Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scour virus redirect


  • Please log in to reply
9 replies to this topic

#1 onliner123

onliner123

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 19 December 2012 - 01:55 AM

Hi,

I am using Firefox 17.0.1. After I perform a search and I select the a link of an search item I want to see, I am sometimes redirected to a page that has nothing to do with the link I have just clicked on. I have ran MalwareBytes, SuperAntispyware, which both indicate that there are no viruses/trojans on my computer. What should I do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 PM

Posted 19 December 2012 - 03:14 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 onliner123

onliner123
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 20 December 2012 - 10:20 PM

Hi,

Thanks for your reply.

Here's the log from TDSSkiller

20:52:29.0294 5308 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:52:29.0634 5308 ============================================================
20:52:29.0634 5308 Current date / time: 2012/12/20 20:52:29.0634
20:52:29.0634 5308 SystemInfo:
20:52:29.0634 5308
20:52:29.0634 5308 OS Version: 6.1.7601 ServicePack: 1.0
20:52:29.0634 5308 Product type: Workstation
20:52:29.0634 5308 ComputerName: MyUserName-PC
20:52:29.0634 5308 UserName: MyUserName
20:52:29.0634 5308 Windows directory: C:\Windows
20:52:29.0634 5308 System windows directory: C:\Windows
20:52:29.0634 5308 Processor architecture: Intel x86
20:52:29.0634 5308 Number of processors: 2
20:52:29.0634 5308 Page size: 0x1000
20:52:29.0634 5308 Boot type: Normal boot
20:52:29.0634 5308 ============================================================
20:52:30.0554 5308 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:52:30.0564 5308 Drive \Device\Harddisk5\DR5 - Size: 0x1E6C60000 (7.61 Gb), SectorSize: 0x200, Cylinders: 0x3E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:52:30.0564 5308 ============================================================
20:52:30.0564 5308 \Device\Harddisk0\DR0:
20:52:30.0564 5308 MBR partitions:
20:52:30.0564 5308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:52:30.0564 5308 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
20:52:30.0564 5308 \Device\Harddisk5\DR5:
20:52:30.0564 5308 MBR partitions:
20:52:30.0564 5308 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x2D78, BlocksNum 0xF33588
20:52:30.0564 5308 ============================================================
20:52:30.0594 5308 C: <-> \Device\Harddisk0\DR0\Partition2
20:52:30.0594 5308 ============================================================
20:52:30.0594 5308 Initialize success
20:52:30.0594 5308 ============================================================
20:52:51.0237 2192 ============================================================
20:52:51.0237 2192 Scan started
20:52:51.0237 2192 Mode: Manual;
20:52:51.0237 2192 ============================================================
20:52:51.0645 2192 ================ Scan system memory ========================
20:52:51.0645 2192 System memory - ok
20:52:51.0645 2192 ================ Scan services =============================
20:52:51.0745 2192 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:52:51.0755 2192 !SASCORE - ok
20:52:51.0885 2192 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:52:51.0895 2192 1394ohci - ok
20:52:51.0915 2192 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:52:51.0925 2192 ACPI - ok
20:52:51.0945 2192 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:52:51.0955 2192 AcpiPmi - ok
20:52:52.0015 2192 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:52:52.0015 2192 AdobeFlashPlayerUpdateSvc - ok
20:52:52.0045 2192 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:52:52.0045 2192 adp94xx - ok
20:52:52.0055 2192 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:52:52.0055 2192 adpahci - ok
20:52:52.0075 2192 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:52:52.0075 2192 adpu320 - ok
20:52:52.0105 2192 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:52:52.0105 2192 AeLookupSvc - ok
20:52:52.0145 2192 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:52:52.0155 2192 AFD - ok
20:52:52.0165 2192 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:52:52.0165 2192 agp440 - ok
20:52:52.0185 2192 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:52:52.0185 2192 aic78xx - ok
20:52:52.0215 2192 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:52:52.0215 2192 ALG - ok
20:52:52.0225 2192 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:52:52.0225 2192 aliide - ok
20:52:52.0245 2192 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:52:52.0245 2192 amdagp - ok
20:52:52.0265 2192 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:52:52.0265 2192 amdide - ok
20:52:52.0285 2192 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:52:52.0285 2192 AmdK8 - ok
20:52:52.0305 2192 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:52:52.0305 2192 AmdPPM - ok
20:52:52.0315 2192 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:52:52.0315 2192 amdsata - ok
20:52:52.0325 2192 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:52:52.0325 2192 amdsbs - ok
20:52:52.0395 2192 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:52:52.0405 2192 amdxata - ok
20:52:52.0445 2192 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:52:52.0445 2192 AppID - ok
20:52:52.0465 2192 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:52:52.0465 2192 AppIDSvc - ok
20:52:52.0535 2192 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:52:52.0535 2192 Appinfo - ok
20:52:52.0565 2192 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:52:52.0575 2192 AppMgmt - ok
20:52:52.0585 2192 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:52:52.0585 2192 arc - ok
20:52:52.0595 2192 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:52:52.0595 2192 arcsas - ok
20:52:52.0605 2192 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:52.0605 2192 AsyncMac - ok
20:52:52.0615 2192 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:52:52.0615 2192 atapi - ok
20:52:52.0685 2192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:52:52.0695 2192 AudioEndpointBuilder - ok
20:52:52.0695 2192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:52:52.0705 2192 Audiosrv - ok
20:52:52.0735 2192 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:52:52.0735 2192 AxInstSV - ok
20:52:52.0755 2192 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:52:52.0765 2192 b06bdrv - ok
20:52:52.0785 2192 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:52:52.0795 2192 b57nd60x - ok
20:52:52.0815 2192 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:52:52.0815 2192 BDESVC - ok
20:52:52.0835 2192 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:52:52.0835 2192 Beep - ok
20:52:52.0885 2192 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:52:52.0885 2192 BFE - ok
20:52:52.0925 2192 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
20:52:52.0935 2192 BITS - ok
20:52:52.0945 2192 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:52:52.0945 2192 blbdrive - ok
20:52:52.0975 2192 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:52:52.0975 2192 bowser - ok
20:52:52.0995 2192 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:52:52.0995 2192 BrFiltLo - ok
20:52:53.0005 2192 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:52:53.0005 2192 BrFiltUp - ok
20:52:53.0045 2192 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:52:53.0045 2192 BridgeMP - ok
20:52:53.0065 2192 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:52:53.0075 2192 Browser - ok
20:52:53.0085 2192 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:52:53.0085 2192 Brserid - ok
20:52:53.0095 2192 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:52:53.0095 2192 BrSerWdm - ok
20:52:53.0115 2192 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:52:53.0115 2192 BrUsbMdm - ok
20:52:53.0125 2192 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:52:53.0125 2192 BrUsbSer - ok
20:52:53.0145 2192 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:52:53.0145 2192 BTHMODEM - ok
20:52:53.0165 2192 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:52:53.0165 2192 bthserv - ok
20:52:53.0235 2192 catchme - ok
20:52:53.0265 2192 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:52:53.0265 2192 cdfs - ok
20:52:53.0285 2192 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:52:53.0285 2192 cdrom - ok
20:52:53.0325 2192 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:52:53.0325 2192 CertPropSvc - ok
20:52:53.0345 2192 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:52:53.0345 2192 circlass - ok
20:52:53.0365 2192 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:52:53.0375 2192 CLFS - ok
20:52:53.0405 2192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:53.0405 2192 clr_optimization_v2.0.50727_32 - ok
20:52:53.0425 2192 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:53.0425 2192 CmBatt - ok
20:52:53.0455 2192 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:52:53.0455 2192 cmdide - ok
20:52:53.0485 2192 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:52:53.0495 2192 CNG - ok
