Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect problem


  • Please log in to reply
9 replies to this topic

#1 rwag23

rwag23

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 23 December 2012 - 05:59 PM

HI I am having trouble with a google redirect virus.

I have malware bytes and it has removed somethings a few days ago. Currently doesnt find anything.

I have tryed using rkill it did not find anything at the time.

I have run tdsskiller.exe and it found a problem and fixed it and seemed to fix the redirect problem, the next day I was back to getting redirected.


Looks like I am now to the point where I need some help from an expert. Thanks in advance

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 23 December 2012 - 09:59 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 rwag23

rwag23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 24 December 2012 - 10:57 AM

This is from TDSSKILLER

21:09:17.0047 1480 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:09:19.0049 1480 ============================================================
21:09:19.0049 1480 Current date / time: 2012/12/23 21:09:19.0049
21:09:19.0049 1480 SystemInfo:
21:09:19.0049 1480
21:09:19.0049 1480 OS Version: 6.0.6002 ServicePack: 2.0
21:09:19.0049 1480 Product type: Workstation
21:09:19.0049 1480 ComputerName: CADAVER-PC
21:09:19.0050 1480 UserName: Randy
21:09:19.0050 1480 Windows directory: C:\Windows
21:09:19.0050 1480 System windows directory: C:\Windows
21:09:19.0050 1480 Processor architecture: Intel x86
21:09:19.0050 1480 Number of processors: 2
21:09:19.0050 1480 Page size: 0x1000
21:09:19.0050 1480 Boot type: Normal boot
21:09:19.0050 1480 ============================================================
21:09:21.0141 1480 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:09:21.0144 1480 ============================================================
21:09:21.0144 1480 \Device\Harddisk0\DR0:
21:09:21.0145 1480 MBR partitions:
21:09:21.0145 1480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1388000
21:09:21.0145 1480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x139B9C5, BlocksNum 0xB1CA8E0
21:09:21.0162 1480 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC567000, BlocksNum 0x18EC7000
21:09:21.0162 1480 ============================================================
21:09:21.0210 1480 C: <-> \Device\Harddisk0\DR0\Partition2
21:09:21.0258 1480 D: <-> \Device\Harddisk0\DR0\Partition3
21:09:21.0340 1480 E: <-> \Device\Harddisk0\DR0\Partition1
21:09:21.0340 1480 ============================================================
21:09:21.0340 1480 Initialize success
21:09:21.0340 1480 ============================================================
21:10:32.0351 4576 ============================================================
21:10:32.0351 4576 Scan started
21:10:32.0351 4576 Mode: Manual; TDLFS;
21:10:32.0351 4576 ============================================================
21:10:33.0742 4576 ================ Scan system memory ========================
21:10:33.0742 4576 System memory - ok
21:10:33.0743 4576 ================ Scan services =============================
21:10:33.0908 4576 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:10:33.0909 4576 !SASCORE - ok
21:10:34.0331 4576 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:10:34.0335 4576 ACPI - ok
21:10:34.0418 4576 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:10:34.0419 4576 AdobeARMservice - ok
21:10:34.0462 4576 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:10:34.0466 4576 adp94xx - ok
21:10:34.0493 4576 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:10:34.0496 4576 adpahci - ok
21:10:34.0505 4576 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:10:34.0515 4576 adpu160m - ok
21:10:34.0529 4576 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:10:34.0530 4576 adpu320 - ok
21:10:34.0574 4576 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:10:34.0575 4576 AeLookupSvc - ok
21:10:34.0748 4576 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
21:10:34.0750 4576 AESTFilters - ok
21:10:34.0810 4576 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:10:34.0813 4576 AFD - ok
21:10:34.0847 4576 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:10:34.0849 4576 agp440 - ok
21:10:34.0876 4576 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:10:34.0878 4576 aic78xx - ok
21:10:34.0911 4576 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:10:34.0914 4576 ALG - ok
21:10:34.0944 4576 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:10:34.0946 4576 aliide - ok
21:10:34.0991 4576 [ C4232FADFA9691B85DDA0A7B636C5F6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:10:34.0993 4576 AMD External Events Utility - ok
21:10:34.0999 4576 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:10:35.0001 4576 amdagp - ok
21:10:35.0010 4576 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:10:35.0011 4576 amdide - ok
21:10:35.0018 4576 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:10:35.0019 4576 AmdK7 - ok
21:10:35.0059 4576 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:10:35.0060 4576 AmdK8 - ok
21:10:35.0375 4576 [ 10D681E635E81C253FC5DD1A5048B0E9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:10:35.0450 4576 amdkmdag - ok
21:10:35.0516 4576 [ 112A7F24C6535DBD2E90AEF34ECB57A4 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:10:35.0518 4576 amdkmdap - ok
21:10:35.0582 4576 [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:10:35.0583 4576 ApfiltrService - ok
21:10:35.0633 4576 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:10:35.0634 4576 Appinfo - ok
21:10:35.0704 4576 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:10:35.0706 4576 Apple Mobile Device - ok
21:10:35.0725 4576 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:10:35.0726 4576 arc - ok
21:10:35.0761 4576 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:10:35.0762 4576 arcsas - ok
21:10:35.0811 4576 [ 054DF24C92B55427E0757CFFF160E4F2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:10:35.0812 4576 aswFsBlk - ok
21:10:35.0849 4576 [ 258143605E77E4008F1758481D6A977D ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:10:35.0850 4576 aswMonFlt - ok
21:10:35.0861 4576 [ 352D5A48EBAB35A7693B048679304831 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
21:10:35.0862 4576 aswRdr - ok
21:10:36.0021 4576 [ 8D34D2B24297E27D93E847319ABFDEC4 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:10:36.0025 4576 aswSnx - ok
21:10:36.0052 4576 [ 010012597333DA1F46C3243F33F8409E ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:10:36.0055 4576 aswSP - ok
21:10:36.0073 4576 [ F9F84364416658E9786235904D448D37 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:10:36.0074 4576 aswTdi - ok
21:10:36.0092 4576 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:36.0093 4576 AsyncMac - ok
21:10:36.0121 4576 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:10:36.0122 4576 atapi - ok
21:10:36.0430 4576 [ 10D681E635E81C253FC5DD1A5048B0E9 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:10:36.0504 4576 atikmdag - ok
21:10:36.0590 4576 [ 0BBCB97F3C45DB821162578C3226914A ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
21:10:36.0625 4576 ATService - ok
21:10:36.0654 4576 [ 6D4BF9538E449D64C5413BC46AFCD8FF ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
21:10:36.0658 4576 ATSwpWDF - ok
21:10:36.0712 4576 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:10:36.0716 4576 AudioEndpointBuilder - ok
21:10:36.0734 4576 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:10:36.0736 4576 Audiosrv - ok
21:10:36.0833 4576 [ 996E6D052438E8D8DFD501F31560B2E0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:10:36.0834 4576 avast! Antivirus - ok
21:10:36.0896 4576 [ BCB27987AAF7962C72B0F337A201CC28 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
21:10:36.0897 4576 BCM42RLY - ok
21:10:36.0959 4576 [ 91D216486B05986AFCBEA3096A47F3EA ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
21:10:36.0968 4576 BCM43XX - ok
21:10:37.0036 4576 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:10:37.0037 4576 Beep - ok
21:10:37.0101 4576 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:10:37.0108 4576 BFE - ok
21:10:37.0154 4576 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:10:37.0176 4576 BITS - ok
21:10:37.0195 4576 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:10:37.0197 4576 blbdrive - ok
21:10:37.0273 4576 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:10:37.0283 4576 Bonjour Service - ok
21:10:37.0321 4576 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:10:37.0323 4576 bowser - ok
21:10:37.0346 4576 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:10:37.0347 4576 BrFiltLo - ok
21:10:37.0363 4576 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:10:37.0364 4576 BrFiltUp - ok
21:10:37.0400 4576 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:10:37.0403 4576 Browser - ok
21:10:37.0437 4576 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:10:37.0438 4576 Brserid - ok
