Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with Pornographic Ransomware and JS/Medfos.B


  • Please log in to reply
15 replies to this topic

#1 xfuture

xfuture

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 29 January 2013 - 09:53 PM

Hi. I have a Toshiba laptop running windows vista home premium 64 bit. After visiting, of all things, a recipe site my laptop was infected with some ransomware that displayed a pornographic image and requested a payment of $200.00. I tried to research this on a different computer but all I found in the ransomware department were FBI and Government type messages.

Using a trial of HitmanPro I was able to get back into the computer and I proceeded to do additional scans that Hitman recommended. I did scans with Hitman Pro, Malware Bytes and Microsoft Security Essentials. Each application found some serious stuff (if the programs are to be believed) and supposedly removed them. However Microsoft Security Essentials repeatedly found a file at C:\Users\Dennis\AppData\Local\0f77849a-baec-47cc-9122-37cc3d6f1406.crx->manager.js and said it had found JS/Medfos.B trojan in this file. I removed the file with MSS Essentials but it keeps coming back. While I think I got the ransomware there is definitely something still going on here and I need professional help.

Edit: one other thing I have noted is that I cannot update MS Security Essentials. I can update Malware Bytes but MSSE update fails every time.

Edited by xfuture, 29 January 2013 - 09:55 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:59 PM

Posted 29 January 2013 - 11:36 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 xfuture

xfuture
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 30 January 2013 - 04:40 PM

Ok here are the files.