20:52:53.0505 2192 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:52:53.0515 2192 Compbatt - ok
20:52:53.0535 2192 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:52:53.0535 2192 CompositeBus - ok
20:52:53.0545 2192 COMSysApp - ok
20:52:53.0565 2192 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:52:53.0565 2192 crcdisk - ok
20:52:53.0605 2192 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:52:53.0605 2192 CryptSvc - ok
20:52:53.0655 2192 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:52:53.0665 2192 CSC - ok
20:52:53.0715 2192 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:52:53.0725 2192 CscService - ok
20:52:53.0755 2192 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:52:53.0755 2192 DcomLaunch - ok
20:52:53.0775 2192 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:52:53.0775 2192 defragsvc - ok
20:52:53.0805 2192 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:52:53.0805 2192 DfsC - ok
20:52:53.0875 2192 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:52:53.0885 2192 Dhcp - ok
20:52:53.0895 2192 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:52:53.0895 2192 discache - ok
20:52:53.0925 2192 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:52:53.0925 2192 Disk - ok
20:52:53.0955 2192 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:52:53.0955 2192 Dnscache - ok
20:52:53.0975 2192 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:52:53.0975 2192 dot3svc - ok
20:52:54.0035 2192 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:52:54.0035 2192 DPS - ok
20:52:54.0075 2192 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:52:54.0085 2192 drmkaud - ok
20:52:54.0125 2192 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:52:54.0135 2192 DXGKrnl - ok
20:52:54.0145 2192 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:52:54.0145 2192 EapHost - ok
20:52:54.0215 2192 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:52:54.0235 2192 ebdrv - ok
20:52:54.0255 2192 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:52:54.0255 2192 EFS - ok
20:52:54.0295 2192 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:52:54.0295 2192 ehRecvr - ok
20:52:54.0325 2192 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:52:54.0325 2192 ehSched - ok
20:52:54.0345 2192 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:52:54.0345 2192 elxstor - ok
20:52:54.0365 2192 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:52:54.0375 2192 ErrDev - ok
20:52:54.0405 2192 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:52:54.0405 2192 EventSystem - ok
20:52:54.0435 2192 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:52:54.0435 2192 exfat - ok
20:52:54.0445 2192 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:52:54.0455 2192 fastfat - ok
20:52:54.0515 2192 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:52:54.0525 2192 Fax - ok
20:52:54.0535 2192 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:52:54.0535 2192 fdc - ok
20:52:54.0555 2192 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:52:54.0555 2192 fdPHost - ok
20:52:54.0555 2192 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:52:54.0565 2192 FDResPub - ok
20:52:54.0575 2192 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:52:54.0575 2192 FileInfo - ok
20:52:54.0585 2192 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:52:54.0585 2192 Filetrace - ok
20:52:54.0605 2192 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:52:54.0605 2192 flpydisk - ok
20:52:54.0615 2192 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:52:54.0615 2192 FltMgr - ok
20:52:54.0645 2192 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:52:54.0655 2192 FontCache - ok
20:52:54.0675 2192 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:52:54.0675 2192 FontCache3.0.0.0 - ok
20:52:54.0695 2192 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:52:54.0695 2192 FsDepends - ok
20:52:54.0715 2192 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:52:54.0715 2192 Fs_Rec - ok
20:52:54.0725 2192 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:52:54.0725 2192 fvevol - ok
20:52:54.0735 2192 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:52:54.0735 2192 gagp30kx - ok
20:52:54.0785 2192 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:52:54.0785 2192 gpsvc - ok
20:52:54.0805 2192 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:52:54.0805 2192 hcw85cir - ok
20:52:54.0845 2192 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:52:54.0845 2192 HdAudAddService - ok
20:52:54.0865 2192 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:52:54.0865 2192 HDAudBus - ok
20:52:54.0875 2192 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:52:54.0875 2192 HidBatt - ok
20:52:54.0885 2192 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:52:54.0885 2192 HidBth - ok
20:52:54.0915 2192 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:52:54.0925 2192 HidIr - ok
20:52:54.0935 2192 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
20:52:54.0935 2192 hidserv - ok
20:52:54.0965 2192 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:52:54.0965 2192 HidUsb - ok
20:52:55.0005 2192 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:52:55.0015 2192 hkmsvc - ok
20:52:55.0035 2192 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:52:55.0045 2192 HomeGroupListener - ok
20:52:55.0075 2192 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:52:55.0085 2192 HomeGroupProvider - ok
20:52:55.0095 2192 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:52:55.0095 2192 HpSAMD - ok
20:52:55.0135 2192 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
20:52:55.0145 2192 HsfXAudioService - ok
20:52:55.0175 2192 [ 0F5ED510A6C361420BC319E0CF96C1DC ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys
20:52:55.0185 2192 HSF_DP - ok
20:52:55.0205 2192 [ 186C11D0CA0E53B1EE266633B9D8B393 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
20:52:55.0205 2192 HSXHWBS2 - ok
20:52:55.0255 2192 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:52:55.0255 2192 HTTP - ok
20:52:55.0275 2192 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:52:55.0275 2192 hwpolicy - ok
20:52:55.0285 2192 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:52:55.0285 2192 i8042prt - ok
20:52:55.0325 2192 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:52:55.0325 2192 iaStorV - ok
20:52:55.0355 2192 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:52:55.0365 2192 idsvc - ok
20:52:55.0475 2192 [ A79416044080F5ADE931517C45BE9D58 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:52:55.0505 2192 igfx - ok
20:52:55.0525 2192 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:52:55.0535 2192 iirsp - ok
20:52:55.0555 2192 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:52:55.0565 2192 IKEEXT - ok
20:52:55.0625 2192 [ 3914EA9111DBEFFAF1C68200817768AD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:52:55.0695 2192 IntcAzAudAddService - ok
20:52:55.0705 2192 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:52:55.0705 2192 intelide - ok
20:52:55.0735 2192 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:52:55.0735 2192 intelppm - ok
20:52:55.0765 2192 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:52:55.0765 2192 IPBusEnum - ok
20:52:55.0775 2192 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:55.0775 2192 IpFilterDriver - ok
20:52:55.0805 2192 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:52:55.0815 2192 iphlpsvc - ok
20:52:55.0835 2192 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:52:55.0835 2192 IPMIDRV - ok
20:52:55.0855 2192 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:52:55.0855 2192 IPNAT - ok
20:52:55.0885 2192 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:52:55.0885 2192 IRENUM - ok
20:52:55.0885 2192 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:52:55.0895 2192 isapnp - ok
20:52:55.0905 2192 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:52:55.0905 2192 iScsiPrt - ok
20:52:55.0925 2192 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:52:55.0925 2192 kbdclass - ok
20:52:55.0935 2192 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:52:55.0945 2192 kbdhid - ok
20:52:55.0955 2192 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:52:55.0955 2192 KeyIso - ok
20:52:55.0975 2192 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:52:55.0975 2192 KSecDD - ok
20:52:55.0995 2192 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:52:56.0005 2192 KSecPkg - ok
20:52:56.0025 2192 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:52:56.0025 2192 KtmRm - ok
20:52:56.0035 2192 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
20:52:56.0045 2192 LanmanServer - ok
20:52:56.0065 2192 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:52:56.0065 2192 LanmanWorkstation - ok
20:52:56.0095 2192 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:52:56.0105 2192 lltdio - ok
20:52:56.0115 2192 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:52:56.0115 2192 lltdsvc - ok
20:52:56.0135 2192 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:52:56.0145 2192 lmhosts - ok
20:52:56.0165 2192 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:52:56.0165 2192 LSI_FC - ok
20:52:56.0175 2192 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:52:56.0175 2192 LSI_SAS - ok