21:10:37.0452 4576 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:10:37.0453 4576 BrSerWdm - ok
21:10:37.0477 4576 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:10:37.0478 4576 BrUsbMdm - ok
21:10:37.0487 4576 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:10:37.0488 4576 BrUsbSer - ok
21:10:37.0546 4576 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:10:37.0548 4576 BthEnum - ok
21:10:37.0563 4576 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:10:37.0564 4576 BTHMODEM - ok
21:10:37.0609 4576 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:10:37.0610 4576 BthPan - ok
21:10:37.0718 4576 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
21:10:37.0721 4576 BthPort - ok
21:10:37.0756 4576 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
21:10:37.0758 4576 BthServ - ok
21:10:37.0788 4576 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:10:37.0789 4576 BTHUSB - ok
21:10:37.0841 4576 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:10:37.0842 4576 btwaudio - ok
21:10:37.0875 4576 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
21:10:37.0877 4576 btwavdt - ok
21:10:37.0956 4576 [ B758BA8C61B34C44929725A325E5C104 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:10:37.0961 4576 btwdins - ok
21:10:37.0973 4576 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:10:37.0974 4576 btwl2cap - ok
21:10:37.0987 4576 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:10:37.0988 4576 btwrchid - ok
21:10:38.0021 4576 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:10:38.0023 4576 cdfs - ok
21:10:38.0060 4576 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:10:38.0061 4576 cdrom - ok
21:10:38.0095 4576 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:10:38.0097 4576 CertPropSvc - ok
21:10:38.0125 4576 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:10:38.0126 4576 circlass - ok
21:10:38.0195 4576 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:10:38.0200 4576 CLFS - ok
21:10:38.0249 4576 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:38.0252 4576 clr_optimization_v2.0.50727_32 - ok
21:10:38.0318 4576 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:38.0321 4576 clr_optimization_v4.0.30319_32 - ok
21:10:38.0370 4576 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:10:38.0372 4576 CmBatt - ok
21:10:38.0387 4576 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:10:38.0388 4576 cmdide - ok
21:10:38.0406 4576 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:10:38.0407 4576 Compbatt - ok
21:10:38.0413 4576 COMSysApp - ok
21:10:38.0437 4576 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:10:38.0439 4576 crcdisk - ok
21:10:38.0481 4576 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:10:38.0483 4576 Crusoe - ok
21:10:38.0591 4576 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:10:38.0593 4576 CryptSvc - ok
21:10:38.0670 4576 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:10:38.0693 4576 DcomLaunch - ok
21:10:38.0724 4576 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:10:38.0725 4576 DfsC - ok
21:10:38.0835 4576 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:10:38.0904 4576 DFSR - ok
21:10:38.0920 4576 DFUBTUSB - ok
21:10:38.0984 4576 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:10:38.0989 4576 Dhcp - ok
21:10:39.0017 4576 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:10:39.0018 4576 disk - ok
21:10:39.0061 4576 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:10:39.0064 4576 Dnscache - ok
21:10:39.0180 4576 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:10:39.0186 4576 dot3svc - ok
21:10:39.0235 4576 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:10:39.0238 4576 DPS - ok
21:10:39.0305 4576 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:10:39.0306 4576 drmkaud - ok
21:10:39.0373 4576 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:10:39.0379 4576 DXGKrnl - ok
21:10:39.0485 4576 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:10:39.0487 4576 E1G60 - ok
21:10:39.0545 4576 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:10:39.0547 4576 EapHost - ok
21:10:39.0600 4576 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:10:39.0603 4576 Ecache - ok
21:10:39.0696 4576 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:10:39.0704 4576 ehRecvr - ok
21:10:39.0733 4576 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:10:39.0736 4576 ehSched - ok
21:10:39.0753 4576 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:10:39.0755 4576 ehstart - ok
21:10:39.0804 4576 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:10:39.0810 4576 elxstor - ok
21:10:39.0860 4576 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:10:39.0881 4576 EMDMgmt - ok
21:10:39.0906 4576 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:10:39.0907 4576 ErrDev - ok
21:10:39.0951 4576 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:10:39.0955 4576 EventSystem - ok
21:10:39.0996 4576 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:10:40.0001 4576 exfat - ok
21:10:40.0034 4576 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:10:40.0037 4576 fastfat - ok
21:10:40.0050 4576 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:10:40.0052 4576 fdc - ok
21:10:40.0076 4576 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:10:40.0079 4576 fdPHost - ok
21:10:40.0093 4576 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:10:40.0096 4576 FDResPub - ok
21:10:40.0121 4576 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:10:40.0122 4576 FileInfo - ok
21:10:40.0134 4576 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:10:40.0136 4576 Filetrace - ok
21:10:40.0150 4576 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:10:40.0152 4576 flpydisk - ok
21:10:40.0189 4576 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:10:40.0191 4576 FltMgr - ok
21:10:40.0330 4576 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:10:40.0339 4576 FontCache - ok
21:10:40.0515 4576 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:10:40.0517 4576 FontCache3.0.0.0 - ok
21:10:40.0561 4576 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:10:40.0562 4576 Fs_Rec - ok
21:10:40.0583 4576 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:10:40.0584 4576 gagp30kx - ok
21:10:40.0609 4576 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:10:40.0610 4576 GEARAspiWDM - ok
21:10:40.0764 4576 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:10:40.0788 4576 gpsvc - ok
21:10:40.0837 4576 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:10:40.0842 4576 HdAudAddService - ok
21:10:40.0901 4576 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:10:40.0909 4576 HDAudBus - ok
21:10:41.0023 4576 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:10:41.0026 4576 HidBth - ok
21:10:41.0079 4576 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:10:41.0079 4576 HidIr - ok
21:10:41.0109 4576 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:10:41.0111 4576 hidserv - ok
21:10:41.0201 4576 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:10:41.0201 4576 HidUsb - ok
21:10:41.0231 4576 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:10:41.0235 4576 hkmsvc - ok
21:10:41.0276 4576 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:10:41.0277 4576 HpCISSs - ok
21:10:41.0379 4576 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:10:41.0382 4576 HTTP - ok
21:10:41.0414 4576 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:10:41.0416 4576 i2omp - ok
21:10:41.0451 4576 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:10:41.0452 4576 i8042prt - ok
21:10:41.0480 4576 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:10:41.0485 4576 iaStorV - ok
21:10:41.0539 4576 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:10:41.0563 4576 idsvc - ok
21:10:41.0584 4576 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:10:41.0585 4576 iirsp - ok
21:10:41.0622 4576 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:10:41.0628 4576 IKEEXT - ok
21:10:41.0656 4576 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:10:41.0658 4576 intelide - ok
21:10:41.0678 4576 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:10:41.0680 4576 intelppm - ok
21:10:41.0711 4576 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:10:41.0715 4576 IPBusEnum - ok
21:10:41.0730 4576 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:10:41.0731 4576 IpFilterDriver - ok
21:10:41.0786 4576 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:10:41.0792 4576 iphlpsvc - ok
21:10:41.0800 4576 IpInIp - ok
21:10:41.0858 4576 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:10:41.0860 4576 IPMIDRV - ok
21:10:41.0872 4576 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:10:41.0874 4576 IPNAT - ok
21:10:41.0951 4576 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:10:41.0997 4576 iPod Service - ok
21:10:42.0037 4576 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:10:42.0038 4576 IRENUM - ok
21:10:42.0047 4576 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:10:42.0048 4576 isapnp - ok
