Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NGINX Redirect


  • Please log in to reply
12 replies to this topic

#1 ooutlaw

ooutlaw

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 10 February 2013 - 06:50 PM

I think I have been infected.  I first noticed that my facebook account would redirect to Mikos Blakos everytime i tried to use my google search bar.  I tried to to type google.com and I got the "Welcome to NGINX" page.  Can you please walk me through how to remove this from my system?  Thank you in advance.

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:56 AM

Posted 10 February 2013 - 06:56 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results



#3 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 10 February 2013 - 07:32 PM

17:59:28.0219 4520  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:59:28.0662 4520  ============================================================
17:59:28.0662 4520  Current date / time: 2013/02/10 17:59:28.0662
17:59:28.0662 4520  SystemInfo:
17:59:28.0662 4520 
17:59:28.0663 4520  OS Version: 6.0.6002 ServicePack: 2.0
17:59:28.0663 4520  Product type: Workstation
17:59:28.0663 4520  ComputerName: OWENNE-LT-PC
17:59:28.0663 4520  UserName: Owenne
17:59:28.0663 4520  Windows directory: C:\Windows
17:59:28.0663 4520  System windows directory: C:\Windows
17:59:28.0663 4520  Processor architecture: Intel x86
17:59:28.0663 4520  Number of processors: 2
17:59:28.0663 4520  Page size: 0x1000
17:59:28.0663 4520  Boot type: Normal boot
17:59:28.0663 4520  ============================================================
17:59:30.0598 4520  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:59:30.0601 4520  ============================================================
17:59:30.0601 4520  \Device\Harddisk0\DR0:
17:59:30.0601 4520  MBR partitions:
17:59:30.0601 4520  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
17:59:30.0601 4520  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0x1BD99800
17:59:30.0601 4520  ============================================================
17:59:30.0627 4520  C: <-> \Device\Harddisk0\DR0\Partition2
17:59:30.0663 4520  D: <-> \Device\Harddisk0\DR0\Partition1
17:59:30.0663 4520  ============================================================
17:59:30.0663 4520  Initialize success
17:59:30.0663 4520  ============================================================
18:02:26.0508 9704  ============================================================
18:02:26.0508 9704  Scan started
18:02:26.0508 9704  Mode: Manual;
18:02:26.0508 9704  ============================================================
18:02:27.0805 9704  ================ Scan system memory ========================
18:02:27.0806 9704  System memory - ok
18:02:27.0807 9704  ================ Scan services =============================
18:02:28.0033 9704  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:02:28.0042 9704  ACPI - ok
18:02:28.0192 9704  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:02:28.0193 9704  AdobeARMservice - ok
18:02:28.0371 9704  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:02:28.0373 9704  AdobeFlashPlayerUpdateSvc - ok
18:02:28.0447 9704  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:02:28.0457 9704  adp94xx - ok
18:02:28.0510 9704  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:02:28.0517 9704  adpahci - ok
18:02:28.0539 9704  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:02:28.0542 9704  adpu160m - ok
18:02:28.0559 9704  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:02:28.0563 9704  adpu320 - ok
18:02:28.0630 9704  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:02:28.0632 9704  AeLookupSvc - ok
18:02:28.0686 9704  [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters     C:\Windows\system32\AERTSrv.exe
18:02:28.0687 9704  AERTFilters - ok
18:02:28.0771 9704  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
18:02:28.0778 9704  AFD - ok
18:02:28.0824 9704  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:02:28.0827 9704  agp440 - ok
18:02:28.0880 9704  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:02:28.0883 9704  aic78xx - ok
18:02:28.0910 9704  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
18:02:28.0912 9704  ALG - ok
18:02:28.0932 9704  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:02:28.0935 9704  aliide - ok
18:02:28.0989 9704  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:02:28.0992 9704  amdagp - ok
18:02:29.0026 9704  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:02:29.0028 9704  amdide - ok
18:02:29.0054 9704  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:02:29.0056 9704  AmdK7 - ok
18:02:29.0072 9704  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:02:29.0075 9704  AmdK8 - ok
18:02:29.0257 9704  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:02:29.0258 9704  AntiVirSchedulerService - ok
18:02:29.0332 9704  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:02:29.0334 9704  AntiVirService - ok
18:02:29.0385 9704  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
18:02:29.0430 9704  Appinfo - ok
18:02:29.0562 9704  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:02:29.0564 9704  Apple Mobile Device - ok
