
10:05:42.480 Modules scanning
10:05:57.012 Disk 0 trace - called modules:
10:05:57.032 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:05:57.033 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a14ac8]
10:05:57.033 3 CLASSPNP.SYS[879148b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84941028]
10:05:58.644 AVAST engine scan C:\Windows
10:06:08.234 AVAST engine scan C:\Windows\system32
10:13:19.384 AVAST engine scan C:\Windows\system32\drivers
10:13:39.619 AVAST engine scan C:\Users\Alan
10:18:40.715 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat"
10:18:40.726 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt"

Mail 3 with the final report to follow.

#9 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 04 December 2012 - 05:36 AM

The final report is the ESET scanning report. It highlighted only 4 issues although one states multiple issues cleaned by deleting. I do use BitComet occasionally and it appears that these issues stem, unsurprisingly, from its use;

C:\Users\Alan\Downloads\Horrid_Henry_Missions_Of_Mischief_EUR_MULTi5_NDS-BAHAMUT.exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
C:\Users\Alan\Downloads\installer_skype_web_toolbar_for_mozilla_firefox.exe Win32/Toggle application cleaned by deleting - quarantined
C:\Users\Alan\Downloads\Microsoft_Word_2010_exe.exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
C:\Users\Alan\Downloads\The_Polar_Express_2004_BRRip_XviD_AC3_FLAWL3SS.exe multiple threats cleaned by deleting - quarantined

Cheers narenxp, what do I do next?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:41 PM

Posted 05 December 2012 - 01:19 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#11 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 05 December 2012 - 07:59 AM

Malware Log Report posted below. All removed via Malware software as directed;

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.05.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Alan :: ALAN-PC [administrator]

Protection: Enabled

05/12/2012 09:36:13
mbam-log-2012-12-05 (12-56-41).txt

Further reports to follow.

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429159
Time elapsed: 2 hour(s), 43 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 30
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
HKCR\f (PUP.Funmoods) -> No action taken.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> No action taken.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Users\Alan\AppData\LocalLow\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\Alan\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> No action taken.
C:\Program Files\Funmoods (PUP.FunMoods) -> No action taken.
C:\Program Files\Funmoods\1.5.23.22 (PUP.FunMoods) -> No action taken.
C:\Program Files\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> No action taken.

Files Detected: 6
C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> No action taken.
C:\Users\Alan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken.
C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken.
C:\Users\Alan\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\Users\Alan\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> No action taken.

(end)

#12 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 06 December 2012 - 07:43 AM

I'm about to complete Stage 2 as per your email. Had a lot of problems with the malware bytes programme ... kept crashing. Will be in touch ;-)

#13 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 06 December 2012 - 08:44 AM

mini toolbox results are below;

MiniToolBox by Farbar Version: 25-11-2012
Ran by Alan (administrator) on 06-12-2012 at 12:45:57
Running from "C:\Users\Alan\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Alan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 00-22-5F-53-40-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cdab:17f8:e254:3f19%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 06 December 2012 09:03:21
Lease Expires . . . . . . . . . . : 07 December 2012 09:03:20
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 201335391
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-A8-1D-88-00-1E-33-8A-0B-EE
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1E-33-8A-0B-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EE06F5B7-6A9A-406F-A9EF-2C2B87A132DC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:10af:3deb:3f57:fff9(Preferred)
Link-local IPv6 Address . . . . . : fe80::10af:3deb:3f57:fff9%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: SkyRouter.Home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:809::1004
173.194.41.174
173.194.41.160
173.194.41.161
173.194.41.162
173.194.41.163
173.194.41.164
173.194.41.165
173.194.41.166
173.194.41.167
173.194.41.168
173.194.41.169



Pinging google.com [173.194.41.174] with 32 bytes of data:

Reply from 173.194.41.174: bytes=32 time=42ms TTL=57

Reply from 173.194.41.174: bytes=32 time=41ms TTL=57



Ping statistics for 173.194.41.174:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 42ms, Average = 41ms

Server: SkyRouter.Home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=165ms TTL=49