21:10:42.0108 4576 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:10:42.0111 4576 iScsiPrt - ok
21:10:42.0124 4576 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:10:42.0125 4576 iteatapi - ok
21:10:42.0171 4576 [ 20425664E2E196D339CA877E0387C023 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
21:10:42.0173 4576 itecir - ok
21:10:42.0207 4576 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:10:42.0209 4576 iteraid - ok
21:10:42.0310 4576 [ A67E8CFCAD7D4F8B35643D6C79BA64C3 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
21:10:42.0312 4576 k57nd60x - ok
21:10:42.0344 4576 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:10:42.0344 4576 kbdclass - ok
21:10:42.0444 4576 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:10:42.0445 4576 kbdhid - ok
21:10:42.0536 4576 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:10:42.0539 4576 KeyIso - ok
21:10:42.0646 4576 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:10:42.0649 4576 KSecDD - ok
21:10:42.0705 4576 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:10:42.0717 4576 KtmRm - ok
21:10:42.0758 4576 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:10:42.0765 4576 LanmanServer - ok
21:10:42.0825 4576 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:10:42.0833 4576 LanmanWorkstation - ok
21:10:42.0873 4576 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:10:42.0874 4576 lltdio - ok
21:10:42.0918 4576 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:10:42.0926 4576 lltdsvc - ok
21:10:42.0952 4576 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:10:42.0956 4576 lmhosts - ok
21:10:42.0983 4576 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:10:42.0985 4576 LSI_FC - ok
21:10:43.0005 4576 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:10:43.0007 4576 LSI_SAS - ok
21:10:43.0022 4576 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:10:43.0024 4576 LSI_SCSI - ok
21:10:43.0057 4576 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:10:43.0059 4576 luafv - ok
21:10:43.0081 4576 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:10:43.0087 4576 Mcx2Svc - ok
21:10:43.0106 4576 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:10:43.0107 4576 megasas - ok
21:10:43.0140 4576 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:10:43.0145 4576 MegaSR - ok
21:10:43.0169 4576 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:10:43.0174 4576 MMCSS - ok
21:10:43.0188 4576 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:10:43.0190 4576 Modem - ok
21:10:43.0207 4576 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:10:43.0208 4576 monitor - ok
21:10:43.0246 4576 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:10:43.0247 4576 mouclass - ok
21:10:43.0259 4576 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:10:43.0260 4576 mouhid - ok
21:10:43.0275 4576 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:10:43.0277 4576 MountMgr - ok
21:10:43.0360 4576 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:10:43.0363 4576 MozillaMaintenance - ok
21:10:43.0402 4576 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:10:43.0405 4576 mpio - ok
21:10:43.0427 4576 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:10:43.0429 4576 mpsdrv - ok
21:10:43.0468 4576 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:10:43.0478 4576 MpsSvc - ok
21:10:43.0496 4576 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:10:43.0498 4576 Mraid35x - ok
21:10:43.0522 4576 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:10:43.0524 4576 MRxDAV - ok
21:10:43.0567 4576 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:43.0569 4576 mrxsmb - ok
21:10:43.0636 4576 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:43.0639 4576 mrxsmb10 - ok
21:10:43.0654 4576 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:43.0656 4576 mrxsmb20 - ok
21:10:43.0724 4576 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
21:10:43.0726 4576 msahci - ok
21:10:43.0783 4576 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:10:43.0785 4576 msdsm - ok
21:10:43.0818 4576 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:10:43.0827 4576 MSDTC - ok
21:10:43.0854 4576 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:10:43.0856 4576 Msfs - ok
21:10:43.0885 4576 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:10:43.0887 4576 msisadrv - ok
21:10:43.0919 4576 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:10:43.0927 4576 MSiSCSI - ok
21:10:43.0934 4576 msiserver - ok
21:10:43.0954 4576 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:10:43.0957 4576 MSKSSRV - ok
21:10:43.0986 4576 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:43.0987 4576 MSPCLOCK - ok
21:10:44.0005 4576 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:10:44.0006 4576 MSPQM - ok
21:10:44.0040 4576 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:10:44.0042 4576 MsRPC - ok
21:10:44.0093 4576 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:10:44.0094 4576 mssmbios - ok
21:10:44.0153 4576 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:10:44.0154 4576 MSTEE - ok
21:10:44.0169 4576 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:10:44.0170 4576 Mup - ok
21:10:44.0198 4576 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:10:44.0208 4576 napagent - ok
21:10:44.0267 4576 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:10:44.0269 4576 NativeWifiP - ok
21:10:44.0291 4576 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:10:44.0296 4576 NDIS - ok
21:10:44.0331 4576 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:44.0332 4576 NdisTapi - ok
21:10:44.0347 4576 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:44.0348 4576 Ndisuio - ok
21:10:44.0522 4576 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:44.0525 4576 NdisWan - ok
21:10:44.0571 4576 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:10:44.0573 4576 NDProxy - ok
21:10:44.0601 4576 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:10:44.0603 4576 NetBIOS - ok
21:10:44.0663 4576 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:10:44.0666 4576 netbt - ok
21:10:44.0676 4576 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:10:44.0680 4576 Netlogon - ok
21:10:44.0713 4576 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:10:44.0722 4576 Netman - ok
21:10:44.0754 4576 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:10:44.0762 4576 netprofm - ok
21:10:44.0803 4576 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:10:44.0806 4576 NetTcpPortSharing - ok
21:10:44.0826 4576 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:10:44.0828 4576 nfrd960 - ok
21:10:44.0861 4576 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:10:44.0869 4576 NlaSvc - ok
21:10:44.0908 4576 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:10:44.0910 4576 Npfs - ok
21:10:44.0934 4576 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:10:44.0939 4576 nsi - ok
21:10:44.0970 4576 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:10:44.0972 4576 nsiproxy - ok
21:10:45.0031 4576 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:10:45.0066 4576 Ntfs - ok
21:10:45.0095 4576 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:10:45.0097 4576 ntrigdigi - ok
21:10:45.0117 4576 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:10:45.0119 4576 Null - ok
21:10:45.0179 4576 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:10:45.0181 4576 nvraid - ok
21:10:45.0192 4576 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:10:45.0194 4576 nvstor - ok
21:10:45.0211 4576 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:10:45.0212 4576 nv_agp - ok
21:10:45.0217 4576 NwlnkFlt - ok
21:10:45.0225 4576 NwlnkFwd - ok
21:10:45.0317 4576 [ 2CF21D5F8F1B74BB1922135AC2B12DDB ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
21:10:45.0318 4576 OA001Ufd - ok
21:10:45.0373 4576 [ 4075063D25AF9DA64101769854B83787 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
21:10:45.0375 4576 OA001Vid - ok
21:10:45.0546 4576 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:10:45.0556 4576 odserv - ok
21:10:45.0622 4576 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:10:45.0624 4576 ohci1394 - ok
21:10:45.0694 4576 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:45.0699 4576 ose - ok
21:10:45.0764 4576 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:10:45.0799 4576 p2pimsvc - ok
21:10:45.0816 4576 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:10:45.0825 4576 p2psvc - ok
21:10:45.0851 4576 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:10:45.0853 4576 Parport - ok
21:10:45.0885 4576 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:10:45.0887 4576 partmgr - ok
21:10:45.0935 4576 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:10:45.0937 4576 Parvdm - ok
21:10:46.0025 4576 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:10:46.0031 4576 PcaSvc - ok
21:10:46.0075 4576 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:10:46.0077 4576 pci - ok
21:10:46.0139 4576 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:10:46.0141 4576 pciide - ok