20:52:56.0195 2192 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:52:56.0195 2192 LSI_SAS2 - ok
20:52:56.0215 2192 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:52:56.0215 2192 LSI_SCSI - ok
20:52:56.0225 2192 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:52:56.0225 2192 luafv - ok
20:52:56.0265 2192 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
20:52:56.0275 2192 McComponentHostService - ok
20:52:56.0305 2192 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:52:56.0315 2192 Mcx2Svc - ok
20:52:56.0315 2192 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:52:56.0315 2192 mdmxsdk - ok
20:52:56.0325 2192 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:52:56.0335 2192 megasas - ok
20:52:56.0355 2192 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:52:56.0355 2192 MegaSR - ok
20:52:56.0365 2192 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:52:56.0365 2192 MMCSS - ok
20:52:56.0385 2192 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:52:56.0385 2192 Modem - ok
20:52:56.0405 2192 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:52:56.0405 2192 monitor - ok
20:52:56.0415 2192 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:52:56.0415 2192 mouclass - ok
20:52:56.0435 2192 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:52:56.0435 2192 mouhid - ok
20:52:56.0455 2192 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:52:56.0455 2192 mountmgr - ok
20:52:56.0525 2192 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:52:56.0525 2192 MozillaMaintenance - ok
20:52:56.0545 2192 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:52:56.0545 2192 mpio - ok
20:52:56.0565 2192 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:52:56.0565 2192 mpsdrv - ok
20:52:56.0615 2192 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:52:56.0625 2192 MpsSvc - ok
20:52:56.0685 2192 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:52:56.0685 2192 MRxDAV - ok
20:52:56.0715 2192 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:56.0715 2192 mrxsmb - ok
20:52:56.0745 2192 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:56.0745 2192 mrxsmb10 - ok
20:52:56.0755 2192 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:56.0755 2192 mrxsmb20 - ok
20:52:56.0785 2192 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:52:56.0785 2192 msahci - ok
20:52:56.0795 2192 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:52:56.0795 2192 msdsm - ok
20:52:56.0805 2192 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:52:56.0815 2192 MSDTC - ok
20:52:56.0835 2192 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:52:56.0835 2192 Msfs - ok
20:52:56.0855 2192 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:52:56.0855 2192 mshidkmdf - ok
20:52:56.0875 2192 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:52:56.0875 2192 msisadrv - ok
20:52:56.0895 2192 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:52:56.0905 2192 MSiSCSI - ok
20:52:56.0915 2192 msiserver - ok
20:52:56.0925 2192 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:52:56.0925 2192 MSKSSRV - ok
20:52:56.0945 2192 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:56.0945 2192 MSPCLOCK - ok
20:52:56.0955 2192 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:52:56.0955 2192 MSPQM - ok
20:52:56.0965 2192 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:52:56.0965 2192 MsRPC - ok
20:52:56.0975 2192 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:52:56.0975 2192 mssmbios - ok
20:52:56.0985 2192 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:52:56.0985 2192 MSTEE - ok
20:52:57.0015 2192 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:52:57.0015 2192 MTConfig - ok
20:52:57.0035 2192 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:52:57.0035 2192 Mup - ok
20:52:57.0075 2192 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:52:57.0085 2192 napagent - ok
20:52:57.0105 2192 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:52:57.0105 2192 NativeWifiP - ok
20:52:57.0125 2192 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:52:57.0135 2192 NDIS - ok
20:52:57.0155 2192 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:52:57.0155 2192 NdisCap - ok
20:52:57.0175 2192 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:57.0175 2192 NdisTapi - ok
20:52:57.0215 2192 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:57.0215 2192 Ndisuio - ok
20:52:57.0255 2192 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:57.0255 2192 NdisWan - ok
20:52:57.0265 2192 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:52:57.0265 2192 NDProxy - ok
20:52:57.0285 2192 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:52:57.0285 2192 NetBIOS - ok
20:52:57.0305 2192 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:52:57.0315 2192 NetBT - ok
20:52:57.0315 2192 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:52:57.0325 2192 Netlogon - ok
20:52:57.0365 2192 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:52:57.0365 2192 Netman - ok
20:52:57.0375 2192 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:52:57.0385 2192 netprofm - ok
20:52:57.0405 2192 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:52:57.0405 2192 NetTcpPortSharing - ok
20:52:57.0415 2192 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:52:57.0415 2192 nfrd960 - ok
20:52:57.0485 2192 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:52:57.0495 2192 NlaSvc - ok
20:52:57.0505 2192 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:52:57.0505 2192 Npfs - ok
20:52:57.0525 2192 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:52:57.0535 2192 nsi - ok
20:52:57.0545 2192 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:52:57.0545 2192 nsiproxy - ok
20:52:57.0585 2192 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:52:57.0595 2192 Ntfs - ok
20:52:57.0615 2192 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:52:57.0615 2192 Null - ok
20:52:57.0645 2192 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:52:57.0655 2192 nvraid - ok
20:52:57.0665 2192 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:52:57.0665 2192 nvstor - ok
20:52:57.0685 2192 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:52:57.0685 2192 nv_agp - ok
20:52:57.0705 2192 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:52:57.0705 2192 ohci1394 - ok
20:52:57.0735 2192 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:52:57.0735 2192 p2pimsvc - ok
20:52:57.0775 2192 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:52:57.0775 2192 p2psvc - ok
20:52:57.0795 2192 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:52:57.0795 2192 Parport - ok
20:52:57.0825 2192 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:52:57.0825 2192 partmgr - ok
20:52:57.0835 2192 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:52:57.0835 2192 Parvdm - ok
20:52:57.0845 2192 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:52:57.0845 2192 PcaSvc - ok
20:52:57.0875 2192 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:52:57.0875 2192 pci - ok
20:52:57.0885 2192 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:52:57.0885 2192 pciide - ok
20:52:57.0905 2192 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:52:57.0905 2192 pcmcia - ok
20:52:57.0935 2192 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:52:57.0935 2192 pcw - ok
20:52:57.0955 2192 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:52:57.0955 2192 PEAUTH - ok
20:52:58.0015 2192 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:52:58.0025 2192 PeerDistSvc - ok
20:52:58.0105 2192 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:52:58.0145 2192 pla - ok
20:52:58.0165 2192 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:52:58.0175 2192 PlugPlay - ok
20:52:58.0185 2192 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:52:58.0185 2192 PNRPAutoReg - ok
20:52:58.0205 2192 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:52:58.0205 2192 PNRPsvc - ok
20:52:58.0255 2192 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:52:58.0255 2192 PolicyAgent - ok
20:52:58.0315 2192 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:52:58.0435 2192 Power - ok
20:52:58.0535 2192 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:52:58.0555 2192 PptpMiniport - ok
20:52:58.0595 2192 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:52:58.0615 2192 Processor - ok
20:52:58.0645 2192 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:52:58.0655 2192 ProfSvc - ok
20:52:58.0665 2192 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:52:58.0665 2192 ProtectedStorage - ok
20:52:58.0685 2192 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:52:58.0685 2192 Psched - ok
20:52:58.0715 2192 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:52:58.0735 2192 ql2300 - ok
20:52:58.0745 2192 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:52:58.0745 2192 ql40xx - ok
20:52:58.0765 2192 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:52:58.0775 2192 QWAVE - ok
20:52:58.0785 2192 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:52:58.0795 2192 QWAVEdrv - ok
20:52:58.0805 2192 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:52:58.0805 2192 RasAcd - ok
20:52:58.0835 2192 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:52:58.0835 2192 RasAgileVpn - ok