TDSSkiller log

10:18:14.0013 3460 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:18:14.0559 3460 ============================================================
10:18:14.0559 3460 Current date / time: 2013/01/30 10:18:14.0559
10:18:14.0559 3460 SystemInfo:
10:18:14.0559 3460
10:18:14.0559 3460 OS Version: 6.0.6002 ServicePack: 2.0
10:18:14.0559 3460 Product type: Workstation
10:18:14.0559 3460 ComputerName: DENNIS-PC
10:18:14.0559 3460 UserName: Dennis
10:18:14.0559 3460 Windows directory: C:\Windows
10:18:14.0559 3460 System windows directory: C:\Windows
10:18:14.0559 3460 Processor architecture: Intel x86
10:18:14.0559 3460 Number of processors: 2
10:18:14.0559 3460 Page size: 0x1000
10:18:14.0559 3460 Boot type: Normal boot
10:18:14.0559 3460 ============================================================
10:18:16.0696 3460 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:18:16.0712 3460 ============================================================
10:18:16.0712 3460 \Device\Harddisk0\DR0:
10:18:16.0712 3460 MBR partitions:
10:18:16.0712 3460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x171AF000
10:18:16.0712 3460 ============================================================
10:18:16.0727 3460 C: <-> \Device\Harddisk0\DR0\Partition1
10:18:16.0727 3460 ============================================================
10:18:16.0727 3460 Initialize success
10:18:16.0727 3460 ============================================================
10:18:44.0105 1572 ============================================================
10:18:44.0105 1572 Scan started
10:18:44.0105 1572 Mode: Manual; TDLFS;
10:18:44.0105 1572 ============================================================
10:18:45.0244 1572 ================ Scan system memory ========================
10:18:45.0244 1572 System memory - ok
10:18:45.0244 1572 ================ Scan services =============================
10:18:46.0102 1572 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:18:46.0118 1572 ACPI - ok
10:18:46.0305 1572 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:18:46.0305 1572 AdobeARMservice - ok
10:18:46.0414 1572 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:18:46.0445 1572 AdobeFlashPlayerUpdateSvc - ok
10:18:46.0601 1572 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:18:46.0601 1572 adp94xx - ok
10:18:46.0664 1572 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:18:46.0679 1572 adpahci - ok
10:18:46.0726 1572 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:18:46.0742 1572 adpu160m - ok
10:18:46.0773 1572 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:18:46.0788 1572 adpu320 - ok
10:18:46.0835 1572 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:18:46.0835 1572 AeLookupSvc - ok
10:18:46.0882 1572 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
10:18:46.0882 1572 AFD - ok
10:18:46.0944 1572 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
10:18:46.0944 1572 AgereModemAudio - ok
10:18:47.0054 1572 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
10:18:47.0085 1572 AgereSoftModem - ok
10:18:47.0116 1572 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:18:47.0116 1572 agp440 - ok
10:18:47.0178 1572 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:18:47.0194 1572 aic78xx - ok
10:18:47.0303 1572 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:18:47.0303 1572 ALG - ok
10:18:47.0334 1572 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
10:18:47.0334 1572 aliide - ok
10:18:47.0381 1572 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:18:47.0381 1572 amdagp - ok
10:18:47.0397 1572 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
10:18:47.0397 1572 amdide - ok
10:18:47.0428 1572 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:18:47.0428 1572 AmdK7 - ok
10:18:47.0475 1572 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:18:47.0475 1572 AmdK8 - ok
10:18:47.0537 1572 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:18:47.0537 1572 Appinfo - ok
10:18:47.0646 1572 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:18:47.0646 1572 Apple Mobile Device - ok
10:18:47.0802 1572 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
10:18:47.0818 1572 arc - ok
10:18:47.0865 1572 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:18:47.0865 1572 arcsas - ok
10:18:48.0130 1572 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:18:48.0161 1572 aspnet_state - ok
10:18:48.0239 1572 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:18:48.0239 1572 AsyncMac - ok
10:18:48.0302 1572 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
10:18:48.0302 1572 atapi - ok
10:18:48.0348 1572 [ 581B9BE9E92A0F3856CC85EC011EDC6F ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
10:18:48.0364 1572 Ati External Event Utility - ok
10:18:49.0019 1572 [ 22D300F835600C9C634860CF2912F9CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:18:49.0035 1572 atikmdag - ok
10:18:49.0082 1572 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
10:18:49.0082 1572 AtiPcie - ok
10:18:49.0191 1572 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:18:49.0206 1572 AudioEndpointBuilder - ok
10:18:49.0222 1572 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:18:49.0222 1572 Audiosrv - ok
10:18:49.0331 1572 [ B98C4EFAD723F9E18CBF68AA2B63D225 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
10:18:49.0347 1572 BBSvc - ok
10:18:49.0409 1572 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:18:49.0425 1572 Beep - ok
10:18:49.0456 1572 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
10:18:49.0472 1572 BFE - ok
10:18:49.0534 1572 blbdrive - ok
10:18:49.0659 1572 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:18:49.0659 1572 Bonjour Service - ok
10:18:49.0706 1572 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:18:49.0721 1572 bowser - ok
10:18:49.0752 1572 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:18:49.0752 1572 BrFiltLo - ok
10:18:49.0768 1572 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:18:49.0768 1572 BrFiltUp - ok
10:18:49.0830 1572 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:18:49.0862 1572 Browser - ok
10:18:49.0908 1572 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:18:49.0908 1572 Brserid - ok
10:18:49.0924 1572 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:18:49.0924 1572 BrSerWdm - ok
10:18:49.0955 1572 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:18:49.0955 1572 BrUsbMdm - ok
10:18:49.0971 1572 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:18:49.0971 1572 BrUsbSer - ok
10:18:49.0986 1572 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:18:49.0986 1572 BTHMODEM - ok
10:18:50.0033 1572 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:18:50.0049 1572 cdfs - ok
10:18:50.0096 1572 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:18:50.0096 1572 cdrom - ok
10:18:50.0142 1572 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
10:18:50.0142 1572 CertPropSvc - ok
10:18:50.0236 1572 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
10:18:50.0236 1572 CFSvcs - ok
10:18:50.0330 1572 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:18:50.0330 1572 circlass - ok
10:18:50.0408 1572 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
10:18:50.0408 1572 CLFS - ok
10:18:50.0454 1572 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:18:50.0454 1572 clr_optimization_v2.0.50727_32 - ok
10:18:50.0517 1572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:18:50.0517 1572 clr_optimization_v4.0.30319_32 - ok
10:18:50.0548 1572 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:18:50.0548 1572 CmBatt - ok
10:18:50.0595 1572 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:18:50.0595 1572 cmdide - ok
10:18:50.0642 1572 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:18:50.0642 1572 Compbatt - ok
10:18:50.0642 1572 COMSysApp - ok
10:18:50.0673 1572 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:18:50.0673 1572 crcdisk - ok
10:18:50.0720 1572 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:18:50.0720 1572 Crusoe - ok
10:18:50.0782 1572 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:18:50.0798 1572 CryptSvc - ok
10:18:50.0907 1572 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:18:50.0922 1572 DcomLaunch - ok
10:18:50.0938 1572 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:18:50.0938 1572 DfsC - ok
10:18:51.0141 1572 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
10:18:51.0203 1572 DFSR - ok
10:18:51.0281 1572 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:18:51.0281 1572 Dhcp - ok
10:18:51.0312 1572 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
10:18:51.0312 1572 disk - ok
10:18:51.0375 1572 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:18:51.0375 1572 Dnscache - ok
10:18:51.0422 1572 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:18:51.0422 1572 dot3svc - ok
10:18:51.0453 1572 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:18:51.0453 1572 Dot4 - ok
10:18:51.0500 1572 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:18:51.0500 1572 Dot4Print - ok
10:18:51.0531 1572 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:18:51.0531 1572 dot4usb - ok
10:18:51.0624 1572 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:18:51.0624 1572 DPS - ok
10:18:51.0671 1572 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:18:51.0671 1572 drmkaud - ok
10:18:51.0765 1572 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:18:51.0765 1572 DXGKrnl - ok
10:18:51.0812 1572 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:18:51.0827 1572 E1G60 - ok
10:18:51.0843 1572 EagleNT - ok
10:18:51.0905 1572 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:18:51.0905 1572 EapHost - ok
10:18:51.0968 1572 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:18:51.0968 1572 Ecache - ok
10:18:52.0108 1572 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:18:52.0139 1572 ehRecvr - ok
10:18:52.0155 1572 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:18:52.0170 1572 ehSched - ok
10:18:52.0170 1572 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:18:52.0170 1572 ehstart - ok
10:18:52.0217 1572 [ 7EC42EC12A4BAC14BCCA99FB06F2D125 ] elagopro C:\Windows\system32\DRIVERS\elagopro.sys
10:18:52.0217 1572 elagopro - ok
10:18:52.0264 1572 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] elaunidr C:\Windows\system32\DRIVERS\elaunidr.sys
10:18:52.0264 1572 elaunidr - ok
10:18:52.0311 1572 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:18:52.0326 1572 elxstor - ok
10:18:52.0373 1572 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:18:52.0404 1572 EMDMgmt - ok
10:18:52.0451 1572 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
10:18:52.0467 1572 EventSystem - ok
10:18:52.0498 1572 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
10:18:52.0498 1572 exfat - ok
10:18:52.0529 1572 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:18:52.0545 1572 fastfat - ok
10:18:52.0576 1572 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:18:52.0576 1572 fdc - ok
10:18:52.0623 1572 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:18:52.0623 1572 fdPHost - ok
10:18:52.0654 1572 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:18:52.0654 1572 FDResPub - ok
10:18:52.0732 1572 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:18:52.0732 1572 FileInfo - ok
10:18:52.0779 1572 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:18:52.0779 1572 Filetrace - ok
10:18:52.0810 1572 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:18:52.0810 1572 flpydisk - ok
10:18:52.0841 1572 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:18:52.0857 1572 FltMgr - ok
10:18:52.0966 1572 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
10:18:52.0982 1572 FontCache - ok
10:18:53.0075 1572 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:18:53.0075 1572 FontCache3.0.0.0 - ok
10:18:53.0169 1572 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:18:53.0184 1572 Fs_Rec - ok
10:18:53.0216 1572 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
10:18:53.0216 1572 FwLnk - ok
10:18:53.0247 1572 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:18:53.0247 1572 gagp30kx - ok
10:18:53.0294 1572 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
10:18:53.0294 1572 GEARAspiWDM - ok
10:18:53.0403 1572 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:18:53.0403 1572 GoogleDesktopManager-051210-111108 - ok
10:18:53.0450 1572 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
10:18:53.0465 1572 gpsvc - ok
10:18:53.0543 1572 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:18:53.0543 1572 gupdate - ok
10:18:53.0559 1572 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:18:53.0559 1572 gupdatem - ok
10:18:53.0668 1572 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:18:53.0668 1572 gusvc - ok
10:18:53.0730 1572 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:18:53.0730 1572 HdAudAddService - ok
10:18:53.0808 1572 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:18:53.0824 1572 HDAudBus - ok
10:18:53.0840 1572 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:18:53.0840 1572 HidBth - ok
10:18:53.0871 1572 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:18:53.0871 1572 HidIr - ok
10:18:53.0902 1572 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
10:18:53.0902 1572 hidserv - ok
10:18:53.0918 1572 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:18:53.0933 1572 HidUsb - ok
10:18:53.0980 1572 [ 7EAB073BF5949ED639660787A01B623D ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys
10:18:54.0011 1572 hitmanpro37 - ok
10:18:54.0058 1572 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:18:54.0074 1572 hkmsvc - ok
10:18:54.0105 1572 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:18:54.0105 1572 HpCISSs - ok
10:18:54.0354 1572 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:18:54.0354 1572 hpqcxs08 - ok
10:18:54.0386 1572 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:18:54.0386 1572 hpqddsvc - ok
10:18:54.0464 1572 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:18:54.0479 1572 HPSLPSVC - ok
10:18:54.0542 1572 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:18:54.0557 1572 HTTP - ok
10:18:54.0588 1572 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:18:54.0588 1572 i2omp - ok
10:18:54.0666 1572 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:18:54.0666 1572 i8042prt - ok
10:18:54.0698 1572 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:18:54.0698 1572 iaStorV - ok
10:18:54.0776 1572 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:18:54.0807 1572 IDriverT - ok
10:18:54.0869 1572 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:18:54.0900 1572 idsvc - ok
10:18:54.0947 1572 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:18:54.0963 1572 iirsp - ok
10:18:55.0010 1572 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
10:18:55.0025 1572 IKEEXT - ok
10:18:55.0150 1572 [ 97CAC2A7E92FFCB30C15101AB002ED30 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:18:55.0166 1572 IntcAzAudAddService - ok
10:18:55.0181 1572 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
10:18:55.0197 1572 intelide - ok
10:18:55.0228 1572 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:18:55.0228 1572 intelppm - ok
10:18:55.0259 1572 IO_Memory - ok
10:18:55.0322 1572 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:18:55.0322 1572 IPBusEnum - ok