21:10:46.0176 4576 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:10:46.0179 4576 pcmcia - ok
21:10:46.0222 4576 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:10:46.0269 4576 PEAUTH - ok
21:10:46.0354 4576 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:10:46.0422 4576 pla - ok
21:10:46.0461 4576 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:10:46.0473 4576 PlugPlay - ok
21:10:46.0511 4576 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:10:46.0526 4576 PNRPAutoReg - ok
21:10:46.0563 4576 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:10:46.0571 4576 PNRPsvc - ok
21:10:46.0625 4576 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:10:46.0629 4576 PolicyAgent - ok
21:10:46.0704 4576 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:10:46.0705 4576 PptpMiniport - ok
21:10:46.0733 4576 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:10:46.0734 4576 Processor - ok
21:10:46.0759 4576 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:10:46.0763 4576 ProfSvc - ok
21:10:46.0777 4576 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:10:46.0780 4576 ProtectedStorage - ok
21:10:46.0898 4576 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:10:46.0899 4576 PSched - ok
21:10:46.0960 4576 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:10:46.0969 4576 ql2300 - ok
21:10:46.0982 4576 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:10:46.0984 4576 ql40xx - ok
21:10:47.0011 4576 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:10:47.0021 4576 QWAVE - ok
21:10:47.0042 4576 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:10:47.0044 4576 QWAVEdrv - ok
21:10:47.0057 4576 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:10:47.0058 4576 RasAcd - ok
21:10:47.0069 4576 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:10:47.0076 4576 RasAuto - ok
21:10:47.0091 4576 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:47.0093 4576 Rasl2tp - ok
21:10:47.0120 4576 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:10:47.0129 4576 RasMan - ok
21:10:47.0170 4576 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:47.0172 4576 RasPppoe - ok
21:10:47.0189 4576 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:10:47.0190 4576 RasSstp - ok
21:10:47.0243 4576 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:10:47.0245 4576 rdbss - ok
21:10:47.0265 4576 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:47.0266 4576 RDPCDD - ok
21:10:47.0288 4576 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:10:47.0290 4576 rdpdr - ok
21:10:47.0295 4576 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:10:47.0297 4576 RDPENCDD - ok
21:10:47.0382 4576 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:10:47.0384 4576 RDPWD - ok
21:10:47.0445 4576 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:10:47.0448 4576 RemoteAccess - ok
21:10:47.0484 4576 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:10:47.0488 4576 RemoteRegistry - ok
21:10:47.0705 4576 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:10:47.0707 4576 RFCOMM - ok
21:10:47.0770 4576 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
21:10:47.0771 4576 rimmptsk - ok
21:10:47.0794 4576 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
21:10:47.0796 4576 rimsptsk - ok
21:10:47.0825 4576 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
21:10:47.0826 4576 rismxdp - ok
21:10:47.0851 4576 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:10:47.0854 4576 RpcLocator - ok
21:10:47.0877 4576 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:10:47.0888 4576 RpcSs - ok
21:10:48.0019 4576 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:10:48.0021 4576 rspndr - ok
21:10:48.0040 4576 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:10:48.0044 4576 SamSs - ok
21:10:48.0398 4576 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:10:48.0399 4576 SASDIFSV - ok
21:10:48.0448 4576 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:10:48.0449 4576 SASKUTIL - ok
21:10:48.0476 4576 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:10:48.0477 4576 sbp2port - ok
21:10:48.0590 4576 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:10:48.0594 4576 SCardSvr - ok
21:10:48.0819 4576 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:10:48.0843 4576 Schedule - ok
21:10:48.0868 4576 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:10:48.0869 4576 SCPolicySvc - ok
21:10:48.0909 4576 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:10:48.0911 4576 sdbus - ok
21:10:49.0023 4576 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:10:49.0031 4576 SDRSVC - ok
21:10:49.0061 4576 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:10:49.0063 4576 secdrv - ok
21:10:49.0079 4576 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:10:49.0086 4576 seclogon - ok
21:10:49.0101 4576 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:10:49.0108 4576 SENS - ok
21:10:49.0128 4576 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:10:49.0130 4576 Serenum - ok
21:10:49.0157 4576 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:10:49.0159 4576 Serial - ok
21:10:49.0190 4576 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:10:49.0192 4576 sermouse - ok
21:10:49.0220 4576 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:10:49.0228 4576 SessionEnv - ok
21:10:49.0246 4576 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:10:49.0247 4576 sffdisk - ok
21:10:49.0264 4576 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:10:49.0266 4576 sffp_mmc - ok
21:10:49.0282 4576 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:10:49.0284 4576 sffp_sd - ok
21:10:49.0300 4576 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:10:49.0302 4576 sfloppy - ok
21:10:49.0342 4576 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:10:49.0351 4576 SharedAccess - ok
21:10:49.0398 4576 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:10:49.0404 4576 ShellHWDetection - ok
21:10:49.0466 4576 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:10:49.0467 4576 sisagp - ok
21:10:49.0478 4576 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:10:49.0480 4576 SiSRaid2 - ok
21:10:49.0500 4576 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:10:49.0501 4576 SiSRaid4 - ok
21:10:49.0694 4576 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:10:49.0698 4576 SkypeUpdate - ok
21:10:49.0833 4576 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:10:49.0919 4576 slsvc - ok
21:10:49.0980 4576 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:10:49.0987 4576 SLUINotify - ok
21:10:50.0020 4576 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:10:50.0022 4576 Smb - ok
21:10:50.0086 4576 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:10:50.0093 4576 SNMPTRAP - ok
21:10:50.0181 4576 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:10:50.0182 4576 spldr - ok
21:10:50.0244 4576 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:10:50.0253 4576 Spooler - ok
21:10:50.0323 4576 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:10:50.0327 4576 srv - ok
21:10:50.0389 4576 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:10:50.0392 4576 srv2 - ok
21:10:50.0442 4576 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:10:50.0445 4576 srvnet - ok
21:10:50.0514 4576 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:10:50.0525 4576 SSDPSRV - ok
21:10:50.0575 4576 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:10:50.0586 4576 SstpSvc - ok
21:10:50.0916 4576 [ 6318D2AEAB600AB2FB7D2F75E7484BEB ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
21:10:50.0917 4576 STacSV - ok
21:10:51.0005 4576 [ 87B7FC4CDE516C40AB84E786B97953DD ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
21:10:51.0008 4576 STHDA - ok
21:10:51.0060 4576 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:10:51.0082 4576 stisvc - ok
21:10:51.0111 4576 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:10:51.0113 4576 swenum - ok
21:10:51.0174 4576 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:10:51.0187 4576 swprv - ok
21:10:51.0203 4576 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:10:51.0204 4576 Symc8xx - ok
21:10:51.0220 4576 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:10:51.0222 4576 Sym_hi - ok
21:10:51.0246 4576 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:10:51.0248 4576 Sym_u3 - ok
21:10:51.0284 4576 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:10:51.0306 4576 SysMain - ok
21:10:51.0330 4576 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:10:51.0336 4576 TabletInputService - ok
21:10:51.0413 4576 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:10:51.0422 4576 TapiSrv - ok
21:10:51.0451 4576 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:10:51.0459 4576 TBS - ok
21:10:51.0526 4576 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:10:51.0535 4576 Tcpip - ok
21:10:51.0578 4576 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:10:51.0588 4576 Tcpip6 - ok
21:10:51.0842 4576 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:10:51.0844 4576 tcpipreg - ok