20:52:58.0855 2192 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:52:58.0855 2192 RasAuto - ok
20:52:58.0875 2192 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:58.0875 2192 Rasl2tp - ok
20:52:58.0935 2192 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:52:58.0945 2192 RasMan - ok
20:52:58.0955 2192 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:58.0955 2192 RasPppoe - ok
20:52:58.0975 2192 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:52:58.0975 2192 RasSstp - ok
20:52:58.0995 2192 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:52:58.0995 2192 rdbss - ok
20:52:59.0015 2192 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:52:59.0015 2192 rdpbus - ok
20:52:59.0035 2192 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:59.0035 2192 RDPCDD - ok
20:52:59.0065 2192 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:52:59.0065 2192 RDPDR - ok
20:52:59.0085 2192 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:52:59.0085 2192 RDPENCDD - ok
20:52:59.0095 2192 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:52:59.0095 2192 RDPREFMP - ok
20:52:59.0135 2192 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:52:59.0135 2192 RDPWD - ok
20:52:59.0185 2192 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:52:59.0185 2192 rdyboost - ok
20:52:59.0215 2192 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:52:59.0225 2192 RemoteAccess - ok
20:52:59.0235 2192 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:52:59.0245 2192 RemoteRegistry - ok
20:52:59.0265 2192 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:52:59.0265 2192 RpcEptMapper - ok
20:52:59.0295 2192 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:52:59.0295 2192 RpcLocator - ok
20:52:59.0305 2192 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:52:59.0315 2192 RpcSs - ok
20:52:59.0335 2192 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:52:59.0335 2192 rspndr - ok
20:52:59.0365 2192 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:52:59.0375 2192 RTL8167 - ok
20:52:59.0395 2192 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:52:59.0395 2192 s3cap - ok
20:52:59.0415 2192 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:52:59.0415 2192 SamSs - ok
20:52:59.0455 2192 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:52:59.0455 2192 SASDIFSV - ok
20:52:59.0525 2192 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:52:59.0525 2192 SASKUTIL - ok
20:52:59.0545 2192 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:52:59.0545 2192 sbp2port - ok
20:52:59.0565 2192 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:52:59.0565 2192 SCardSvr - ok
20:52:59.0585 2192 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:52:59.0585 2192 scfilter - ok
20:52:59.0635 2192 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:52:59.0645 2192 Schedule - ok
20:52:59.0665 2192 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:52:59.0665 2192 SCPolicySvc - ok
20:52:59.0675 2192 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:52:59.0675 2192 SDRSVC - ok
20:52:59.0695 2192 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:52:59.0695 2192 secdrv - ok
20:52:59.0715 2192 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:52:59.0715 2192 seclogon - ok
20:52:59.0745 2192 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
20:52:59.0745 2192 SENS - ok
20:52:59.0785 2192 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:52:59.0785 2192 SensrSvc - ok
20:52:59.0805 2192 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:52:59.0805 2192 Serenum - ok
20:52:59.0825 2192 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:52:59.0835 2192 Serial - ok
20:52:59.0855 2192 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:52:59.0855 2192 sermouse - ok
20:52:59.0915 2192 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:52:59.0925 2192 SessionEnv - ok
20:52:59.0945 2192 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:52:59.0945 2192 sffdisk - ok
20:52:59.0955 2192 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:52:59.0955 2192 sffp_mmc - ok
20:52:59.0965 2192 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:52:59.0975 2192 sffp_sd - ok
20:52:59.0995 2192 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:52:59.0995 2192 sfloppy - ok
20:53:00.0035 2192 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:53:00.0035 2192 SharedAccess - ok
20:53:00.0085 2192 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:53:00.0095 2192 ShellHWDetection - ok
20:53:00.0115 2192 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:53:00.0115 2192 sisagp - ok
20:53:00.0125 2192 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:53:00.0125 2192 SiSRaid2 - ok
20:53:00.0135 2192 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:53:00.0135 2192 SiSRaid4 - ok
20:53:00.0155 2192 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:53:00.0155 2192 Smb - ok
20:53:00.0165 2192 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:53:00.0175 2192 SNMPTRAP - ok
20:53:00.0195 2192 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:53:00.0195 2192 spldr - ok
20:53:00.0225 2192 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:53:00.0235 2192 Spooler - ok
20:53:00.0305 2192 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:53:00.0325 2192 sppsvc - ok
20:53:00.0345 2192 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:53:00.0345 2192 sppuinotify - ok
20:53:00.0375 2192 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:53:00.0375 2192 srv - ok
20:53:00.0395 2192 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:53:00.0405 2192 srv2 - ok
20:53:00.0415 2192 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:53:00.0415 2192 srvnet - ok
20:53:00.0435 2192 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:53:00.0435 2192 SSDPSRV - ok
20:53:00.0445 2192 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:53:00.0455 2192 SstpSvc - ok
20:53:00.0465 2192 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:53:00.0475 2192 stexstor - ok
20:53:00.0495 2192 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:53:00.0505 2192 StiSvc - ok
20:53:00.0535 2192 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:53:00.0535 2192 storflt - ok
20:53:00.0555 2192 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:53:00.0555 2192 StorSvc - ok
20:53:00.0575 2192 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:53:00.0575 2192 storvsc - ok
20:53:00.0595 2192 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:53:00.0595 2192 swenum - ok
20:53:00.0605 2192 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:53:00.0615 2192 swprv - ok
20:53:00.0675 2192 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:53:00.0685 2192 SysMain - ok
20:53:00.0715 2192 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:53:00.0725 2192 TabletInputService - ok
20:53:00.0775 2192 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:53:00.0785 2192 TapiSrv - ok
20:53:00.0795 2192 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:53:00.0805 2192 TBS - ok
20:53:00.0845 2192 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:53:00.0855 2192 Tcpip - ok
20:53:00.0895 2192 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:53:00.0905 2192 TCPIP6 - ok
20:53:00.0925 2192 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:53:00.0925 2192 tcpipreg - ok
20:53:00.0945 2192 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:53:00.0945 2192 TDPIPE - ok
20:53:00.0955 2192 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:53:00.0955 2192 TDTCP - ok
20:53:00.0995 2192 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:53:00.0995 2192 tdx - ok
20:53:01.0005 2192 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:53:01.0005 2192 TermDD - ok
20:53:01.0055 2192 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:53:01.0055 2192 TermService - ok
20:53:01.0075 2192 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:53:01.0075 2192 Themes - ok
20:53:01.0095 2192 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:53:01.0095 2192 THREADORDER - ok
20:53:01.0125 2192 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:53:01.0135 2192 TrkWks - ok
20:53:01.0155 2192 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:53:01.0155 2192 TrustedInstaller - ok
20:53:01.0205 2192 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:53:01.0205 2192 tssecsrv - ok
20:53:01.0245 2192 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:53:01.0255 2192 TsUsbFlt - ok
20:53:01.0275 2192 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:53:01.0275 2192 tunnel - ok
20:53:01.0305 2192 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:53:01.0305 2192 uagp35 - ok
20:53:01.0335 2192 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:53:01.0335 2192 udfs - ok
20:53:01.0345 2192 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:53:01.0355 2192 UI0Detect - ok
20:53:01.0365 2192 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:53:01.0365 2192 uliagpkx - ok
20:53:01.0385 2192 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:53:01.0385 2192 umbus - ok
20:53:01.0405 2192 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:53:01.0405 2192 UmPass - ok