18:02:29.0643 9704  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:02:29.0649 9704  AppMgmt - ok
18:02:29.0699 9704  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
18:02:29.0704 9704  arc - ok
18:02:29.0738 9704  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:02:29.0743 9704  arcsas - ok
18:02:29.0777 9704  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:02:29.0780 9704  AsyncMac - ok
18:02:29.0824 9704  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:02:29.0825 9704  atapi - ok
18:02:29.0877 9704  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:02:29.0888 9704  AudioEndpointBuilder - ok
18:02:29.0902 9704  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:02:29.0908 9704  Audiosrv - ok
18:02:29.0947 9704  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:02:29.0950 9704  avgntflt - ok
18:02:30.0010 9704  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:02:30.0015 9704  avipbb - ok
18:02:30.0038 9704  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:02:30.0041 9704  avkmgr - ok
18:02:30.0080 9704  BCM42RLY - ok
18:02:30.0150 9704  [ CDF7F28FFD693B1B4137845DD1EF1CCC ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
18:02:30.0195 9704  BCM43XX - ok
18:02:30.0242 9704  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:02:30.0246 9704  Beep - ok
18:02:30.0313 9704  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
18:02:30.0325 9704  BFE - ok
18:02:30.0391 9704  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
18:02:30.0439 9704  BITS - ok
18:02:30.0469 9704  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:02:30.0473 9704  blbdrive - ok
18:02:30.0563 9704  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:02:30.0573 9704  Bonjour Service - ok
18:02:30.0651 9704  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:02:30.0655 9704  bowser - ok
18:02:30.0718 9704  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:02:30.0729 9704  BrFiltLo - ok
18:02:30.0757 9704  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:02:30.0761 9704  BrFiltUp - ok
18:02:30.0803 9704  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
18:02:30.0808 9704  Browser - ok
18:02:30.0846 9704  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:02:30.0852 9704  Brserid - ok
18:02:30.0881 9704  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:02:30.0886 9704  BrSerWdm - ok
18:02:30.0911 9704  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:02:30.0915 9704  BrUsbMdm - ok
18:02:30.0946 9704  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:02:30.0950 9704  BrUsbSer - ok
18:02:31.0007 9704  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:02:31.0010 9704  BTHMODEM - ok
18:02:31.0039 9704  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:02:31.0042 9704  cdfs - ok
18:02:31.0083 9704  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:02:31.0086 9704  cdrom - ok
18:02:31.0133 9704  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:02:31.0135 9704  CertPropSvc - ok
18:02:31.0165 9704  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
18:02:31.0169 9704  circlass - ok
18:02:31.0222 9704  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
18:02:31.0228 9704  CLFS - ok
18:02:31.0304 9704  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:31.0307 9704  clr_optimization_v2.0.50727_32 - ok
18:02:31.0441 9704  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:31.0442 9704  clr_optimization_v4.0.30319_32 - ok
18:02:31.0503 9704  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:02:31.0505 9704  CmBatt - ok
18:02:31.0561 9704  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:02:31.0572 9704  cmdide - ok
18:02:31.0607 9704  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:02:31.0608 9704  Compbatt - ok
18:02:31.0617 9704  COMSysApp - ok
18:02:31.0630 9704  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:02:31.0632 9704  crcdisk - ok
18:02:31.0672 9704  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:02:31.0680 9704  Crusoe - ok
18:02:31.0759 9704  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:02:31.0763 9704  CryptSvc - ok
18:02:31.0860 9704  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
18:02:31.0868 9704  CSC - ok
18:02:31.0928 9704  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
18:02:31.0941 9704  CscService - ok
18:02:31.0997 9704  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:02:32.0011 9704  DcomLaunch - ok
18:02:32.0076 9704  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:02:32.0078 9704  DfsC - ok
18:02:32.0136 9704  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
18:02:32.0153 9704  DFSR - ok
18:02:32.0196 9704  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:02:32.0201 9704  Dhcp - ok
18:02:32.0246 9704  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
18:02:32.0248 9704  disk - ok
18:02:32.0356 9704  [ A0500678A33802D8954153839301D539 ] DLABMFSM        C:\Windows\system32\Drivers\DLABMFSM.SYS
18:02:32.0359 9704  DLABMFSM - ok
18:02:32.0380 9704  [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM        C:\Windows\system32\Drivers\DLABOIOM.SYS