21:10:51.0875 4576 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:10:51.0876 4576 TDPIPE - ok
21:10:51.0902 4576 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:10:51.0905 4576 TDTCP - ok
21:10:51.0937 4576 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:10:51.0939 4576 tdx - ok
21:10:51.0953 4576 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:10:51.0954 4576 TermDD - ok
21:10:51.0985 4576 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:10:52.0007 4576 TermService - ok
21:10:52.0032 4576 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:10:52.0038 4576 Themes - ok
21:10:52.0053 4576 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:10:52.0056 4576 THREADORDER - ok
21:10:52.0080 4576 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:10:52.0086 4576 TrkWks - ok
21:10:52.0145 4576 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:10:52.0146 4576 TrustedInstaller - ok
21:10:52.0186 4576 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:52.0187 4576 tssecsrv - ok
21:10:52.0209 4576 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:10:52.0211 4576 tunmp - ok
21:10:52.0252 4576 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:10:52.0253 4576 tunnel - ok
21:10:52.0278 4576 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:10:52.0281 4576 uagp35 - ok
21:10:52.0324 4576 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:10:52.0329 4576 udfs - ok
21:10:52.0351 4576 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:10:52.0357 4576 UI0Detect - ok
21:10:52.0373 4576 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:10:52.0375 4576 uliagpkx - ok
21:10:52.0395 4576 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:10:52.0398 4576 uliahci - ok
21:10:52.0414 4576 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:10:52.0416 4576 UlSata - ok
21:10:52.0428 4576 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:10:52.0430 4576 ulsata2 - ok
21:10:52.0454 4576 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:10:52.0455 4576 umbus - ok
21:10:52.0483 4576 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:10:52.0503 4576 upnphost - ok
21:10:52.0552 4576 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:10:52.0553 4576 USBAAPL - ok
21:10:52.0602 4576 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:52.0603 4576 usbccgp - ok
21:10:52.0610 4576 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:10:52.0611 4576 usbcir - ok
21:10:52.0665 4576 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:10:52.0666 4576 usbehci - ok
21:10:52.0704 4576 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:10:52.0706 4576 usbhub - ok
21:10:52.0724 4576 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:10:52.0725 4576 usbohci - ok
21:10:52.0783 4576 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:10:52.0784 4576 usbprint - ok
21:10:52.0812 4576 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:52.0814 4576 USBSTOR - ok
21:10:52.0834 4576 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:10:52.0835 4576 usbuhci - ok
21:10:52.0887 4576 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:10:52.0889 4576 usbvideo - ok
21:10:52.0928 4576 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:10:52.0934 4576 UxSms - ok
21:10:53.0009 4576 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:10:53.0022 4576 vds - ok
21:10:53.0062 4576 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:53.0063 4576 vga - ok
21:10:53.0084 4576 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:10:53.0085 4576 VgaSave - ok
21:10:53.0160 4576 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:10:53.0161 4576 viaagp - ok
21:10:53.0174 4576 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:10:53.0177 4576 ViaC7 - ok
21:10:53.0198 4576 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:10:53.0199 4576 viaide - ok
21:10:53.0215 4576 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:10:53.0217 4576 volmgr - ok
21:10:53.0256 4576 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:10:53.0262 4576 volmgrx - ok
21:10:53.0410 4576 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:10:53.0413 4576 volsnap - ok
21:10:53.0471 4576 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:10:53.0473 4576 vsmraid - ok
21:10:53.0528 4576 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:10:53.0550 4576 VSS - ok
21:10:53.0619 4576 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:10:53.0634 4576 W32Time - ok
21:10:53.0662 4576 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:10:53.0664 4576 WacomPen - ok
21:10:53.0748 4576 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:10:53.0749 4576 Wanarp - ok
21:10:53.0756 4576 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:10:53.0758 4576 Wanarpv6 - ok
21:10:53.0794 4576 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:10:53.0818 4576 wcncsvc - ok
21:10:53.0850 4576 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:10:53.0856 4576 WcsPlugInService - ok
21:10:53.0871 4576 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:10:53.0873 4576 Wd - ok
21:10:53.0920 4576 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:10:53.0924 4576 Wdf01000 - ok
21:10:53.0941 4576 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:10:53.0947 4576 WdiServiceHost - ok
21:10:53.0953 4576 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:10:53.0958 4576 WdiSystemHost - ok
21:10:54.0026 4576 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:10:54.0034 4576 WebClient - ok
21:10:54.0090 4576 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:10:54.0098 4576 Wecsvc - ok
21:10:54.0114 4576 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:10:54.0120 4576 wercplsupport - ok
21:10:54.0171 4576 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:10:54.0179 4576 WerSvc - ok
21:10:54.0289 4576 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:10:54.0292 4576 WinDefend - ok
21:10:54.0302 4576 WinHttpAutoProxySvc - ok
21:10:54.0374 4576 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:10:54.0376 4576 Winmgmt - ok
21:10:54.0467 4576 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:10:54.0501 4576 WinRM - ok
21:10:54.0549 4576 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:10:54.0571 4576 Wlansvc - ok
21:10:54.0578 4576 wltrysvc - ok
21:10:54.0605 4576 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:10:54.0606 4576 WmiAcpi - ok
21:10:54.0643 4576 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:10:54.0647 4576 wmiApSrv - ok
21:10:54.0714 4576 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:10:54.0738 4576 WMPNetworkSvc - ok
21:10:54.0763 4576 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:10:54.0770 4576 WPCSvc - ok
21:10:54.0810 4576 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:10:54.0817 4576 WPDBusEnum - ok
21:10:54.0887 4576 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:10:54.0889 4576 WpdUsb - ok
21:10:55.0142 4576 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:10:55.0165 4576 WPFFontCache_v0400 - ok
21:10:55.0208 4576 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:10:55.0210 4576 ws2ifsl - ok
21:10:55.0365 4576 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:10:55.0373 4576 wscsvc - ok
21:10:55.0381 4576 WSearch - ok
21:10:55.0468 4576 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:10:55.0487 4576 wuauserv - ok
21:10:55.0530 4576 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:10:55.0531 4576 WudfPf - ok
21:10:55.0550 4576 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:55.0551 4576 WUDFRd - ok
21:10:55.0635 4576 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:10:55.0640 4576 wudfsvc - ok
21:10:55.0688 4576 ================ Scan global ===============================
21:10:55.0712 4576 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:10:55.0746 4576 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:10:55.0768 4576 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:10:55.0823 4576 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:10:55.0828 4576 [Global] - ok
21:10:55.0828 4576 ================ Scan MBR ==================================
21:10:55.0844 4576 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:10:57.0288 4576 \Device\Harddisk0\DR0 - ok
21:10:57.0289 4576 ================ Scan VBR ==================================
21:10:57.0371 4576 [ A431838945CA4AEAD0B42711B8CA0E9B ] \Device\Harddisk0\DR0\Partition1
21:10:57.0374 4576 \Device\Harddisk0\DR0\Partition1 - ok
21:10:57.0427 4576 [ 5BC0282E9E495DB6A59947E02893D77A ] \Device\Harddisk0\DR0\Partition2
21:10:57.0431 4576 \Device\Harddisk0\DR0\Partition2 - ok
21:10:57.0785 4576 [ 3D0FBF115ABCF1B69949A11437F5EF1C ] \Device\Harddisk0\DR0\Partition3
21:10:57.0788 4576 \Device\Harddisk0\DR0\Partition3 - ok
21:10:57.0788 4576 ============================================================
21:10:57.0788 4576 Scan finished
21:10:57.0788 4576 ============================================================
21:10:57.0815 4568 Detected object count: 0
21:10:57.0815 4568 Actual detected object count: 0
21:11:04.0463 2832 Deinitialize success