10:18:55.0400 1572 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:18:55.0415 1572 iphlpsvc - ok
10:18:55.0415 1572 IpInIp - ok
10:18:55.0446 1572 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:18:55.0462 1572 IPMIDRV - ok
10:18:55.0509 1572 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:18:55.0509 1572 IPNAT - ok
10:18:55.0587 1572 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:18:55.0602 1572 iPod Service - ok
10:18:55.0649 1572 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:18:55.0680 1572 IRENUM - ok
10:18:55.0712 1572 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:18:55.0712 1572 isapnp - ok
10:18:55.0758 1572 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:18:55.0758 1572 iScsiPrt - ok
10:18:55.0790 1572 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:18:55.0790 1572 iteatapi - ok
10:18:55.0821 1572 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:18:55.0821 1572 iteraid - ok
10:18:55.0883 1572 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:18:55.0883 1572 kbdclass - ok
10:18:55.0914 1572 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:18:55.0914 1572 kbdhid - ok
10:18:55.0961 1572 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
10:18:55.0961 1572 KeyIso - ok
10:18:55.0992 1572 [ E8CA038F51F7761BD6E3A3B0B8014263 ] KR10I C:\Windows\system32\drivers\kr10i.sys
10:18:55.0992 1572 KR10I - ok
10:18:56.0039 1572 [ 6A4ADB9186DD0E114E623DAF57E42B31 ] KR10N C:\Windows\system32\drivers\kr10n.sys
10:18:56.0055 1572 KR10N - ok
10:18:56.0133 1572 [ 485E005CD51FF502FB16483EB4B69C17 ] KR3NPXP C:\Windows\system32\drivers\kr3npxp.sys
10:18:56.0273 1572 KR3NPXP - ok
10:18:56.0336 1572 [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:18:56.0351 1572 KSecDD - ok
10:18:56.0460 1572 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:18:56.0492 1572 KtmRm - ok
10:18:56.0538 1572 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
10:18:56.0554 1572 LanmanServer - ok
10:18:56.0616 1572 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:18:56.0632 1572 LanmanWorkstation - ok
10:18:56.0679 1572 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:18:56.0679 1572 lltdio - ok
10:18:56.0741 1572 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:18:56.0741 1572 lltdsvc - ok
10:18:56.0788 1572 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:18:56.0788 1572 lmhosts - ok
10:18:56.0819 1572 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:18:56.0819 1572 LSI_FC - ok
10:18:56.0850 1572 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:18:56.0850 1572 LSI_SAS - ok
10:18:56.0866 1572 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:18:56.0866 1572 LSI_SCSI - ok
10:18:56.0913 1572 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:18:56.0928 1572 luafv - ok
10:18:57.0053 1572 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
10:18:57.0069 1572 McciCMService - ok
10:18:57.0116 1572 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:18:57.0116 1572 Mcx2Svc - ok
10:18:57.0178 1572 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
10:18:57.0178 1572 megasas - ok
10:18:57.0209 1572 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:18:57.0209 1572 MMCSS - ok
10:18:57.0256 1572 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:18:57.0256 1572 Modem - ok
10:18:57.0318 1572 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:18:57.0318 1572 monitor - ok
10:18:57.0381 1572 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:18:57.0381 1572 mouclass - ok
10:18:57.0412 1572 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:18:57.0412 1572 mouhid - ok
10:18:57.0474 1572 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:18:57.0490 1572 MountMgr - ok
10:18:57.0537 1572 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:18:57.0537 1572 MpFilter - ok
10:18:57.0599 1572 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
10:18:57.0599 1572 mpio - ok
10:18:57.0662 1572 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:18:57.0662 1572 mpsdrv - ok
10:18:57.0740 1572 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
10:18:57.0755 1572 MpsSvc - ok
10:18:57.0771 1572 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:18:57.0786 1572 Mraid35x - ok
10:18:57.0833 1572 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:18:57.0849 1572 MREMP50 - ok
10:18:57.0896 1572 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:18:57.0896 1572 MRESP50 - ok
10:18:57.0942 1572 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:18:57.0958 1572 MRxDAV - ok
10:18:58.0005 1572 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:18:58.0005 1572 mrxsmb - ok
10:18:58.0067 1572 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:18:58.0083 1572 mrxsmb10 - ok
10:18:58.0098 1572 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:18:58.0098 1572 mrxsmb20 - ok
10:18:58.0176 1572 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
10:18:58.0192 1572 msahci - ok
10:18:58.0223 1572 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:18:58.0223 1572 msdsm - ok
10:18:58.0286 1572 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:18:58.0301 1572 MSDTC - ok
10:18:58.0379 1572 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:18:58.0379 1572 Msfs - ok
10:18:58.0442 1572 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:18:58.0442 1572 msisadrv - ok
10:18:58.0520 1572 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:18:58.0535 1572 MSiSCSI - ok
10:18:58.0551 1572 msiserver - ok
10:18:58.0598 1572 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:18:58.0644 1572 MSKSSRV - ok
10:18:58.0738 1572 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:18:58.0738 1572 MsMpSvc - ok
10:18:58.0800 1572 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:18:58.0800 1572 MSPCLOCK - ok
10:18:58.0816 1572 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:18:58.0816 1572 MSPQM - ok
10:18:58.0878 1572 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:18:58.0878 1572 MsRPC - ok
10:18:58.0925 1572 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:18:58.0925 1572 mssmbios - ok
10:18:58.0956 1572 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:18:58.0972 1572 MSTEE - ok
10:18:59.0003 1572 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
10:18:59.0003 1572 Mup - ok
10:18:59.0034 1572 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
10:18:59.0050 1572 napagent - ok
10:18:59.0097 1572 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:18:59.0112 1572 NativeWifiP - ok
10:18:59.0175 1572 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:18:59.0190 1572 NDIS - ok
10:18:59.0253 1572 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:18:59.0268 1572 NdisTapi - ok
10:18:59.0315 1572 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:18:59.0315 1572 Ndisuio - ok
10:18:59.0346 1572 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:18:59.0346 1572 NdisWan - ok
10:18:59.0424 1572 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:18:59.0424 1572 NDProxy - ok
10:18:59.0487 1572 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:18:59.0487 1572 Net Driver HPZ12 - ok
10:18:59.0502 1572 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:18:59.0502 1572 NetBIOS - ok
10:18:59.0596 1572 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:18:59.0627 1572 netbt - ok
10:18:59.0658 1572 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
10:18:59.0658 1572 Netlogon - ok
10:18:59.0705 1572 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:18:59.0736 1572 Netman - ok
10:18:59.0768 1572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:18:59.0783 1572 NetMsmqActivator - ok
10:18:59.0783 1572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:18:59.0783 1572 NetPipeActivator - ok
10:18:59.0877 1572 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:18:59.0892 1572 netprofm - ok
10:18:59.0908 1572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:18:59.0908 1572 NetTcpActivator - ok
10:18:59.0924 1572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:18:59.0924 1572 NetTcpPortSharing - ok
10:18:59.0970 1572 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:18:59.0970 1572 nfrd960 - ok
10:19:00.0002 1572 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:19:00.0002 1572 NisDrv - ok
10:19:00.0080 1572 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:19:00.0080 1572 NisSrv - ok
10:19:00.0158 1572 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:19:00.0173 1572 NlaSvc - ok
10:19:00.0220 1572 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:19:00.0220 1572 Npfs - ok
10:19:00.0267 1572 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:19:00.0282 1572 nsi - ok
10:19:00.0329 1572 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:19:00.0329 1572 nsiproxy - ok
10:19:00.0516 1572 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:19:00.0594 1572 Ntfs - ok
10:19:00.0704 1572 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:19:00.0719 1572 ntrigdigi - ok
10:19:00.0782 1572 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
10:19:00.0782 1572 NuidFltr - ok
10:19:00.0828 1572 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:19:00.0828 1572 Null - ok
10:19:00.0860 1572 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:19:00.0860 1572 nvraid - ok
10:19:00.0891 1572 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:19:00.0891 1572 nvstor - ok
10:19:00.0906 1572 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:19:00.0906 1572 nv_agp - ok
10:19:00.0922 1572 NwlnkFlt - ok
10:19:00.0922 1572 NwlnkFwd - ok
10:19:01.0156 1572 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:19:01.0187 1572 odserv - ok
10:19:01.0234 1572 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:19:01.0234 1572 ohci1394 - ok
10:19:01.0281 1572 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:19:01.0296 1572 ose - ok
10:19:01.0359 1572 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:19:01.0390 1572 p2pimsvc - ok
10:19:01.0406 1572 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
10:19:01.0421 1572 p2psvc - ok
10:19:01.0468 1572 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:19:01.0468 1572 Parport - ok
10:19:01.0499 1572 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:19:01.0499 1572 partmgr - ok
10:19:01.0530 1572 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:19:01.0530 1572 Parvdm - ok
10:19:01.0577 1572 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:19:01.0624 1572 PcaSvc - ok
10:19:01.0655 1572 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
10:19:01.0655 1572 pci - ok
10:19:01.0671 1572 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
10:19:01.0671 1572 pciide - ok
10:19:01.0718 1572 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:19:01.0733 1572 pcmcia - ok
10:19:01.0796 1572 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:19:01.0811 1572 PEAUTH - ok
10:19:01.0920 1572 [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1 ] pinger C:\Toshiba\IVP\ISM\pinger.exe
10:19:01.0936 1572 pinger - ok
10:19:02.0373 1572 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:19:02.0435 1572 pla - ok
10:19:02.0513 1572 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:19:02.0544 1572 PlugPlay - ok
10:19:02.0560 1572 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:19:02.0560 1572 Pml Driver HPZ12 - ok
10:19:02.0622 1572 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
10:19:02.0638 1572 PnkBstrA - ok
10:19:02.0669 1572 [ 27F1BE4A53441C9F1F48B9ADC145B0A5 ] PnkBstrB C:\Windows\system32\PnkBstrB.exe
10:19:02.0669 1572 PnkBstrB - ok
10:19:02.0716 1572 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:19:02.0716 1572 PNRPAutoReg - ok
10:19:02.0763 1572 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:19:02.0763 1572 PNRPsvc - ok
10:19:02.0841 1572 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:19:02.0841 1572 PolicyAgent - ok
10:19:02.0919 1572 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:19:02.0919 1572 PptpMiniport - ok
10:19:02.0950 1572 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
10:19:02.0950 1572 Processor - ok
10:19:02.0981 1572 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
10:19:02.0981 1572 ProfSvc - ok
10:19:02.0997 1572 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:19:02.0997 1572 ProtectedStorage - ok
10:19:03.0090 1572 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:19:03.0090 1572 PSched - ok
10:19:03.0293 1572 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:19:03.0356 1572 ql2300 - ok
10:19:03.0387 1572 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:19:03.0434 1572 ql40xx - ok
10:19:03.0512 1572 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:19:03.0527 1572 QWAVE - ok
10:19:03.0574 1572 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:19:03.0590 1572 QWAVEdrv - ok
10:19:03.0652 1572 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:19:03.0668 1572 RasAcd - ok
10:19:03.0714 1572 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:19:03.0730 1572 RasAuto - ok
10:19:03.0792 1572 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:19:03.0808 1572 Rasl2tp - ok
10:19:03.0855 1572 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
10:19:03.0886 1572 RasMan - ok
10:19:03.0933 1572 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:19:03.0964 1572 RasPppoe - ok
10:19:04.0011 1572 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:19:04.0011 1572 RasSstp - ok
10:19:04.0073 1572 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:19:04.0089 1572 rdbss - ok
10:19:04.0136 1572 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:19:04.0136 1572 RDPCDD - ok
10:19:04.0245 1572 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:19:04.0260 1572 rdpdr - ok
10:19:04.0292 1572 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:19:04.0292 1572 RDPENCDD - ok
10:19:04.0385 1572 [ 79C6DF8477250F5C54F7C5AE1D6B814E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:19:04.0385 1572 RDPWD - ok
10:19:04.0479 1572 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:19:04.0479 1572 RemoteAccess - ok
10:19:04.0541 1572 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:19:04.0541 1572 RemoteRegistry - ok
10:19:04.0572 1572 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
10:19:04.0572 1572 rimmptsk - ok
10:19:04.0604 1572 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
10:19:04.0604 1572 rimsptsk - ok
10:19:04.0619 1572 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
10:19:04.0619 1572 rismxdp - ok
10:19:04.0666 1572 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:19:04.0682 1572 RpcLocator - ok
10:19:04.0760 1572 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
10:19:04.0760 1572 RpcSs - ok
10:19:04.0838 1572 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:19:04.0838 1572 rspndr - ok
10:19:04.0884 1572 [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
10:19:04.0884 1572 RTL8169 - ok
10:19:04.0947 1572 [ 67E7822975985016FDCE01635FBDBBF9 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
10:19:04.0962 1572 RTL8187B - ok
10:19:04.0978 1572 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
10:19:04.0978 1572 SamSs - ok
10:19:05.0025 1572 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:19:05.0072 1572 sbp2port - ok
10:19:05.0181 1572 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:19:05.0259 1572 SCardSvr - ok