20:53:01.0455 2192 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:53:01.0465 2192 UmRdpService - ok
20:53:01.0485 2192 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:53:01.0485 2192 upnphost - ok
20:53:01.0505 2192 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
20:53:01.0505 2192 usbccgp - ok
20:53:01.0525 2192 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:53:01.0525 2192 usbcir - ok
20:53:01.0545 2192 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:53:01.0545 2192 usbehci - ok
20:53:01.0575 2192 [ 1D6A4FA75AF0400D3F99642C271F3255 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
20:53:01.0575 2192 UsbFltr - ok
20:53:01.0595 2192 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys
20:53:01.0595 2192 usbhub - ok
20:53:01.0605 2192 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:53:01.0615 2192 usbohci - ok
20:53:01.0625 2192 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:53:01.0635 2192 usbprint - ok
20:53:01.0655 2192 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:53:01.0655 2192 USBSTOR - ok
20:53:01.0665 2192 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:53:01.0665 2192 usbuhci - ok
20:53:01.0675 2192 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:53:01.0685 2192 UxSms - ok
20:53:01.0695 2192 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:53:01.0695 2192 VaultSvc - ok
20:53:01.0715 2192 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:53:01.0715 2192 vdrvroot - ok
20:53:01.0765 2192 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:53:01.0775 2192 vds - ok
20:53:01.0785 2192 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:53:01.0785 2192 vga - ok
20:53:01.0805 2192 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:53:01.0805 2192 VgaSave - ok
20:53:01.0815 2192 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:53:01.0825 2192 vhdmp - ok
20:53:01.0845 2192 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:53:01.0845 2192 viaagp - ok
20:53:01.0855 2192 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:53:01.0855 2192 ViaC7 - ok
20:53:01.0865 2192 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:53:01.0865 2192 viaide - ok
20:53:01.0885 2192 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:53:01.0895 2192 vmbus - ok
20:53:01.0915 2192 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:53:01.0915 2192 VMBusHID - ok
20:53:01.0925 2192 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:53:01.0925 2192 volmgr - ok
20:53:01.0945 2192 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:53:01.0955 2192 volmgrx - ok
20:53:01.0965 2192 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:53:01.0965 2192 volsnap - ok
20:53:02.0035 2192 [ 3B98AB9849754CB88265111422441DF7 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
20:53:02.0035 2192 vpnagent - ok
20:53:02.0085 2192 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
20:53:02.0085 2192 vpnva - ok
20:53:02.0085 2192 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:53:02.0095 2192 vsmraid - ok
20:53:02.0145 2192 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:53:02.0155 2192 VSS - ok
20:53:02.0175 2192 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
20:53:02.0185 2192 VSTHWBS2 - ok
20:53:02.0215 2192 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:53:02.0215 2192 VST_DPV - ok
20:53:02.0235 2192 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:53:02.0235 2192 vwifibus - ok
20:53:02.0245 2192 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:53:02.0255 2192 W32Time - ok
20:53:02.0275 2192 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:53:02.0275 2192 WacomPen - ok
20:53:02.0315 2192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:53:02.0315 2192 WANARP - ok
20:53:02.0325 2192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:53:02.0325 2192 Wanarpv6 - ok
20:53:02.0385 2192 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:53:02.0385 2192 Suspicious file (NoAccess): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 353A04C273EC58475D8633E75CCD5604
20:53:02.0385 2192 WatAdminSvc ( LockedFile.Multi.Generic ) - warning
20:53:02.0385 2192 WatAdminSvc - detected LockedFile.Multi.Generic (1)
20:53:02.0445 2192 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:53:02.0465 2192 wbengine - ok
20:53:02.0505 2192 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:53:02.0505 2192 WbioSrvc - ok
20:53:02.0525 2192 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:53:02.0535 2192 wcncsvc - ok
20:53:02.0535 2192 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:53:02.0545 2192 WcsPlugInService - ok
20:53:02.0565 2192 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:53:02.0565 2192 Wd - ok
20:53:02.0585 2192 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:53:02.0585 2192 Wdf01000 - ok
20:53:02.0605 2192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:53:02.0615 2192 WdiServiceHost - ok
20:53:02.0615 2192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:53:02.0615 2192 WdiSystemHost - ok
20:53:02.0635 2192 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:53:02.0635 2192 WebClient - ok
20:53:02.0645 2192 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:53:02.0655 2192 Wecsvc - ok
20:53:02.0655 2192 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:53:02.0665 2192 wercplsupport - ok
20:53:02.0685 2192 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:53:02.0685 2192 WerSvc - ok
20:53:02.0695 2192 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:53:02.0695 2192 WfpLwf - ok
20:53:02.0715 2192 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:53:02.0715 2192 WIMMount - ok
20:53:02.0745 2192 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:53:02.0745 2192 winachsf - ok
20:53:02.0815 2192 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:53:02.0815 2192 WinDefend - ok
20:53:02.0835 2192 WinHttpAutoProxySvc - ok
20:53:02.0915 2192 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:53:02.0915 2192 Winmgmt - ok
20:53:02.0985 2192 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:53:03.0045 2192 WinRM - ok
20:53:03.0125 2192 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:53:03.0145 2192 Wlansvc - ok
20:53:03.0155 2192 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:53:03.0155 2192 WmiAcpi - ok
20:53:03.0175 2192 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:53:03.0175 2192 wmiApSrv - ok
20:53:03.0255 2192 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:53:03.0265 2192 WMPNetworkSvc - ok
20:53:03.0275 2192 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:53:03.0275 2192 WPCSvc - ok
20:53:03.0305 2192 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:53:03.0315 2192 WPDBusEnum - ok
20:53:03.0325 2192 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:53:03.0325 2192 ws2ifsl - ok
20:53:03.0345 2192 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
20:53:03.0355 2192 wscsvc - ok
20:53:03.0355 2192 WSearch - ok
20:53:03.0415 2192 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:53:03.0465 2192 wuauserv - ok
20:53:03.0505 2192 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:53:03.0505 2192 WudfPf - ok
20:53:03.0565 2192 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:53:03.0575 2192 WUDFRd - ok
20:53:03.0605 2192 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:53:03.0605 2192 wudfsvc - ok
20:53:03.0685 2192 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:53:03.0685 2192 WwanSvc - ok
20:53:03.0705 2192 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
20:53:03.0705 2192 XAudio - ok
20:53:03.0725 2192 ================ Scan global ===============================
20:53:03.0775 2192 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:53:03.0815 2192 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:53:03.0825 2192 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:53:03.0835 2192 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:53:03.0875 2192 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:53:03.0875 2192 [Global] - ok
20:53:03.0875 2192 ================ Scan MBR ==================================
20:53:03.0905 2192 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:53:04.0045 2192 \Device\Harddisk0\DR0 - ok
20:53:04.0045 2192 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
20:53:06.0595 2192 \Device\Harddisk5\DR5 - ok
20:53:06.0595 2192 ================ Scan VBR ==================================
20:53:06.0595 2192 [ 138D05CC69EC7FDDEC6F232B324D14F3 ] \Device\Harddisk0\DR0\Partition1
20:53:06.0595 2192 \Device\Harddisk0\DR0\Partition1 - ok
20:53:06.0611 2192 [ 03BE48C61C05D49FED47114BD4100F46 ] \Device\Harddisk0\DR0\Partition2
20:53:06.0611 2192 \Device\Harddisk0\DR0\Partition2 - ok
20:53:06.0611 2192 [ 8941330F2983120E9DC1ED6EC94E0F0B ] \Device\Harddisk5\DR5\Partition1
20:53:06.0611 2192 \Device\Harddisk5\DR5\Partition1 - ok
20:53:06.0611 2192 ============================================================
20:53:06.0611 2192 Scan finished
20:53:06.0611 2192 ============================================================
20:53:06.0627 1368 Detected object count: 1
20:53:06.0627 1368 Actual detected object count: 1
20:54:16.0627 1368 C:\Windows\system32\Wat\WatAdminSvc.exe - copied to quarantine
20:54:16.0627 1368 WatAdminSvc ( LockedFile.Multi.Generic ) - User select action: Quarantine