______________________________________________________________________________________________________

This from aswMBR, I think it finished but never confirmed it was done just stopped at the user folder when run in both normal and safemode

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-23 21:11:42
-----------------------------
21:11:42.499 OS Version: Windows 6.0.6002 Service Pack 2
21:11:42.499 Number of processors: 2 586 0xF0D
21:11:42.501 ComputerName: CADAVER-PC UserName: Randy
21:11:51.416 Initialize success
21:11:51.561 AVAST engine defs: 12122301
21:12:06.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:12:06.243 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT1 11.01A11 Size: 305245MB BusType: 3
21:12:06.259 Disk 0 MBR read successfully
21:12:06.264 Disk 0 MBR scan
21:12:06.271 Disk 0 Windows VISTA default MBR code
21:12:06.276 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:12:06.294 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 80325
21:12:06.317 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 91029 MB offset 20560325
21:12:06.325 Disk 0 Partition - 00 0F Extended LBA 204175 MB offset 206989312
21:12:06.353 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 204174 MB offset 206991360
21:12:06.364 Disk 0 scanning sectors +625139712
21:12:06.434 Disk 0 scanning C:\Windows\system32\drivers
21:12:18.910 Service scanning
21:12:37.491 Modules scanning
21:12:43.442 Disk 0 trace - called modules:
21:12:43.457 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:12:43.462 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86271ac8]
21:12:43.468 3 CLASSPNP.SYS[8aba78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ae88a0]
21:12:44.404 AVAST engine scan C:\Windows
21:12:46.758 AVAST engine scan C:\Windows\system32
21:15:31.822 AVAST engine scan C:\Windows\system32\drivers
21:15:45.351 AVAST engine scan C:\Users\Randy
21:16:26.507 Disk 0 MBR has been saved successfully to "C:\Users\Randy\Desktop\MBR.dat"
21:16:26.513 The log file has been saved successfully to "C:\Users\Randy\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-23 21:19:16
-----------------------------
21:19:16.641 OS Version: Windows 6.0.6002 Service Pack 2
21:19:16.641 Number of processors: 2 586 0xF0D
21:19:16.641 ComputerName: CADAVER-PC UserName: Randy
21:19:19.152 Initialize success
21:19:24.550 AVAST engine defs: 12122301
21:19:31.804 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:19:31.804 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT1 11.01A11 Size: 305245MB BusType: 3
21:19:31.820 Disk 0 MBR read successfully
21:19:31.820 Disk 0 MBR scan
21:19:32.366 Disk 0 Windows VISTA default MBR code
21:19:32.397 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:19:32.756 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 80325
21:19:33.317 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 91029 MB offset 20560325
21:19:33.317 Disk 0 Partition - 00 0F Extended LBA 204175 MB offset 206989312
21:19:33.380 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 204174 MB offset 206991360
21:19:33.426 Disk 0 scanning sectors +625139712
21:19:33.754 Disk 0 scanning C:\Windows\system32\drivers
21:19:48.746 Service scanning
21:20:19.337 Modules scanning
21:20:25.203 Disk 0 trace - called modules:
21:20:25.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:20:25.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c488a0]
21:20:25.234 3 CLASSPNP.SYS[8aba18b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ae88a0]
21:20:26.154 AVAST engine scan C:\Windows
21:20:29.898 AVAST engine scan C:\Windows\system32
21:22:44.558 AVAST engine scan C:\Windows\system32\drivers
21:22:55.010 AVAST engine scan C:\Users\Randy
21:27:09.929 Disk 0 MBR has been saved successfully to "C:\Users\Randy\Desktop\MBR.dat"
21:27:09.945 The log file has been saved successfully to "C:\Users\Randy\Desktop\aswMBR.txt"


____________________________________________________________________________________________________________________

Eset found no threats and didnt give an option to do the list. This is the log I pulled out of the ESET folder.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=11e6b61158d7b148a8bf99b218e8a44e
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-24 04:50:58
# local_time=2012-12-23 10:50:58 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=771 16777213 100 91 25706758 132112930 0 0
# compatibility_mode=5892 16776573 100 100 0 192932186 0 0
# scanned=250278
# found=0
# cleaned=0
# scan_time=4739



Let me know if I did something wrong with aswMBR and need to run it again

Thanks

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 25 December 2012 - 12:31 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 rwag23

rwag23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 25 December 2012 - 10:49 AM

MalwareBytes

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.25.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Randy :: CADAVER-PC [administrator]