10:19:05.0540 1572 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
10:19:05.0555 1572 Schedule - ok
10:19:05.0602 1572 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:19:05.0602 1572 SCPolicySvc - ok
10:19:05.0633 1572 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:19:05.0633 1572 sdbus - ok
10:19:05.0696 1572 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:19:05.0711 1572 SDRSVC - ok
10:19:05.0836 1572 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
10:19:05.0852 1572 SeaPort - ok
10:19:05.0992 1572 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:19:06.0008 1572 secdrv - ok
10:19:06.0054 1572 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:19:06.0054 1572 seclogon - ok
10:19:06.0101 1572 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
10:19:06.0101 1572 SENS - ok
10:19:06.0148 1572 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:19:06.0148 1572 Serenum - ok
10:19:06.0164 1572 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:19:06.0164 1572 Serial - ok
10:19:06.0195 1572 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:19:06.0195 1572 sermouse - ok
10:19:06.0257 1572 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:19:06.0273 1572 SessionEnv - ok
10:19:06.0288 1572 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:19:06.0288 1572 sffdisk - ok
10:19:06.0351 1572 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:19:06.0366 1572 sffp_mmc - ok
10:19:06.0413 1572 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:19:06.0413 1572 sffp_sd - ok
10:19:06.0429 1572 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:19:06.0429 1572 sfloppy - ok
10:19:06.0507 1572 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:19:06.0522 1572 SharedAccess - ok
10:19:06.0585 1572 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:19:06.0600 1572 ShellHWDetection - ok
10:19:06.0632 1572 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:19:06.0632 1572 sisagp - ok
10:19:06.0663 1572 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:19:06.0663 1572 SiSRaid2 - ok
10:19:06.0694 1572 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:19:06.0694 1572 SiSRaid4 - ok
10:19:06.0959 1572 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
10:19:07.0084 1572 slsvc - ok
10:19:07.0131 1572 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:19:07.0131 1572 SLUINotify - ok
10:19:07.0178 1572 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:19:07.0178 1572 Smb - ok
10:19:07.0240 1572 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:19:07.0240 1572 SNMPTRAP - ok
10:19:07.0302 1572 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:19:07.0302 1572 spldr - ok
10:19:07.0349 1572 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
10:19:07.0365 1572 Spooler - ok
10:19:07.0412 1572 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:19:07.0427 1572 srv - ok
10:19:07.0490 1572 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:19:07.0521 1572 srv2 - ok
10:19:07.0552 1572 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:19:07.0552 1572 srvnet - ok
10:19:07.0568 1572 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:19:07.0583 1572 SSDPSRV - ok
10:19:07.0677 1572 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:19:07.0677 1572 SstpSvc - ok
10:19:07.0739 1572 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
10:19:07.0755 1572 stisvc - ok
10:19:07.0770 1572 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:19:07.0770 1572 swenum - ok
10:19:07.0833 1572 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
10:19:07.0848 1572 swprv - ok
10:19:07.0911 1572 [ 327786C5D6BCF284FAB14C2B5751F514 ] Swupdtmr c:\Toshiba\IVP\swupdate\swupdtmr.exe
10:19:07.0911 1572 Swupdtmr - ok
10:19:07.0942 1572 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:19:07.0942 1572 Symc8xx - ok
10:19:07.0958 1572 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:19:07.0958 1572 Sym_hi - ok
10:19:07.0973 1572 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:19:07.0973 1572 Sym_u3 - ok
10:19:08.0020 1572 [ 11F730BF0D0AA4FE7DE7138A32A52422 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:19:08.0020 1572 SynTP - ok
10:19:08.0207 1572 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
10:19:08.0207 1572 SysMain - ok
10:19:08.0270 1572 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:19:08.0270 1572 TabletInputService - ok
10:19:08.0332 1572 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:19:08.0363 1572 TapiSrv - ok
10:19:08.0410 1572 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:19:08.0410 1572 TBS - ok
10:19:08.0613 1572 [ 16731B631F28F63CD9F4CB60940E7DDD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:19:08.0628 1572 Tcpip - ok
10:19:08.0660 1572 [ 16731B631F28F63CD9F4CB60940E7DDD ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:19:08.0660 1572 Tcpip6 - ok
10:19:08.0691 1572 [ 3FC13F09AF9BE487C7B4FAC4070A036C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:19:08.0691 1572 tcpipreg - ok
10:19:08.0738 1572 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
10:19:08.0738 1572 tdcmdpst - ok
10:19:08.0784 1572 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:19:08.0800 1572 TDPIPE - ok
10:19:08.0847 1572 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:19:08.0862 1572 TDTCP - ok
10:19:08.0894 1572 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:19:08.0909 1572 tdx - ok
10:19:08.0909 1572 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:19:08.0909 1572 TermDD - ok
10:19:08.0972 1572 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
10:19:08.0972 1572 TermService - ok
10:19:09.0018 1572 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
10:19:09.0018 1572 Themes - ok
10:19:09.0050 1572 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:19:09.0050 1572 THREADORDER - ok
10:19:09.0237 1572 [ 804FED244FC47642CC635236D47A67D4 ] TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
10:19:09.0237 1572 TNaviSrv - ok
10:19:09.0268 1572 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\Windows\system32\TODDSrv.exe
10:19:09.0268 1572 TODDSrv - ok
10:19:09.0377 1572 [ 6A54C28B53C6B50D333C8EE974C6B208 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
10:19:09.0377 1572 TosCoSrv - ok
10:19:09.0424 1572 [ 87843B2DA99051BC66E2D6C211E3D6A4 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
10:19:09.0424 1572 TOSHIBA Bluetooth Service - ok
10:19:09.0455 1572 Tosrfcom - ok
10:19:09.0518 1572 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
10:19:09.0533 1572 tosrfec - ok
10:19:09.0580 1572 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
10:19:09.0596 1572 tos_sps32 - ok
10:19:09.0642 1572 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:19:09.0674 1572 TrkWks - ok
10:19:09.0767 1572 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:19:09.0783 1572 TrustedInstaller - ok
10:19:09.0845 1572 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:19:09.0845 1572 tssecsrv - ok
10:19:09.0908 1572 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:19:09.0908 1572 tunmp - ok
10:19:09.0954 1572 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:19:09.0954 1572 tunnel - ok
10:19:09.0986 1572 [ 521C5F39829875ADF5466DD94C6282C7 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
10:19:09.0986 1572 TVALZ - ok
10:19:10.0032 1572 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:19:10.0032 1572 uagp35 - ok
10:19:10.0079 1572 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:19:10.0079 1572 udfs - ok
10:19:10.0157 1572 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:19:10.0157 1572 UI0Detect - ok
10:19:10.0220 1572 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
10:19:10.0220 1572 UleadBurningHelper - ok
10:19:10.0251 1572 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:19:10.0251 1572 uliagpkx - ok
10:19:10.0266 1572 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:19:10.0282 1572 uliahci - ok
10:19:10.0329 1572 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:19:10.0329 1572 UlSata - ok
10:19:10.0360 1572 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:19:10.0360 1572 ulsata2 - ok
10:19:10.0407 1572 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:19:10.0422 1572 umbus - ok
10:19:10.0454 1572 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
10:19:10.0454 1572 UnlockerDriver5 - ok
10:19:10.0594 1572 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:19:10.0703 1572 upnphost - ok
10:19:10.0781 1572 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:19:10.0797 1572 USBAAPL - ok
10:19:10.0890 1572 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:19:10.0906 1572 usbccgp - ok
10:19:10.0968 1572 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:19:11.0031 1572 usbcir - ok
10:19:11.0156 1572 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:19:11.0218 1572 usbehci - ok
10:19:11.0327 1572 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:19:11.0358 1572 usbhub - ok
10:19:11.0405 1572 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:19:11.0405 1572 usbohci - ok
10:19:11.0452 1572 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:19:11.0483 1572 usbprint - ok
10:19:11.0514 1572 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:19:11.0514 1572 usbscan - ok
10:19:11.0546 1572 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:19:11.0608 1572 USBSTOR - ok
10:19:11.0655 1572 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:19:11.0686 1572 usbuhci - ok
10:19:11.0717 1572 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:19:11.0733 1572 usbvideo - ok
10:19:11.0780 1572 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
10:19:11.0811 1572 UxSms - ok
10:19:11.0889 1572 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
10:19:11.0904 1572 vds - ok
10:19:11.0936 1572 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:19:11.0936 1572 vga - ok
10:19:11.0982 1572 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:19:11.0982 1572 VgaSave - ok
10:19:12.0029 1572 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:19:12.0045 1572 viaagp - ok
10:19:12.0076 1572 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:19:12.0076 1572 ViaC7 - ok
10:19:12.0107 1572 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
10:19:12.0107 1572 viaide - ok
10:19:12.0138 1572 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:19:12.0138 1572 volmgr - ok
10:19:12.0294 1572 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:19:12.0310 1572 volmgrx - ok
10:19:12.0419 1572 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:19:12.0466 1572 volsnap - ok
10:19:12.0513 1572 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:19:12.0544 1572 vsmraid - ok
10:19:12.0622 1572 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
10:19:12.0638 1572 VSS - ok
10:19:12.0731 1572 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
10:19:12.0731 1572 W32Time - ok
10:19:12.0794 1572 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:19:12.0794 1572 WacomPen - ok
10:19:12.0856 1572 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:19:12.0856 1572 Wanarp - ok
10:19:12.0856 1572 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:19:12.0856 1572 Wanarpv6 - ok
10:19:12.0918 1572 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:19:12.0950 1572 wcncsvc - ok
10:19:12.0981 1572 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:19:12.0981 1572 WcsPlugInService - ok
10:19:13.0028 1572 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
10:19:13.0028 1572 Wd - ok
10:19:13.0090 1572 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:19:13.0106 1572 Wdf01000 - ok
10:19:13.0168 1572 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:19:13.0184 1572 WdiServiceHost - ok
10:19:13.0199 1572 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:19:13.0199 1572 WdiSystemHost - ok
10:19:13.0230 1572 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
10:19:13.0230 1572 WebClient - ok
10:19:13.0277 1572 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:19:13.0293 1572 Wecsvc - ok
10:19:13.0324 1572 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:19:13.0324 1572 wercplsupport - ok
10:19:13.0371 1572 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
10:19:13.0386 1572 WerSvc - ok
10:19:13.0433 1572 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
10:19:13.0480 1572 winbondcir - ok
10:19:13.0574 1572 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:19:13.0574 1572 WinDefend - ok
10:19:13.0652 1572 [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
10:19:13.0667 1572 WinDriver6 - ok
10:19:13.0667 1572 WinHttpAutoProxySvc - ok
10:19:13.0901 1572 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:19:13.0917 1572 Winmgmt - ok
10:19:13.0995 1572 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:19:14.0026 1572 WinRM - ok
10:19:14.0244 1572 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:19:14.0291 1572 Wlansvc - ok
10:19:14.0338 1572 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:19:14.0338 1572 WmiAcpi - ok
10:19:14.0385 1572 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:19:14.0385 1572 wmiApSrv - ok
10:19:14.0494 1572 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:19:14.0525 1572 WMPNetworkSvc - ok
10:19:14.0572 1572 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:19:14.0572 1572 WPCSvc - ok
10:19:14.0619 1572 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:19:14.0619 1572 WPDBusEnum - ok
10:19:14.0681 1572 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:19:14.0728 1572 WpdUsb - ok
10:19:14.0946 1572 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:19:14.0962 1572 WPFFontCache_v0400 - ok
10:19:15.0009 1572 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:19:15.0009 1572 ws2ifsl - ok
10:19:15.0056 1572 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
10:19:15.0071 1572 wscsvc - ok
10:19:15.0071 1572 WSearch - ok
10:19:15.0586 1572 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:19:15.0664 1572 wuauserv - ok
10:19:15.0711 1572 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:19:15.0726 1572 WUDFRd - ok
10:19:15.0773 1572 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:19:15.0804 1572 wudfsvc - ok
10:19:15.0804 1572 XDva309 - ok
10:19:15.0836 1572 XDva344 - ok
10:19:15.0867 1572 ================ Scan global ===============================
10:19:15.0882 1572 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:19:15.0945 1572 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:19:15.0976 1572 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
10:19:16.0007 1572 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:19:16.0054 1572 [Global] - ok
10:19:16.0054 1572 ================ Scan MBR ==================================
10:19:16.0085 1572 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
10:19:18.0815 1572 \Device\Harddisk0\DR0 - ok
10:19:18.0815 1572 ================ Scan VBR ==================================
10:19:18.0831 1572 [ AF207AEDEB848EFEB71F78F286B26DF7 ] \Device\Harddisk0\DR0\Partition1
10:19:18.0862 1572 \Device\Harddisk0\DR0\Partition1 - ok
10:19:18.0862 1572 ============================================================
10:19:18.0862 1572 Scan finished
10:19:18.0862 1572 ============================================================
10:19:18.0893 3768 Detected object count: 0
10:19:18.0893 3768 Actual detected object count: 0