Here's the log from aswMBR

Run date: 2012-12-20 20:57:50
-----------------------------
20:57:50.465 OS Version: Windows 6.1.7601 Service Pack 1
20:57:50.465 Number of processors: 2 586 0xF0D
20:57:50.465 ComputerName: MyUserName-PC UserName: MyUserName
20:57:54.435 Initialize success
20:58:44.287 AVAST engine defs: 12122001
21:00:34.242 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:00:34.252 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 8
21:00:34.272 Disk 0 MBR read successfully
21:00:34.272 Disk 0 MBR scan
21:00:34.282 Disk 0 Windows 7 default MBR code
21:00:34.292 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:00:34.302 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
21:00:34.322 Disk 0 scanning sectors +2930274304
21:00:34.402 Disk 0 scanning C:\Windows\system32\drivers
21:00:42.729 Service scanning
21:00:59.114 Modules scanning
21:01:05.500 Disk 0 trace - called modules:
21:01:05.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
21:01:06.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a8b030]
21:01:06.030 3 CLASSPNP.SYS[8bfc059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85c2b028]
21:01:09.837 AVAST engine scan C:\Windows
21:01:29.412 AVAST engine scan C:\Windows\system32
21:05:09.671 AVAST engine scan C:\Windows\system32\drivers
21:06:06.057 AVAST engine scan C:\Users\MyUserName
21:07:26.901 AVAST engine scan C:\ProgramData
21:07:38.447 Scan finished successfully

Here's the log from ESET online scanner

C:\Qoobox\Quarantine\C\Users\MyUserName\AppData\Roaming\apaupt.dll.vir a variant of Win32/Medfos.GL trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\MyUserName\AppData\Roaming\cusda.dll.vir a variant of Win32/Medfos.GB trojan cleaned by deleting - quarantined
C:\Users\MyUserName\AppData\Local\c227a816-9547-4d4f-aafe-4a68b5c456ef.crx JS/Redirector.NCG trojan deleted - quarantined
C:\Users\MyUserName\AppData\Roaming\Mozilla\Firefox\Profiles\m7kllsca.default\extensions\{c227a816-9547-4d4f-aafe-4a68b5c456ef}.xpi JS/Redirector.NCL trojan deleted - quarantined
C:\Users\MyUserName\Downloads\Adibou\PACK_ADIBOU_FRANcAIS_(nouvelle_version_et_ancienne_version).exe multiple threats cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 PM

Posted 21 December 2012 - 03:33 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 onliner123

onliner123
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 24 December 2012 - 01:19 PM

Hi,

Thanks. Here are the logs:


Malwarebytes

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MyUserName :: MyUserName-PC [administrator]

12/24/2012 8:03:06 AM
mbam-log-2012-12-24 (08-03-06).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279655
Time elapsed: 20 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



mini toolbox

Please note: in the "IPv4 Route Table" below, I replaced my IP address with a sequence of "n"


MiniToolBox by Farbar Version: 25-11-2012
Ran by MyUserName (administrator) on 24-12-2012 at 12:06:35
Running from "C:\Users\MyUserName\Downloads"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows = Local Area Connection 2 (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MyUserName-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-22-15-33-E0-3C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::190b:736c:bcb3:f6c1%10(Preferred)
IPv4 Address. . . . . . . . . . . : nn.nnn.nnn.nnn(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Lease Obtained. . . . . . . . . . : Saturday, December 22, 2012 3:07:18 AM
Lease Expires . . . . . . . . . . : Monday, December 24, 2012 5:34:51 PM
Default Gateway . . . . . . . . . : 24.nnn.nnn.n
DHCP Server . . . . . . . . . . . : 167.206.211.19
DHCPv6 IAID . . . . . . . . . . . : 234889749
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-30-7C-A3-00-22-15-33-E0-3C
DNS Servers . . . . . . . . . . . : 167.206.251.129
167.206.251.130
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{ACD078A8-708E-434E-9C50-713839F93353}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:cef:11b2:e744:8c3e(Preferred)
Link-local IPv6 Address . . . . . : fe80::cef:11b2:e744:8c3e%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:18bb:73c1::18bb:73c1(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::1
DNS Servers . . . . . . . . . . . : 167.206.251.129
167.206.251.130
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vdns1.srv.whplny.cv.net
Address: 167.206.251.129

Name: google.com
Addresses: 2607:f8b0:4006:801::1001
74.125.226.195
74.125.226.200
74.125.226.192
74.125.226.193
74.125.226.194
74.125.226.196
74.125.226.197
74.125.226.198
74.125.226.201
74.125.226.206
74.125.226.199


Pinging google.com [74.125.226.192] with 32 bytes of data:
Reply from 74.125.226.192: bytes=32 time=10ms TTL=56
Reply from 74.125.226.192: bytes=32 time=8ms TTL=56

Ping statistics for 74.125.226.192:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 10ms, Average = 9ms
Server: vdns1.srv.whplny.cv.net
Address: 167.206.251.129