Protection: Enabled

12/25/2012 8:15:09 AM
mbam-log-2012-12-25 (08-15-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342297
Time elapsed: 1 hour(s), 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


_________________________________________________________________________________________


Minitool Box

MiniToolBox by Farbar Version: 25-11-2012
Ran by Randy (administrator) on 25-12-2012 at 09:25:00
Running from "C:\Users\Randy\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1510 Wireless-N WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CaDaver-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : 00-22-68-DB-B3-79
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f40d:3f78:19e4:b981%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.79(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, December 23, 2012 9:28:45 PM
Lease Expires . . . . . . . . . . : Tuesday, December 25, 2012 9:28:46 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 318775912
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A1-37-F9-00-21-70-7E-12-49
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-16-44-FE-77-FE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-21-70-7E-12-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9FEC6996-0123-4E32-8F12-184945BB1360}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.lan
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2cae:bbc:3f57:feb0(Preferred)
Link-local IPv6 Address . . . . . : fe80::2cae:bbc:3f57:feb0%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.consolidated.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{366BCEDB-D785-4AC4-A871-D4953235C447}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4002:802::100e
173.194.37.70
173.194.37.71
173.194.37.72
173.194.37.73
173.194.37.78
173.194.37.64
173.194.37.65
173.194.37.66
173.194.37.67
173.194.37.68
173.194.37.69



Pinging google.com [173.194.37.72] with 32 bytes of data:

Reply from 173.194.37.72: bytes=32 time=46ms TTL=51

Reply from 173.194.37.72: bytes=32 time=47ms TTL=51



Ping statistics for 173.194.37.72:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 47ms, Average = 46ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=182ms TTL=47

Reply from 72.30.38.140: bytes=32 time=239ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 182ms, Maximum = 239ms, Average = 210ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=11ms TTL=128

Reply from 127.0.0.1: bytes=32 time=4ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 4ms, Maximum = 11ms, Average = 7ms

===========================================================================
Interface List
13 ...00 22 68 db b3 79 ...... Dell Wireless 1510 Wireless-N WLAN Mini-Card
12 ...00 16 44 fe 77 fe ...... Bluetooth Device (Personal Area Network)
10 ...00 21 70 7e 12 49 ...... Broadcom NetLink ™ Gigabit Ethernet
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.{9FEC6996-0123-4E32-8F12-184945BB1360}
19 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
17 ...00 00 00 00 00 00 00 e0 isatap.lan
14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.consolidated.net
18 ...00 00 00 00 00 00 00 e0 isatap.{366BCEDB-D785-4AC4-A871-D4953235C447}
20 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.79 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.79 281
192.168.1.79 255.255.255.255 On-link 192.168.1.79 281
192.168.1.255 255.255.255.255 On-link 192.168.1.79 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.79 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.79 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 18 ::/0 On-link
1 306 ::1/128 On-link
14 18 2001::/32 On-link
14 266 2001:0:9d38:6ab8:2cae:bbc:3f57:feb0/128
On-link
13 281 fe80::/64 On-link
14 266 fe80::/64 On-link
14 266 fe80::2cae:bbc:3f57:feb0/128
On-link
13 281 fe80::f40d:3f78:19e4:b981/128
On-link
1 306 ff00::/8 On-link
14 266 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/23/2012 09:30:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2012 09:19:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2012 09:19:06 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/23/2012 09:07:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2012 09:06:02 PM) (Source: Application Error) (User: )
Description: Faulting application bcmwltry.exe, version 4.170.75.0, time stamp 0x47bcd2d7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x015b6b3b,
process id 0x75c, application start time 0xbcmwltry.exe0.

Error: (12/23/2012 09:04:12 PM) (Source: EventSystem) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/23/2012 08:52:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bb1bff1-53f2-45d7-973e-c13cb25da113}

Error: (12/23/2012 08:47:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bb1bff1-53f2-45d7-973e-c13cb25da113}

Error: (12/23/2012 05:15:03 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bb1bff1-53f2-45d7-973e-c13cb25da113}

Error: (12/23/2012 05:11:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bb1bff1-53f2-45d7-973e-c13cb25da113}


System errors:
=============
Error: (12/23/2012 09:30:12 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (12/23/2012 09:19:56 PM) (Source: Service Control Manager) (User: )
Description: aswSnx
aswSP
aswTdi
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (12/23/2012 09:19:56 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (12/23/2012 09:19:09 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/23/2012 09:19:08 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/23/2012 09:19:06 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/23/2012 09:18:59 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/23/2012 09:18:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll21

Error: (12/23/2012 09:18:27 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:17:21 PM on 12/23/2012 was unexpected.

Error: (12/23/2012 09:07:08 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-12-25 09:16:03.929
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:03.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:03.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:03.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:03.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:02.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:02.790
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:02.619
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:02.400
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-25 09:16:02.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.22beta
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Auslogics Disk Defrag (Version: version 3.4)
AuthenTec Fingerprint System (Version: 8.0.14.4)
avast! Free Antivirus (Version: 6.0.1367.0)
Battlelog Web Plugins (Version: 1.122.0)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 11.06.01)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Full Existing (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Full New (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Light (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Previews Common (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0225.2153.39091)
Catalyst Control Center InstallProxy (Version: 2012.0704.122.388)
ccc-core-static (Version: 2008.0225.2153.39091)
ccc-utility (Version: 2008.0225.2153.39091)
CCC Help English (Version: 2008.0225.2152.39091)
CCleaner (Version: 3.20)
Cisco EAP-FAST Module (Version: 2.1.3)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
CutePDF Writer 2.9 (Version: 2.9)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.1.104.2)
Dell Wireless WLAN Card Utility (Version: 4.170.75.0)
DraftSight (Version: 8.3.119)
EAGLE 6.2.0 (Version: 6.2.0)
Emergence Viewer 1.5.2.549
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
ExpressPCB (Version: 7.0.2)
Google Chrome (Version: 23.0.1271.97)
IceChat 7.70 (Build 20101031) (Version: 7.70)
iCloud (Version: 1.0.2.17)
IDT Audio (Version: 1.0.5881.0)
Imprudence Viewer 1.3.2
Integrated Webcam Driver (1.06.03.0309) (Version: 1.06.03.0309)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
ITECIR Driver (Version: 1.00.000)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
LTspice IV
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Metropolis Hippo Viewer version 0.6.3 (Version: 0.6.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
mIRC (Version: 7.27)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0)
Mozilla Thunderbird 17.0 (x86 en-US) (Version: 17.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Python 2.7.2 (Version: 2.7.2150)
Quicken 2013 (Version: 22.1.8.4)
QuickTime (Version: 7.71.80.42)
Revo Uninstaller 1.93 (Version: 1.93)
RICOH R5U8xx Media Driver ver.3.62.02 (Version: 3.62.02)
SciTE Text Editor (Version: 3.0.3)
Skins (Version: 2008.0225.2153.39091)
Skype™ 5.10 (Version: 5.10.116)
SpywareBlaster 4.6 (Version: 4.6.0)
SUPERAntiSpyware (Version: 5.6.1014)
TortoiseHg 2.4.0 (x86) (Version: 2.4.0)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software (Version: 6.2.0.9603)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (02/26/2008 8.0.10.100) (Version: 02/26/2008 8.0.10.100)
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (12/18/2007 5.0.0004.6) (Version: 12/18/2007 5.0.0004.6)
Yahoo! Messenger
Yawcam 0.3.8