Avast

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-30 10:24:20
-----------------------------
10:24:20.262 OS Version: Windows 6.0.6002 Service Pack 2
10:24:20.262 Number of processors: 2 586 0x6802
10:24:20.262 ComputerName: DENNIS-PC UserName: Dennis
10:24:54.707 Initialize success
10:26:29.407 AVAST engine defs: 13013000
10:27:55.909 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:27:55.909 Disk 0 Vendor: TOSHIBA_MK2035GSS DK020M Size: 190782MB BusType: 3
10:27:56.018 Disk 0 MBR read successfully
10:27:56.018 Disk 0 MBR scan
10:27:56.205 Disk 0 Windows VISTA default MBR code
10:27:56.252 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:27:56.501 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 189278 MB offset 3074048
10:27:56.564 Disk 0 scanning sectors +390715392
10:27:56.798 Disk 0 scanning C:\Windows\system32\drivers
10:29:29.665 Service scanning
10:31:43.778 Service MpKsl19850427 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACCFACCD-40E0-43DB-B1E6-A0493220C2BC}\MpKsl19850427.sys **LOCKED** 32
10:33:47.657 Modules scanning
10:34:23.553 Disk 0 trace - called modules:
10:34:23.584 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys
10:34:23.600 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85267ac8]
10:34:23.600 3 CLASSPNP.SYS[879138b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84c024e0]
10:34:34.613 AVAST engine scan C:\Windows
10:35:01.321 AVAST engine scan C:\Windows\system32
10:45:12.201 AVAST engine scan C:\Windows\system32\drivers
10:45:41.326 AVAST engine scan C:\Users\Dennis
10:56:06.137 Disk 0 MBR has been saved successfully to "C:\Users\Dennis\Desktop\1-30-2013 Virus removal\MBR.dat"
10:56:06.184 The log file has been saved successfully to "C:\Users\Dennis\Desktop\1-30-2013 Virus removal\aswMBR.txt"


ESET

C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Dennis\AppData\Roaming\awcoi.dll a variant of Win32/Medfos.JC trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Dennis\AppData\Roaming\neroc.dll a variant of Win32/Medfos.JG trojan cleaned by deleting - quarantined
C:\Users\Dennis\AppData\Roaming\onezet.dll a variant of Win32/Medfos.JD trojan cleaned by deleting - quarantined
C:\Users\Dennis\AppData\Roaming\scsrf.dll a variant of Win32/Medfos.JG trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44Y531M0\iframe3[7].htm HTML/Iframe.B.Gen virus deleted - quarantined


Another thing I noticed yesterday were that after the machine was on for a while I got a message: 'Windows host process (Rundll32) was closed'. I did not however see that message today during the time I was doing the various scans.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:59 PM

Posted 30 January 2013 - 08:24 PM

Reboot the PC

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 xfuture

xfuture
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 31 January 2013 - 03:45 PM

There is one additional thing I am seeing before I get into the logs. Maybe it means something maybe not but on boot up when I first get into Windows I get the error "Error loading C:\Users\Dennis\AppData\Romaing\awcoi.dll" I get this error 3 times in rapid succession.

Now the logs.

Malwarebytes

I could not get Malwarebytes to run. It would run for about an hour or so and then the computer would just shut down. Every time. So I moved on.

Mini Tool Box:

MiniToolBox by Farbar Version:10-01-2013
Ran by Dennis (administrator) on 31-01-2013 at 13:16:55
Running from "C:\Users\Dennis\Desktop\1-30-2013 Virus removal"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)
Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dennis-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 00-16-44-A4-0A-4F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-A0-D1-8C-39-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4a05:4e17:1234:545f:410f:9d7f:1938(Preferred)
Temporary IPv6 Address. . . . . . : 2002:4a05:4e17:1234:8168:db2d:3dab:1dcc(Preferred)
Link-local IPv6 Address . . . . . : fe80::545f:410f:9d7f:1938%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.113(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 31, 2013 1:12:34 PM
Lease Expires . . . . . . . . . . : Thursday, January 31, 2013 1:18:38 PM
Default Gateway . . . . . . . . . : fe80::21e:e5ff:fefe:6206%8
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201367761
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-82-15-78-00-A0-D1-83-33-4B
DNS Servers . . . . . . . . . . . : 65.41.112.27
71.3.0.116
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2823:de6:3f57:fe8e(Preferred)
Link-local IPv6 Address . . . . . : fe80::2823:de6:3f57:fe8e%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4408EA5D-FCA0-4A23-A09D-4A79669DB1D1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0642EFCB-8E53-40C6-82BB-3788A1190ACD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: speedtest-mn.embarqhsd.net
Address: 65.41.112.27

Name: google.com
Addresses: 2607:f8b0:400f:801::1003
74.125.225.167
74.125.225.168
74.125.225.169
74.125.225.174
74.125.225.160
74.125.225.161
74.125.225.162
74.125.225.163
74.125.225.164
74.125.225.165
74.125.225.166



Pinging google.com [74.125.225.169] with 32 bytes of data:

Reply from 74.125.225.169: bytes=32 time=66ms TTL=56

Reply from 74.125.225.169: bytes=32 time=64ms TTL=56



Ping statistics for 74.125.225.169:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 64ms, Maximum = 66ms, Average = 65ms

Server: speedtest-mn.embarqhsd.net
Address: 65.41.112.27

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=108ms TTL=51

Reply from 206.190.36.45: bytes=32 time=113ms TTL=51



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 108ms, Maximum = 113ms, Average = 110ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 16 44 a4 0a 4f ...... Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter
8 ...00 a0 d1 8c 39 42 ...... Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{4408EA5D-FCA0-4A23-A09D-4A79669DB1D1}
12 ...00 00 00 00 00 00 00 e0 isatap.{0642EFCB-8E53-40C6-82BB-3788A1190ACD}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.113 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.113 276
192.168.1.113 255.255.255.255 On-link 192.168.1.113 276
192.168.1.255 255.255.255.255 On-link 192.168.1.113 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.113 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.113 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
8 276 ::/0 fe80::21e:e5ff:fefe:6206
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:9d38:6ab8:2823:de6:3f57:fe8e/128
On-link
8 28 2002:4a05:4e17:1234::/64 On-link
8 276 2002:4a05:4e17:1234:545f:410f:9d7f:1938/128
On-link
8 276 2002:4a05:4e17:1234:8168:db2d:3dab:1dcc/128
On-link
8 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::2823:de6:3f57:fe8e/128
On-link
8 276 fe80::545f:410f:9d7f:1938/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/30/2013 10:14:40 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16421, time stamp 0x4d76255d, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000029, fault offset 0x00080b56,
process id 0xac8, application start time 0xiexplore.exe0.