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=120ms TTL=49
Reply from 72.30.38.140: bytes=32 time=113ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 113ms, Maximum = 120ms, Average = 116ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 22 15 33 e0 3c ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.nnn.nnn.n nn.nnn.nnn.nnn 20
nn.nnn.nnn.0 255.255.240.0 On-link nn.nnn.nnn.nnn 276
nn.nnn.nnn.nnn 255.255.255.255 On-link nn.nnn.nnn.nnn 276
nn.nnn.nnn.255 255.255.255.255 On-link nn.nnn.nnn.nnn 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link nn.nnn.nnn.nnn 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link nn.nnn.nnn.nnn 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 1040 ::/0 2002:c058:6301::1
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:9d38:6ab8:cef:11b2:e744:8c3e/128
On-link
14 1025 2002::/16 On-link
14 281 2002:18bb:73c1::18bb:73c1/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::cef:11b2:e744:8c3e/128
On-link
10 276 fe80::190b:736c:bcb3:f6c1/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2012 11:18:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 17.0.1.4715, time stamp: 0x50b71a4b
Faulting module name: xul.dll, version: 17.0.1.4715, time stamp: 0x50b7198b
Exception code: 0xc0000005
Fault offset: 0x00144ed8
Faulting process id: 0x990
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/06/2012 04:00:10 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)

Error: (12/02/2012 02:09:23 PM) (Source: ESENT) (User: )
Description: WinMail (2188) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (12/01/2012 03:40:46 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\System32\svchost.exe -k secsvcs; Description = Windows Defender Checkpoint; Error = 0x8007043c).

Error: (11/30/2012 00:16:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bccac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x2464
Faulting application start time: 0xwmprph.exe0
Faulting application path: wmprph.exe1
Faulting module path: wmprph.exe2
Report Id: wmprph.exe3

Error: (11/12/2012 08:04:52 AM) (Source: WebVPN) (User: )
Description: Relay:2552 failed to connect to destination: 0
verify destination address, DNS and webtype ACL settings at the VPN device

Error: (11/12/2012 08:04:52 AM) (Source: WebVPN) (User: )
Description: Relay:2552 failed to connect to destination: 0
verify destination address, DNS and webtype ACL settings at the VPN device

Error: (11/12/2012 04:59:28 AM) (Source: WebVPN) (User: )
Description: Relay:3904 failed to connect to destination: 404
verify destination address, DNS and webtype ACL settings at the VPN device

Error: (11/12/2012 04:59:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2012 04:59:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/22/2012 03:07:19 AM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000)C:\Windows\MEMORY.DMP122212-19624-01

Error: (12/22/2012 03:07:12 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:55:57 AM on ?12/?22/?2012 was unexpected.

Error: (12/21/2012 02:42:28 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/20/2012 00:32:42 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/19/2012 00:15:18 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/17/2012 11:56:50 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/17/2012 11:07:10 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/17/2012 11:04:56 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/17/2012 11:02:31 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/10/2012 08:27:58 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.


Microsoft Office Sessions:
=========================
Error: (12/11/2012 11:18:54 PM) (Source: Application Error)(User: )
Description: firefox.exe17.0.1.471550b71a4bxul.dll17.0.1.471550b7198bc000000500144ed899001cdd81ee83dbca4C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll09c6e88e-4413-11e2-9bfb-00221533e03c

Error: (12/06/2012 04:00:10 AM) (Source: Desktop Window Manager)(User: )
Description: 0x80070008

Error: (12/02/2012 02:09:23 PM) (Source: ESENT)(User: )
Description: WinMail2188WindowsMail0:

Error: (12/01/2012 03:40:46 AM) (Source: System Restore)(User: )
Description: C:\Windows\System32\svchost.exe -k secsvcsWindows Defender Checkpoint0x8007043c

Error: (11/30/2012 00:16:25 PM) (Source: Application Error)(User: )
Description: wmprph.exe12.0.7600.163854a5bccacunknown0.0.0.000000000c000000500000000246401cdcf1e5da66cb9C:\Program Files\Windows Media Player\wmprph.exeunknownab4a2d1b-3b11-11e2-839d-00221533e03c

Error: (11/12/2012 08:04:52 AM) (Source: WebVPN)(User: )
Description: Relay:2552 failed to connect to destination: 0
verify destination address, DNS and webtype ACL settings at the VPN device

Error: (11/12/2012 08:04:52 AM) (Source: WebVPN)(User: )
Description: Relay:2552 failed to connect to destination: 0
verify destination address, DNS and webtype ACL settings at the VPN device

Error: (11/12/2012 04:59:28 AM) (Source: WebVPN)(User: )
Description: Relay:3904 failed to connect to destination: 404
verify destination address, DNS and webtype ACL settings at the VPN device

Error: (11/12/2012 04:59:26 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\DivX\DivX Transcode Engine\mtw178.ddc

Error: (11/12/2012 04:59:26 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files\DivX\DivX Transcode Engine\gzHF330.ddc


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader 9.5.2 (Version: 9.5.2)
Cisco AnyConnect VPN Client (Version: 2.5.3055)
DivX Converter (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.9)
DivX Version Checker (Version: 7.0.0.19)
ESET Online Scanner v3
GnuWin32: LibIconv version 1.9.2 (Version: 1.9.2)
GnuWin32: OpenSSL-0.9.8h-1 (Version: 0.9.8h-1)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1912)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
LibreOffice 3.6 (Version: 3.6.3.2)
LibreOffice 3.6 Help Pack (English) (Version: 3.6.3.2)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee Security Scan Plus (Version: 3.0.285.6)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
Mozilla Thunderbird 17.0 (x86 en-US) (Version: 17.0)
novaPDF Professional Desktop 7.7 printer
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
SUPERAntiSpyware (Version: 5.6.1014)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 3318.29 MB
Available physical RAM: 2248.61 MB
Total Pagefile: 6634.87 MB
Available Pagefile: 5415.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:1397.17 GB) (Free:1341.93 GB) NTFS
7 Drive i: (USB DISK) (Removable) (Total:7.59 GB) (Free:6.72 GB) FAT32

========================= Users: ========================================

User accounts for \\MyUserName-PC

Administrator Guest MyUserName

========================= Restore Points ==================================

08-12-2012 04:22:36 Windows Update
11-12-2012 11:53:26 Windows Update
12-12-2012 08:00:12 Windows Update
18-12-2012 04:01:34 ComboFix created restore point
21-12-2012 03:18:56 Windows Update
21-12-2012 08:00:10 Windows Update
22-12-2012 08:10:36 Windows Update
23-12-2012 08:00:10 Windows Update
24-12-2012 08:00:10 Windows Update

**** End of log ****


Farbar service scanner


Farbar Service Scanner Version: 23-12-2012

Ran by MyUserName (administrator) on 24-12-2012 at 12:13:58
Running from "C:\Users\MyUserName\Downloads"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-12-20 22:43] - [2012-10-03 11:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


adware cleaner



# AdwCleaner v2.102 - Logfile created 12/24/2012 at 12:16:25
# Updated 23/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : MyUserName - MyUserName-PC
# Boot Mode : Normal
# Running from : C:\Users\MyUserName\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\MyUserName\AppData\Local\Conduit
Folder Deleted : C:\Users\MyUserName\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\MyUserName\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MyUserName\AppData\Roaming\Mozilla\Firefox\Profiles\m7kllsca.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SweetIM

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\MyUserName\AppData\Roaming\Mozilla\Firefox\Profiles\m7kllsca.default\prefs.js