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 3069.24 MB
Available physical RAM: 1317.27 MB
Total Pagefile: 6348.75 MB
Available Pagefile: 4810.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.81 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:88.9 GB) (Free:40.61 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:199.39 GB) (Free:44.97 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5 GB) NTFS

========================= Users: ========================================

User accounts for \\CADAVER-PC

Administrator Guest Randy

========================= Restore Points ==================================

20-12-2012 08:25:36 Scheduled Checkpoint
21-12-2012 06:00:00 Scheduled Checkpoint
21-12-2012 09:00:12 Windows Update
22-12-2012 01:58:08 Scheduled Checkpoint
23-12-2012 21:47:34 Installed SpyHunter
23-12-2012 22:21:51 Device Driver Package Install: Eset spol s r. o.
23-12-2012 22:22:20 Device Driver Package Install: Eset spol s r. o.
23-12-2012 22:22:41 Device Driver Package Install: Eset spol s r. o.
23-12-2012 23:11:06 Revo Uninstaller's restore point - PC Tools Spyware Doctor 9.1
23-12-2012 23:15:03 Revo Uninstaller's restore point - SpyHunter
23-12-2012 23:15:26 Removed SpyHunter
24-12-2012 02:47:21 Revo Uninstaller's restore point - ESET NOD32 Antivirus
24-12-2012 02:47:42 Removed ESET NOD32 Antivirus
24-12-2012 02:52:11 Revo Uninstaller's restore point - µTorrent
25-12-2012 06:00:01 Scheduled Checkpoint
25-12-2012 08:26:16 Windows Update

**** End of log ****


______________________________________________________________________________________________________

Farbar

Farbar Service Scanner Version: 23-12-2012
Ran by Randy (administrator) on 25-12-2012 at 09:26:58
Running from "C:\Users\Randy\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-13 14:39] - [2012-06-01 18:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




___________________________________________________________________________________________________________________________


Adware

# AdwCleaner v2.102 - Logfile created 12/25/2012 at 09:30:20
# Updated 23/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Randy - CADAVER-PC
# Boot Mode : Normal
# Running from : C:\Users\Randy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Randy\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\860g7u64.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [988 octets] - [25/12/2012 09:30:21]

########## EOF - C:\AdwCleaner[S1].txt - [1047 octets] ##########


_________________________________________________________________________________________________


Junkware


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.5 (12.24.2012:1)
OS: Windows Vista ™ Home Premium x86
Ran by Randy on Tue 12/25/2012 at 9:35:57.01
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Randy\AppData\Roaming\mozilla\firefox\profiles\860g7u64.default\extensions\jnqcasbhcs@jnqcasbhcs.org.xpi [Tracur]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/25/2012 at 9:44:00.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Thanks for the help

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 26 December 2012 - 10:07 AM

Still redirecting? which browser?

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 rwag23

rwag23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 26 December 2012 - 10:50 AM

I actually have been avoiding google till you could help fix the problem. I did some searching and it does seem like the problem is gone now. I use firefox as my browser, I did check on IE also and no redirecting there either.

The log files

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/26/2012 09:43:37 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\WLTRYSVC.EXE (PID: 1864) [WD-HEUR]
* C:\Windows\System32\bcmwltry.exe (PID: 1884) [WD-HEUR]
* C:\Windows\System32\WLTRAY.EXE (PID: 2944) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/26/2012 09:43:51 AM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)


____________________________________________________________________________________________________

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "Broadcom Wireless Manager UI" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\windows\system32\wltray.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SysTrayApp" "IDT Audio system tray application" "IDT, Inc." "c:\program files\idt\wdm\sttray.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "SciTE" "Context Menu Handler for SciTE" "Burgaud.com" "c:\program files\scite\wscitecm.dll"
+ "TortoiseHgCMenu" "TortoiseHg Shell Extension" "TortoiseHg Project" "c:\program files\tortoisehg\thgshellx86.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "TortoiseHgCMenu" "TortoiseHg Shell Extension" "TortoiseHg Project" "c:\program files\tortoisehg\thgshellx86.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "TortoiseHg" "TortoiseHg Shell Extension" "TortoiseHg Project" "c:\program files\tortoisehg\thgshellx86.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "ACE Context Menu" "" "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "TortoiseHgCMenu" "TortoiseHg Shell Extension" "TortoiseHg Project" "c:\program files\tortoisehg\thgshellx86.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "TortoiseHgCMenu" "TortoiseHg Shell Extension" "TortoiseHg Project" "c:\program files\tortoisehg\thgshellx86.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "1TortoiseNormal" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "2TortoiseModified" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "3TortoiseConflict" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "4TortoiseLocked" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "5TortoiseReadOnly" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "6TortoiseDeleted" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "7TortoiseAdded" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "8TortoiseIgnored" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
+ "9TortoiseUnversioned" "TortoiseSVN overlay handler shim" "http://tortoisesvn.net" "c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"Task Scheduler" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2635281207-2526269887-4198318337-1000Core" "Google Installer" "Google Inc." "c:\users\randy\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2635281207-2526269887-4198318337-1000UA" "Google Installer" "Google Inc." "c:\users\randy\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AESTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\windows\system32\driverstore\filerepository\stwrt.inf_c204e27d\aestsrv.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwdins.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt.inf_c204e27d\stacsv.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "" "c:\windows\system32\wltrysvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys"
+ "aswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "ATSwpWDF" " AuthenTec Swipe Sensor WDF USB Driver Prototype" "AuthenTec, Inc." "c:\windows\system32\drivers\atswpwdf.sys"
+ "BCM42RLY" "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm42rly.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "DFUBTUSB" "" "" "File not found: System32\Drivers\frmupgr.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "itecir" "ITE Consumer IR Driver for eHome" "ITE Tech. Inc. " "c:\windows\system32\drivers\itecir.sys"
+ "k57nd60x" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60x.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "OA001Ufd" "Provides a software interface to control effects of Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001ufd.sys"
+ "OA001Vid" "Provides a software interface to control Integrated Webcam." "Creative Technology Ltd." "c:\windows\system32\drivers\oa001vid.sys"
+ "rimmptsk" "RICOH SD Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA" "NDRC" "IDT, Inc." "c:\windows\system32\drivers\stwrt.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwcp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "CutePDF Writer Monitor" "" "" "c:\windows\system32\cpwmon2k.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Dell Wireless WLAN Card Logon Provider" "Dell Inc." "c:\windows\system32\bcmlogon.dll"
"C:\Users\Randy\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Avast! antivirus monitor" "Avast! antivirus sidebar gadget." "AVAST Software" "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\Gadget.xml"
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 26 December 2012 - 09:59 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 rwag23

rwag23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 27 December 2012 - 08:52 PM

Cleaned / updated / and a new restore point.

Thanks for your help and your time narenxp

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 28 December 2012 - 01:40 AM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users