Error: (01/30/2013 10:14:09 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16421, time stamp 0x4d76255d, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000029, fault offset 0x00080b56,
process id 0xb38, application start time 0xiexplore.exe0.

Error: (01/29/2013 08:35:44 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x02e3e008,
process id 0xd00, application start time 0xrundll32.exe0.

Error: (01/29/2013 06:12:17 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16421, time stamp 0x4d76255d, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000029, fault offset 0x00080b56,
process id 0x978, application start time 0xiexplore.exe0.

Error: (01/29/2013 10:38:09 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x02ccf828,
process id 0xa3c, application start time 0xrundll32.exe0.

Error: (01/28/2013 09:53:12 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000374, fault offset 0x000b06fc,
process id 0x52c, application start time 0xrundll32.exe0.

Error: (01/28/2013 09:53:05 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x029e6e28,
process id 0x52c, application start time 0xrundll32.exe0.

Error: (01/28/2013 09:28:50 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = E:\HitmanPro.exe ; Descripton = ??????A?A A ?????????? ?a????????????????????????????????Aaaaaaaaaaaaaaaaaaaaaaa??; Hr = 0x80070057).

Error: (01/28/2013 09:26:45 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x02ccf828,
process id 0xb44, application start time 0xrundll32.exe0.

Error: (01/28/2013 09:12:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/31/2013 01:13:00 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/31/2013 01:12:18 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:06:23 PM on 1/31/2013 was unexpected.

Error: (01/31/2013 00:32:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.947.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/31/2013 00:32:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.947.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/31/2013 00:06:20 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/30/2013 03:42:11 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/30/2013 10:33:25 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.947.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/30/2013 10:33:25 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.143.947.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/30/2013 10:13:39 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/29/2013 08:55:58 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-01-31 12:28:26.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:28:25.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:28:25.384
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:28:24.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:28:24.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:28:23.965
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:17:11.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:17:11.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:17:10.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-31 12:17:10.279
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 3.1.1)
6500_E709_eDocs (Version: 1.00.0000)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Adobe Shockwave Player 11 (Version: 11)
AirMac (Version: 5.5.3.2)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.1.116)
Apple Software Update (Version: 2.1.2.120)
ATI Catalyst Install Manager (Version: 3.0.641.0)
Bing Bar (Version: 7.0.756.0)
Bluetooth Stack for Windows by Toshiba (Version: v5.10.14(T))
Bonjour (Version: 2.0.4.0)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 120.0.194.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
CCleaner (Version: 3.21)
CD/DVD Drive Acoustic Silencer (Version: 2.01.03)
CenturyLink Remote Control
Cisco Connect (Version: 1.4.11200.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ContentManager (Version: 0.5)
Copy (Version: 110.0.180.000)
Coupon Printer for Windows (Version: 5.0.0.1)
CouponBar (Version: 5.0.0.5)
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Download Manager 2.3.8 (Version: 2.3.8)
Drivers Install For Linksys Easylink Advisor (Version: 2.0.9)
DVD MovieFactory for TOSHIBA (Version: 5.3)
Embarq Toolbar
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 120.0.194.000)
Free Realms
Full Tilt Poker.Net (Version: 4.30.0.WIN.FullTilt.NET)
GCalc 3
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.123)
GPBaseService (Version: 110.0.180.000)
GPBaseService2 (Version: 120.0.194.000)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3 (Version: 11.0)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 12.0 (Version: 12.0)
HP Update (Version: 5.003.001.001)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPProductAssistant (Version: 120.0.194.000)
HPSSupply (Version: 120.0.194.000)
iTunes (Version: 10.2.2.14)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MarketResearch (Version: 120.0.226.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.20.8730.4)
Microsoft Zoo Tycoon
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Napster (Version: 3.8.1.4)
Napster Burn Engine (Version: 3.5.0000)
Network (Version: 120.0.194.000)
NVIDIA PhysX (Version: 9.10.0129)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
Octoshape Streaming Services
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Orion's TheSky (Remove only)
Pando Media Booster (Version: 2.3.3.9)
PanoStandAlone (Version: 110.0.180.000)
Photo Story 3 for Windows (Version: 3.0.1115.11)
PS_AIO_03_C4400_Software (Version: 110.0.201.000)
PS_AIO_03_C4400_Software_Min (Version: 110.0.201.000)
PSSWCORE (Version: 2.03.0000)
QuickBooks Financial Center (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5464)
REALTEK RTL8187B Wireless LAN Driver (Version: Package:1.00.0008 Driver:6.1089.601.2007)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (Version: 3.51.01)
RollerCoaster Tycoon 3 (Version: 1.00.000)
Scan (Version: 12.0.0.0)
Search-Results Toolbar (Version: 1.0.0.12)
Shop for HP Supplies (Version: 12)
SmartWebPrinting (Version: 120.0.194.000)
Solid State ION Internet Explorer Plugin (Version: 0.846)
SolutionCenter (Version: 120.0.194.000)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Spotify (Version: 0.8.4.124.ga3559d86)
Status (Version: 120.0.194.000)
Synaptics Pointing Device Driver (Version: 10.0.11.1)
Toolbox (Version: 120.0.194.000)
TOSHIBA Assist (Version: 2.01.05)
TOSHIBA ConfigFree (Version: 7.00.32)
TOSHIBA Disc Creator (Version: 2.0.0.8)
TOSHIBA DVD PLAYER (Version: 1.10.08)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Games (Version: TOSH0501)
TOSHIBA Hardware Setup (Version: 2.00.06)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Software Upgrades (Version: 4.2)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.02)
TOSHIBA Value Added Package (Version: 1.0.28)
TrayApp (Version: 120.0.194.000)
Uninstall EMBARQHelp
Unity Web Player (Version: 2.5.1b3_716)
UnloadSupport (Version: 11.0.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01 (Version: 110.0.171.000)
WebReg (Version: 120.0.194.000)
Winbond CIR Device Drivers (Version: 7.60.1003)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)
World of Warcraft (Version: 4.0.3.13329)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 1917.32 MB
Available physical RAM: 1108.43 MB
Total Pagefile: 4077.16 MB
Available Pagefile: 3131.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.13 MB

========================= Partitions: =====================================

1 Drive c: (SQ004513V03) (Fixed) (Total:184.84 GB) (Free:74.99 GB) NTFS

========================= Users: ========================================

User accounts for \\DENNIS-PC

Administrator ASPNET Dennis
Guest

========================= Restore Points ==================================

02-01-2013 00:35:54 Scheduled Checkpoint
03-01-2013 00:04:53 Scheduled Checkpoint
04-01-2013 13:20:16 Scheduled Checkpoint
05-01-2013 14:44:42 Scheduled Checkpoint
06-01-2013 14:51:35 Scheduled Checkpoint
07-01-2013 23:54:59 Scheduled Checkpoint
08-01-2013 13:26:15 Scheduled Checkpoint
09-01-2013 13:02:21 Scheduled Checkpoint
10-01-2013 13:09:51 Scheduled Checkpoint
11-01-2013 12:48:59 Scheduled Checkpoint
13-01-2013 00:14:10 Scheduled Checkpoint
14-01-2013 13:12:16 Scheduled Checkpoint
16-01-2013 12:48:18 Scheduled Checkpoint
17-01-2013 13:03:59 Scheduled Checkpoint
18-01-2013 13:53:52 Scheduled Checkpoint
19-01-2013 15:18:45 Scheduled Checkpoint
20-01-2013 14:34:12 Scheduled Checkpoint
22-01-2013 13:28:08 Scheduled Checkpoint
23-01-2013 13:30:50 Scheduled Checkpoint
24-01-2013 13:25:00 Scheduled Checkpoint
25-01-2013 14:05:10 Scheduled Checkpoint
26-01-2013 13:24:52 Scheduled Checkpoint
27-01-2013 20:54:06 Scheduled Checkpoint

**** End of log ****

Farbar:

Farbar Service Scanner Version: 30-01-2013
Ran by Dennis (administrator) on 31-01-2013 at 13:21:23
Running from "C:\Users\Dennis\Desktop\1-30-2013 Virus removal"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

adware cleaner:

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 13:22:49
# Updated 26/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Dennis - DENNIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\1-30-2013 Virus removal\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\search results toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Giant Savings
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Dennis\AppData\Local\Conduit
Folder Deleted : C:\Users\Dennis\AppData\Local\Giant Savings
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\ilividtoolbarguid
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Dennis\AppData\Roaming\iWin
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [11582 octets] - [31/01/2013 13:22:49]

########## EOF - C:\AdwCleaner[S1].txt - [11643 octets] ##########

Junkware removal tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.7 (01.30.2013:4)
OS: Windows Vista ™ Home Premium x86
Ran by Dennis on Thu 01/31/2013 at 13:43:18.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?