Deleted : user_pref("CT3225826.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1MzkwMzIwNCwidXVpZCI6NTI3OTQ3NzgzMjY2ODE4LCJ[...]
Deleted : user_pref("CT3225826.BT_Usage.enc", "eyJ1dWlkIjo1Mjc5NDc3ODMyNjY4MTgsInNlcV9pZCI6MX0=");
Deleted : user_pref("CT3225826.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3225826.FirstTime", "true");
Deleted : user_pref("CT3225826.FirstTimeFF3", "true");
Deleted : user_pref("CT3225826.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3225826.RevertSettingsEnabled", true);
Deleted : user_pref("CT3225826.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3225826.UserID", "UN31743528780424062");
Deleted : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3225826.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3225826.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT3225826.cbfirsttime.enc", "U3VuIE5vdiAyNSAyMDEyIDIzOjEzOjIzIEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT3225826.defaultSearch", "true");
Deleted : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3225826.enableAlerts", "always");
Deleted : user_pref("CT3225826.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3225826.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3225826.fixPageNotFoundError", "true");
Deleted : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3225826.fixUrls", true);
Deleted : user_pref("CT3225826.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l[...]
Deleted : user_pref("CT3225826.installType", "xpe");
Deleted : user_pref("CT3225826.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3225826.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3225826.isNewTabEnabled", false);
Deleted : user_pref("CT3225826.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3225826.keyword", true);
Deleted : user_pref("CT3225826.migrateAppsAndComponents", true);
Deleted : user_pref("CT3225826.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3225826.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3225826.openThankYouPage", "true");
Deleted : user_pref("CT3225826.openUninstallPage", "false");
Deleted : user_pref("CT3225826.revertSettingsEnabled", "false");
Deleted : user_pref("CT3225826.search.searchAppId", "129830626805552092");
Deleted : user_pref("CT3225826.search.searchCount", "0");
Deleted : user_pref("CT3225826.searchInNewTabEnabled", "false");
Deleted : user_pref("CT3225826.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3225826.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Deleted : user_pref("CT3225826.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3225826.sendUsageEnabled", "false");
Deleted : user_pref("CT3225826.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3225826.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3225826.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1355648929038");
Deleted : user_pref("CT3225826.serviceLayer_services_appTracking_lastUpdate", "1355648928831");
Deleted : user_pref("CT3225826.serviceLayer_services_appsMetadata_lastUpdate", "1355648928962");
Deleted : user_pref("CT3225826.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1355648929153");
Deleted : user_pref("CT3225826.serviceLayer_services_login_10.13.40.15_lastUpdate", "1355792982524");
Deleted : user_pref("CT3225826.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1355648929110");
Deleted : user_pref("CT3225826.serviceLayer_services_searchAPI_lastUpdate", "1355648929033");
Deleted : user_pref("CT3225826.serviceLayer_services_serviceMap_lastUpdate", "1355723524731");
Deleted : user_pref("CT3225826.serviceLayer_services_toolbarContextMenu_lastUpdate", "1355648929202");
Deleted : user_pref("CT3225826.serviceLayer_services_toolbarSettings_lastUpdate", "1355800179100");
Deleted : user_pref("CT3225826.serviceLayer_services_translation_lastUpdate", "1355723524804");
Deleted : user_pref("CT3225826.settingsINI", true);
Deleted : user_pref("CT3225826.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3225826.smartbar.CTID", "CT3225826");
Deleted : user_pref("CT3225826.smartbar.Uninstall", "0");
Deleted : user_pref("CT3225826.smartbar.homepage", true);
Deleted : user_pref("CT3225826.smartbar.isHidden", true);
Deleted : user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 ");
Deleted : user_pref("CT3225826.startPage", "userChanged");
Deleted : user_pref("CT3225826.toolbarBornServerTime", "26-11-2012");
Deleted : user_pref("CT3225826.toolbarCurrentServerTime", "18-12-2012");
Deleted : user_pref("CT3225826.url_history0001.enc", "aHR0cDovL3d3dy5ndXRlbmJlcmcub3JnL2NkcHJvamVjdC9wZ2R2ZDA0[...]
Deleted : user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BitTorrentControl_v12 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826[...]
Deleted : user_pref("browser.search.selectedEngine", "BitTorrentControl_v12 Customized Web Search");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

*************************

AdwCleaner[R1].txt - [8582 octets] - [24/12/2012 12:15:10]
AdwCleaner[R2].txt - [8642 octets] - [24/12/2012 12:15:44]
AdwCleaner[S1].txt - [8771 octets] - [24/12/2012 12:16:25]

########## EOF - C:\AdwCleaner[S1].txt - [8831 octets] ##########




Junkware removal tool


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.4 (12.21.2012:3)
OS: Windows 7 Professional x86
Ran by MyUserName on Mon 12/24/2012 at 12:22:45.03
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\MyUserName\AppData\Roaming\mozilla\firefox\profiles\m7kllsca.default\prefs.js

user_pref("Smartbar.keywordURLSelectedCTID", "");
user_pref("smartbar.originalHomepage", "yahoo.com");
user_pref("smartbar.originalSearchAddressUrl", "");
user_pref("smartbar.originalSearchEngine", false);



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/24/2012 at 12:25:22.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Autoruns

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files\divx\divx update\divxupdate.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files\mcafee security scan\3.0.285\ssscheduler.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BitTorrent" "BitTorrent" "BitTorrent, Inc." "c:\program files\bittorrent\bittorrent.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "The Document Foundation" "c:\program files\libreoffice 3.6\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" "" "" "c:\windows\system32\wat\watadminsvc.exe"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "HsfXAudioService" "User-mode gate for HSF Modem" "Conexant Systems, Inc." "c:\windows\system32\xaudio32.dll"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\3.0.285\mcchsvc.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "vpnagent" "Cisco AnyConnect VPN Agent for Windows" "Cisco Systems, Inc." "c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe"
+ "WatAdminSvc" "@%SystemRoot%\system32\Wat\WatUX.exe,-602" "" "c:\windows\system32\wat\watadminsvc.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "catchme" "" "" "File not found: C:\Users\MyUserName\AppData\Local\Temp\catchme.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_dp.sys"
+ "HSXHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsxhwbs2.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rt86win7.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "UsbFltr" "Ortek USB Keypad Driver" "Waytech Development, Inc." "c:\windows\system32\drivers\usbfltr.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vpnva" "Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "VST_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "VSTHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstbs23.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_cnxt.sys"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio32.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux" "" "" "File not found: C:\Program Files\DivX\DivX Codec\DivXMedia.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "DivX Subtitle Decoder" "" "" "File not found: C:\Program Files\DivX\DivX Codec\DivXMedia.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "novaPDF Pro Desktop 7 Monitor" "novaPDF Port Monitor" "Softland" "c:\windows\system32\novamnp7.dll"

Edited by onliner123, 24 December 2012 - 03:38 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 PM

Posted 25 December 2012 - 12:32 AM

Looks good,current issues before we finish our final task?

You missed the RKILL log

#7 onliner123

onliner123
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 13 January 2013 - 01:15 AM

Sorry about that.

Here's the RKill log:

Program started at: 01/12/2013 05:12:49 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

n.0.0.1 localhost

Program finished at: 01/12/2013 05:12:58 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 PM

Posted 13 January 2013 - 11:12 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 onliner123

onliner123
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 17 January 2013 - 09:04 PM

Thanks a lot for your help. Greatly appreciated.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 PM

Posted 18 January 2013 - 09:51 AM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users