Reply from 98.139.183.24: bytes=32 time=224ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 165ms, Maximum = 224ms, Average = 194ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=11ms TTL=128

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 11ms, Average = 6ms

===========================================================================
Interface List
12 ...00 22 5f 53 40 7a ...... Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
10 ...00 1e 33 8a 0b ee ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{EE06F5B7-6A9A-406F-A9EF-2C2B87A132DC}
13 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
16 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
23 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.6 286
192.168.0.6 255.255.255.255 On-link 192.168.0.6 286
192.168.0.255 255.255.255.255 On-link 192.168.0.6 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.6 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.6 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 18 ::/0 On-link
1 306 ::1/128 On-link
16 18 2001::/32 On-link
16 266 2001:0:5ef5:73b8:10af:3deb:3f57:fff9/128
On-link
12 286 fe80::/64 On-link
16 266 fe80::/64 On-link
16 266 fe80::10af:3deb:3f57:fff9/128
On-link
12 286 fe80::cdab:17f8:e254:3f19/128
On-link
1 306 ff00::/8 On-link
16 266 ff00::/8 On-link
12 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/06/2012 00:43:58 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 16.0.2.4680 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1710
Start Time: 01cdd2eb68da2230
Termination Time: 200

Error: (12/06/2012 09:02:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47942367

Error: (12/06/2012 09:02:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47942367

Error: (12/06/2012 09:02:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/06/2012 09:02:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47935831

Error: (12/06/2012 09:02:21 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47935831

Error: (12/06/2012 09:02:20 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/05/2012 07:43:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15803

Error: (12/05/2012 07:43:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15803

Error: (12/05/2012 07:43:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/06/2012 00:43:05 PM) (Source: Service Control Manager) (User: )
Description: 30000avg8wd

Error: (12/05/2012 01:17:28 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 13:02:04 on 05/12/2012 was unexpected.

Error: (12/05/2012 03:54:57 AM) (Source: Service Control Manager) (User: )
Description: Adobe Flash Player Update Service%%1053

Error: (12/05/2012 03:54:57 AM) (Source: Service Control Manager) (User: )
Description: 30000Adobe Flash Player Update Service

Error: (12/03/2012 08:12:41 AM) (Source: Service Control Manager) (User: )
Description: 30000AudioEndpointBuilder

Error: (12/03/2012 08:12:02 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (12/02/2012 11:36:05 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (12/02/2012 11:36:05 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (12/02/2012 11:36:05 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/02/2012 10:47:30 AM) (Source: Service Control Manager) (User: )
Description: 30000AudioEndpointBuilder


Microsoft Office Sessions:
=========================
Error: (12/06/2012 00:43:58 PM) (Source: Application Hang)(User: )
Description: firefox.exe16.0.2.4680171001cdd2eb68da2230200

Error: (12/06/2012 09:02:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47942367

Error: (12/06/2012 09:02:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47942367

Error: (12/06/2012 09:02:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/06/2012 09:02:21 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47935831

Error: (12/06/2012 09:02:21 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47935831

Error: (12/06/2012 09:02:20 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/05/2012 07:43:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15803

Error: (12/05/2012 07:43:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15803