Val Name Type Value Data
======== ==== ==========
awcoi REG_SZ rundll32.exe "C:\Users\Dennis\AppData\Roaming\awcoi.dll",IsPlatformWinNT
scsrf REG_SZ rundll32.exe "C:\Users\Dennis\AppData\Roaming\scsrf.dll",List_New
neroc REG_SZ rundll32.exe "C:\Users\Dennis\AppData\Roaming\neroc.dll",AsEncodedObject




~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dennis\appdata\local\torch"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\coupons.com couponbar"
Successfully deleted: [Folder] "C:\Program Files\search results toolbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/31/2013 at 13:47:17.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

rkill:

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/31/2013 01:51:41 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\TODDSrv.exe (PID: 3508) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/31/2013 01:52:01 PM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)


Autoruns:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AirMac Base Station Agent" "AirPort Base Station Agent" "Apple Inc." "c:\program files\airport\apagent.exe"
+ "awcoi" "" "" "File not found: C:\Users\Dennis\AppData\Roaming\awcoi.dll"
+ "EmbarqVALite_McciTrayApp" "mcci+McciTrayApp" "Motive Communications, Inc." "c:\program files\embarqvalite\embarqhelphelper.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "neroc" "" "" "File not found: C:\Users\Dennis\AppData\Roaming\neroc.dll"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe"
+ "scsrf" "" "" "File not found: C:\Users\Dennis\AppData\Roaming\scsrf.dll"
+ "SynTPStart" "Synaptics Pointing Device starter" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpstart.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "kggjct" "" "" "File not found: C:\Users\Dennis\AppData\Roaming\Microsoft\Qyyqi\qyyqi.exe"
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "Spotify" "" "" "File not found: C:\Users\Dennis\AppData\Roaming\Microsoft\Qyyqi\qyyqi.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "{27965804-7832-1115-1059-230427086053}" "" "" "File not found: C:\Users\Dennis\AppData\Local\Temp\mmxpj.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "EnhancedStorageShell" "" "" "File not found: C:\Users\Dennis\AppData\Local\Temp\mmxpj.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Embarq Toolbar" "Embarq Toolbar" "Embarq" "c:\program files\embarqtoolbar\embarqtoolbar.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "" "Embarq Toolbar" "Embarq" "c:\program files\embarqtoolbar\embarqtoolbar.dll"
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "HP Smart Select" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\0" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe"
+ "\4790" "" "" "File not found: C:\Users\Dennis\AppData\Local\Temp\launchie.vbs"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\BFGLaunch_bfgclient" "" "" "File not found: C:\Program Files\bfgclient\bfgclient.exe"
+ "\BFGLaunch_bigfishgames_p12745670[1]" "" "" "File not found: C:\Users\Dennis\AppData\Local\Temp\bigfishgames_p12745670[1].exe"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\HPCustParticipation HP Deskjet 1050 J410 series" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp deskjet 1050 j410 series\bin\hpcustpartic.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AgereModemAudio" "Agere Soft Modem Call Progress Service" "Agere Systems" "c:\windows\system32\agrsmsvc.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CFSvcs" "Service of ConfigFree." "TOSHIBA CORPORATION" "c:\program files\toshiba\configfree\cfsvcs.exe"
+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "HPSLPSVC" "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpslpsvc32.dll"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "McciCMService" "mcci+McciCMService" "Motive Communications, Inc." "c:\program files\common files\motive\mccicmservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "pinger" "" "" "c:\toshiba\ivp\ism\pinger.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "PnkBstrA" "PunkBuster Service Component [v1034] http://www.evenbalance.com" "" "c:\windows\system32\pnkbstra.exe"
+ "PnkBstrB" "PunkBuster Service Component [v2.202 WOLF] http://www.evenbalance.com" "" "c:\windows\system32\pnkbstrb.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
+ "Swupdtmr" "" "" "c:\toshiba\ivp\swupdate\swupdtmr.exe"
+ "TNaviSrv" "TOSHIBA Navi Support Service" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tnavisrv.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA Bluetooth Service" "TOSHIBA Bluetooth Service" "TOSHIBA CORPORATION" "c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe"
+ "UleadBurningHelper" "ULCDRSvr" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AtiPcie" "ATI PCIE Driver for ATI PCIE chipset" "ATI Technologies Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "EagleNT" "" "" "File not found: C:\Windows\system32\drivers\EagleNT.sys"
+ "elagopro" "GoProto Protocol Driver for LELA" "Gteko Ltd." "c:\windows\system32\drivers\elagopro.sys"
+ "elaunidr" "GUniDriver" "Gteko Ltd." "c:\windows\system32\drivers\elaunidr.sys"
+ "FwLnk" "TOSHIBA Firmware Linkage 32-bit Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\fwlnk.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hitmanpro37" "HitmanPro 3.7 Support Driver" "" "c:\windows\system32\drivers\hitmanpro37.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "IO_Memory" "" "" "File not found: C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "MBAMSwissArmy" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbamswissarmy.sys"
+ "MREMP50" "PCAUSA NDIS 5.0 MPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mremp50.sys"
+ "MRESP50" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mresp50.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "rimmptsk" "RICOH SD Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "RTL8169" "Realtek 8101E/8168/8169 NDIS6 32-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rtlh86.sys"
+ "RTL8187B" "Realtek RTL8187B NDIS Driver" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8187b.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "Toshiba ODD Writing Driver For x86." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "tos_sps32" "tos_sps2" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps32.sys"
+ "Tosrfcom" "" "" "File not found: C:\Windows\System32\Drivers\Tosrfcom.sys"
+ "tosrfec" "TOSHIBA Bluetooth EC Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosrfec.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "winbondcir" "Winbond MCE CIR Port Driver" "Winbond Electronics Corporation" "c:\windows\system32\drivers\winbondcir.sys"
+ "WinDriver6" "WinDriver Device Driver 9.01" "Jungo" "c:\windows\system32\drivers\windrvr6.sys"
+ "XDva309" "" "" "File not found: C:\Windows\system32\XDva309.sys"
+ "XDva344" "" "" "File not found: C:\Windows\system32\XDva344.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.dvacm" "Ulead DV Audio ACM Driver" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\vio\dvacm.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AAC Encoder" "AACEnc" "InterVider" "c:\program files\intervideo\common\bin\aacenc.ax"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Dib Output" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\diboutput.ax"
+ "Dib Receive" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\dibreceive.ax"
+ "DV ACM V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "DV V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "DV Video Source Filter" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\dvsf.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "HP VTK Frame Grabber Filter" "VideoToolKit" "Hewlett-Packard Development Co. L.P." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK MPEG-1 Encoder" "VideoToolKit" "Hewlett-Packard Development Co. L.P." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Resize Filter" "VideoToolKit" "Hewlett-Packard Development Co. L.P." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Rotate Filter" "VideoToolKit" "Hewlett-Packard Development Co. L.P." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "Intervideo 3gFileSource" "Intervideo 3G File Source Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\source3g.ax"
+ "Intervideo 3gFileWrite" "Intervideo 3G File Write Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\write3g.ax"
+ "InterVideo AAC (XForm) Decoder" "InterVideo AAC Decoder" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaacdec.ax"
+ "Intervideo AMR Decoder" "IVI AMR Decoding" "Intervideo, Inc." "c:\program files\intervideo\common\bin\amrdec.ax"
+ "Intervideo AMR Encoder" "IVI AMR Encoding" "Intervideo, Inc." "c:\program files\intervideo\common\bin\amrenc.ax"
+ "InterVideo Audio Encoder" "InterVideo?Audio Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaenc.ax"
+ "InterVideo Demux" "InterVideo® MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemxx.ax"
+ "InterVideo Down Scale Filter" "InterVideo® Down Scale Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividowns.ax"
+ "InterVideo DV Pre-Process" "InterVideo DV Pre-Process Filter" "InterVideo" "c:\program files\intervideo\common\bin\dvprocs.ax"
+ "InterVideo DVB DSM-CC Filter" "InterVideo DVB DSM-CC Decoder" "InterVideo, Inc." "c:\program files\intervideo\common\bin\dvbdsmcc.ax"
+ "InterVideo DVB Subpicture Filter" "InterVideo DVB Subtitle Decoder" "InterVideo, Inc." "c:\program files\intervideo\common\bin\dvbspic.ax"
+ "InterVideo File Writer" "InterVideo® File Writer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviwrite.ax"
+ "InterVideo MPEG4 Video Decoder" "InterVideo® MPEG4 Video Decoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\mp4vdec.ax"
+ "InterVideo MPEG4 Video Encoder" "InterVideo® MPEG4 Video Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\mp4venc.ax"
+ "InterVideo Multiplexer" "InterVideo® MPEG System Multiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivimux.ax"
+ "InterVideo Pre-scaling Filter" "InterVideo® PreScale Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviscale.ax"
+ "InterVideo PSIP/SI Filter" "InterVideo PSIP/SI Sections/Tables Filter" "InterVideo, Inc." "c:\program files\intervideo\common\bin\psidecod.ax"
+ "InterVideo Still Capture" "InterVideo® Still Capture Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviscapt.ax"
+ "InterVideo Stream Buffer Filter" "InterVideo Stream Buffer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\smbuffer.ax"
+ "InterVideo Stream Writer" "InterVideo© Stream File Writer" "InterVideo, Inc." "c:\program files\intervideo\common\bin\stmrite.ax"
+ "InterVideo Time Shift" "InterVideo Time Shifting Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivits.ax"
+ "InterVideo Transport to Program Stream" "InterVideo© Transport to Program Stream Converter" "InterVideo, Inc." "c:\program files\intervideo\common\bin\trtoprog.ax"
+ "InterVideo VBI Decoder" "InterVideo VBI Decoder Filter" "InterVideo, Inc." "c:\program files\intervideo\common\bin\ivvbidec.ax"
+ "InterVideo Video Encoder" "InterVideo® MPEG Video Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivivenc.ax"
+ "MPEG2 TS Source" "" "" "c:\program files\intervideo\common\bin\mpgtsrdr.ax"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Photo Story 3 Source Filter" "Photo Story 3 for Windows" "Microsoft Corp." "c:\program files\photo story 3 for windows\pssourcefilter3.dll"
+ "Plus! Photo Story 3 WAV Dest" "Photo Story 3 for Windows" "Microsoft Corp." "c:\program files\photo story 3 for windows\wavdest3.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "WME Record Queue" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmedque.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "TOSHIBA Audio Decoder DVD" "TOSHIBA Audio Decoder DVD" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tosauddecl.ax"
+ "TOSHIBA Audio Rate Converter" "TOSHIBA Audio Rate Converter" "TOSHIBA Corporation" "c:\program files\common files\toshiba shared\tosarc.ax"
+ "TOSHIBA DualMono" "TOSHIBA DualMono" "TOSHIBA Corporation" "c:\program files\common files\toshiba shared\tosdualmono.ax"
+ "TOSHIBA DVD Navigator" "TOSHIBA DVD Navigator" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator" "TOSHIBA DVD Player" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tvrnavi.ax"
+ "TOSHIBA MPEG-2 Video Decoder (DVD)" "TOSHIBA DVD Video Decoder Filter" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba dvd player\tosmp2dvd.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba disc creator\twavconv.ax"
+ "Ulead Audio Dual Channel Filter" "Ulead Audio Dual Channel Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uaudiodcfilter.ax"
+ "Ulead DV Scene Detect" "ulDvScDt" "Ulead system Inc." "c:\program files\common files\ulead systems\capture\uldvscdt.ax"
+ "Ulead DV Writer" "ulDVWriter" "Ulead System Inc." "c:\program files\common files\ulead systems\capture\uldvrite.ax"
+ "Ulead DVB Parser" "Ulead DVB Parser Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvbparser.ax"
+ "Ulead DVD Audio Decoder 2" "Audio Decoder" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead DVD Navigator" "DVD Navigator filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\dvd\uleaddvdnavigator.ax"
+ "Ulead DVD Video decoder 2" "DVD Video Decoder with DxVA Support" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdvideo.ax"
+ "ULead File Source (Async.)" "Ulead Async Filter" "Ulead Systems" "c:\program files\common files\ulead systems\mpeg\ulasync.ax"
+ "ULead File Writer" "File Dump Filter" "ULead Systems" "c:\program files\common files\ulead systems\filters\uldump.ax"
+ "ULead Infinite Pin Tee" "Ulead Infinite Tee Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uinftee.ax"
+ "Ulead MPEG Audio Decoder" "Audio Decoder" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead MPEG Encoder" "MPEG Encoder and Muxer" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulesmpeg.ax"
+ "Ulead MPEG Muxer" "MPEG Muxer" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulmxmpeg.ax"
+ "Ulead MPEG Splitter" "ULead Mpeg I/II Splitter" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\ulspmpeg.ax"
+ "Ulead MPEG Transcoder" "ulMPGTrans" "Ulead com" "c:\program files\common files\ulead systems\mpeg\ulmpgtrans.ax"
+ "Ulead MPEG Video Decoder" "MPEG Video and Audio Decoder" "ULead Systems" "c:\program files\common files\ulead systems\mpeg\uldsmpeg.ax"
+ "Ulead MPEG-4 Audio Decoder" "MP4 AAC Audio Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uladmp4.ax"
+ "Ulead MPEG-4 Splitter" "MP4 Splitter Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulspmp4.ax"
+ "Ulead MPEG-4 Video Decoder" "MP4 Video Decoder Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulvdmp4.ax"
+ "Ulead Ogg Parser" "ulOggParserFilter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uloggparserfilter.ax"
+ "Ulead OggVorbis Decoder" "ulOggVorbisDecoderFilter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax"
+ "Ulead OggVorbis Encoder" "ulOggVorbisEncoderFilter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax"
+ "Ulead Push Source Filter" "Ulead Push Source Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulpushsource.ax"
+ "Ulead Sub-Picture Push Source Filter" "Ulead Sub-Picture Push Source Filter" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\mpeg\ulsubpicpushsource.ax"
+ "Ulead Video Deinterlace Filter" "" "Ulead Systems, Inc." "c:\program files\common files\ulead systems\filters\deinterlace.ax"
+ "Video Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMEnc Screen Capture Filter" "WMESrcWp Module" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmesrcwp.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ " C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktopnetwork3.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP 8911 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts8911lm.dll"
+ "PCL hpf3l082" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l082.dll"
+ "PCL hpz3l5mu" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l5mu.dll"
+ "Toshiba Bluetooth Monitor" "" "TOSHIBA CORPORATION." "c:\windows\system32\tbtmon.dll"
"C:\Users\Dennis\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Stocks" "Monitor your favorite stocks." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Stocks.Gadget\en-US\Gadget.xml"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:59 PM

Posted 31 January 2013 - 09:06 PM

Try a clean boot as per instructions in this link

www.askdrtech.com/solutions/post/How-to-perform-a-clean-startup-(clean-boot)-in-Windows-7.aspx

Restart the PC and try to run malwarebytes

Launch Autoruns and uncheck these entries
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "awcoi" "" "" "File not found: C:\Users\Dennis\AppData\Roaming\awcoi.dll"
+ "neroc" "" "" "File not found: C:\Users\Dennis\AppData\Roaming\neroc.dll"
+ "scsrf" "" "" "File not found: C:\Users\Dennis\AppData\Roaming\scsrf.dll"


Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

#7 xfuture

xfuture
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 01 February 2013 - 11:36 AM

Here are the new logs. The 3 items you asked me to uncheck in autoruns were no longer present. I did finally get Malwarebytes to run the full scan though.

Malwarebytes

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.28.13

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dennis :: DENNIS-PC [administrator]

2/1/2013 6:58:33 AM
mbam-log-2013-02-01 (06-58-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 456903
Time elapsed: 3 hour(s), 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Farbar Service Scanner

Farbar Service Scanner Version: 30-01-2013
Ran by Dennis (administrator) on 01-02-2013 at 10:33:25
Running from "C:\Users\Dennis\Desktop\1-30-2013 Virus removal"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:59 PM

Posted 01 February 2013 - 11:42 AM

current issues?

#9 xfuture

xfuture
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 01 February 2013 - 12:05 PM

Should I turn back on the stuff I turned off to do the clean boot? I notice that MS Security Essentials is among the things that is not starting. After I am back to a more normal boot up I can give a more accurate assessment of what is going on. Thanks.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:59 PM

Posted 01 February 2013 - 12:06 PM

Go ahead :thumbup2:

#11 xfuture

xfuture
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 01 February 2013 - 01:31 PM

After re-enabling the normal start up those three errors were back so I reran autoruns and removed the checks for them. Then restarted. That appears to have done the job. Everything appears to be running fine at the moment. I will let the computer run the rest of the day and see if there are any other issues. I will give another update later this afternoon.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:59 PM

Posted 01 February 2013 - 02:37 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#13 xfuture

xfuture
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 01 February 2013 - 05:33 PM

Ok, here is my update. Before doing any of the things above I wanted to try a couple more scans. First I tried ESET again. The scan killed the computer just when the scan was almost done. There were no threats found but I am concerned about the computer shutting down. Then I tried a quick scan with MS Security Essentials (which I have installed) and that also killed when the scan was about half way through. Last I tried a quick scan by Malwarebytes again the computer shut down after the scan had been running for a while. I don't know if this is something I should be worried about or if it's just a matter of the computer overheating from the scan (which I would find very strange. When you had me do the clean boot I was able to get the scans to run without issue. Could there be something running that is preventing the scans from finishing?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:59 PM

Posted 01 February 2013 - 05:36 PM

Troubleshoot using clean boot.

http://support.microsoft.com/kb/929135

Enable important startups first and run scans.Enable startup entries one by one to find which one is causing issue.

#15 xfuture

xfuture
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 03 February 2013 - 07:08 PM

Ok, Things are looking good. Is there anything else? I think we are running normal on this end and I was able to get some scans with the various anti-virus anti-malware programs. I want to say thank you very much for all your assistance on this problem. You guys are doing a great great service.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users