Error: (12/05/2012 07:43:40 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2012-12-06 09:06:23.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:23.584
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:23.291
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:23.010
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:22.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:22.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:22.079
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:21.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:21.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-06 09:06:21.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Flash Player ActiveX (Version: 9.0.47.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
AVG Free 8.5
AVG Security Toolbar
BitComet 1.34 (Version: 1.34)
BitComet 1.34 64-bit (Version: 1.34)
Bonjour (Version: 3.0.0.10)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
DVD MovieFactory for TOSHIBA (Version: 5.51)
ESET Online Scanner v3
Google Desktop (Version: 5.7.0802.22438)
Google Toolbar for Internet Explorer (Version: 1.0.0)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.70.00.50)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.7.0.21)
Java™ 6 Update 6 (Version: 1.6.0.60)
Java™ 6 Update 7 (Version: 1.6.0.70)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee Security Scan Plus (Version: 3.0.285.6)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft XML Parser (Version: 8.20.8730.4)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
myphotobook 3.6 (Version: 3.6)
NetWaiting (Version: 2.5.52)
OpenOffice.org 3.1 (Version: 3.1.9399)
Picasa 2 (Version: 2.0)
PriceGong 2.6.4 (Version: 2.6.4)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5599)
REALTEK RTL8187B Wireless LAN Driver (Version: Package:1.00.0026 Driver:6.1116.1226.2007)
Realtek USB 2.0 Card Reader (Version: )
Realtek WiFi Protected Setup Library (Version: Package:1.00.0026)
Skype™ 5.5 (Version: 5.5.124)
Synaptics Pointing Device Driver (Version: 10.1.8.0)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA ConfigFree (Version: 7.2.20)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 1.31.14)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Hardware Setup (Version: 2.00.08)
TOSHIBA Manuals (Version: 7.40)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA Supervisor Password (Version: 2.00.04)
Toshiba TEMPRO (Version: 1.1)
TOSHIBA Value Added Package (Version: 1.1.24)
TRDCReminder (Version: 1.00.0015)
TRORDCLauncher (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Vodafone Mobile Broadband Lite (Version: 10.0.201.23143)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 1915.25 MB
Available physical RAM: 889.17 MB
Total Pagefile: 4073.8 MB
Available Pagefile: 2411.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.02 MB

========================= Partitions: =====================================

1 Drive c: (Vista) (Fixed) (Total:74.37 GB) (Free:27.36 GB) NTFS
2 Drive d: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:594.79 GB) NTFS
3 Drive e: (Data) (Fixed) (Total:73.21 GB) (Free:68.79 GB) NTFS

========================= Users: ========================================

User accounts for \\ALAN-PC

Administrator Alan Guest

========================= Restore Points ==================================

26-11-2012 08:39:41 Scheduled Checkpoint
27-11-2012 00:00:03 Scheduled Checkpoint
27-11-2012 16:26:25 Windows Update
28-11-2012 13:54:40 Scheduled Checkpoint
30-11-2012 15:19:28 Scheduled Checkpoint
01-12-2012 14:37:23 Scheduled Checkpoint
02-12-2012 12:48:44 Scheduled Checkpoint
03-12-2012 12:02:36 Scheduled Checkpoint
04-12-2012 23:11:51 Windows Update
05-12-2012 17:22:19 Scheduled Checkpoint

**** End of log ****

Cheers, will post next set when completed ;-)

#14 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 06 December 2012 - 09:16 AM

Farbar service scanner results posted;

Farbar Service Scanner Version: 04-12-2012
Ran by Alan (administrator) on 06-12-2012 at 14:14:58
Running from "C:\Users\Alan\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-11-18 10:52] - [2012-06-02 00:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2012-03-24 12:52] - [2010-02-18 13:30] - 0200704 ____A (Microsoft Corporation) 1998BD97F950680BB55F55A7244679C2

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#15 tobytucker

tobytucker
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheshire, England
  • Local time:12:41 AM

Posted 06 December 2012 - 09:27 AM

Adware cleaner results;

# AdwCleaner v2.011 - Logfile created 12/06/2012 at 14:19:38
# Updated 02/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Alan - ALAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Alan\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\PriceGong
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Alan\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Alan\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Alan\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u0jvsfv.default\prefs.js

C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\8u0jvsfv.default\user.js ... Deleted !

Deleted : user_pref("extensions.507aa6edb15a1.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.funmoods.aflt", "axl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "GB");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "A3C411B2703B25613BCD36206A64CA6D");
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.hrdid", "00225F53407AF970");
Deleted : user_pref("extensions.funmoods.id", "00225F53407AF970");
Deleted : user_pref("extensions.funmoods.instlDay", "15609");
Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Deleted : user_pref("extensions.funmoods.instlday", "15609");
Deleted : user_pref("extensions.funmoods.instlref", "axl");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2218:33:24");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.newtab", "false");
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2218:33:24");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2218:33:24");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:33:24");

*************************

AdwCleaner[S2].txt - [12332 octets] - [06/12/2012 14:19:38]

########## EOF - C:\AdwCleaner[S2].txt - [12393 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users