18:02:32.0414 9704  DLABOIOM - ok
18:02:32.0437 9704  [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM        C:\Windows\system32\Drivers\DLACDBHM.SYS
18:02:32.0437 9704  DLACDBHM - ok
18:02:32.0445 9704  [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM        C:\Windows\system32\Drivers\DLADResM.SYS
18:02:32.0446 9704  DLADResM - ok
18:02:32.0457 9704  [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M        C:\Windows\system32\Drivers\DLAIFS_M.SYS
18:02:32.0460 9704  DLAIFS_M - ok
18:02:32.0467 9704  [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM        C:\Windows\system32\Drivers\DLAOPIOM.SYS
18:02:32.0468 9704  DLAOPIOM - ok
18:02:32.0491 9704  [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM        C:\Windows\system32\Drivers\DLAPoolM.SYS
18:02:32.0494 9704  DLAPoolM - ok
18:02:32.0510 9704  [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M        C:\Windows\system32\Drivers\DLARTL_M.SYS
18:02:32.0511 9704  DLARTL_M - ok
18:02:32.0529 9704  [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM        C:\Windows\system32\Drivers\DLAUDFAM.SYS
18:02:32.0531 9704  DLAUDFAM - ok
18:02:32.0549 9704  [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M        C:\Windows\system32\Drivers\DLAUDF_M.SYS
18:02:32.0552 9704  DLAUDF_M - ok
18:02:32.0616 9704  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:02:32.0619 9704  Dnscache - ok
18:02:32.0662 9704  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:02:32.0667 9704  dot3svc - ok
18:02:32.0719 9704  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
18:02:32.0728 9704  DPS - ok
18:02:32.0771 9704  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:02:32.0773 9704  drmkaud - ok
18:02:32.0791 9704  [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB         C:\Windows\system32\Drivers\DRVMCDB.SYS
18:02:32.0793 9704  DRVMCDB - ok
18:02:32.0879 9704  [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM         C:\Windows\system32\Drivers\DRVNDDM.SYS
18:02:32.0880 9704  DRVNDDM - ok
18:02:32.0925 9704  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:02:32.0937 9704  DXGKrnl - ok
18:02:32.0986 9704  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:02:32.0989 9704  E1G60 - ok
18:02:33.0037 9704  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
18:02:33.0040 9704  EapHost - ok
18:02:33.0094 9704  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:02:33.0098 9704  Ecache - ok
18:02:33.0146 9704  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:02:33.0154 9704  elxstor - ok
18:02:33.0195 9704  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:02:33.0208 9704  EMDMgmt - ok
18:02:33.0245 9704  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:02:33.0247 9704  ErrDev - ok
18:02:33.0291 9704  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
18:02:33.0299 9704  EventSystem - ok
18:02:33.0389 9704  [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
18:02:33.0394 9704  EvtEng - ok
18:02:33.0438 9704  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
18:02:33.0442 9704  exfat - ok
18:02:33.0484 9704  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:02:33.0488 9704  fastfat - ok
18:02:33.0560 9704  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
18:02:33.0573 9704  Fax - ok
18:02:33.0650 9704  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:02:33.0653 9704  fdc - ok
18:02:33.0676 9704  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:02:33.0679 9704  fdPHost - ok
18:02:33.0701 9704  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:02:33.0705 9704  FDResPub - ok
18:02:33.0735 9704  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:02:33.0737 9704  FileInfo - ok
18:02:33.0758 9704  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:02:33.0761 9704  Filetrace - ok
18:02:33.0783 9704  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:02:33.0786 9704  flpydisk - ok
18:02:33.0825 9704  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:02:33.0831 9704  FltMgr - ok
18:02:33.0901 9704  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
18:02:33.0934 9704  FontCache - ok
18:02:34.0025 9704  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:02:34.0028 9704  FontCache3.0.0.0 - ok
18:02:34.0089 9704  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:02:34.0093 9704  Fs_Rec - ok
18:02:34.0135 9704  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:02:34.0138 9704  gagp30kx - ok
18:02:34.0233 9704  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:02:34.0260 9704  gpsvc - ok
18:02:34.0352 9704  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:34.0355 9704  gupdate - ok
18:02:34.0387 9704  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:34.0389 9704  gupdatem - ok
18:02:34.0466 9704  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:02:34.0469 9704  gusvc - ok
18:02:34.0533 9704  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:02:34.0539 9704  HdAudAddService - ok
18:02:34.0591 9704  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:02:34.0605 9704  HDAudBus - ok
18:02:34.0647 9704  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:02:34.0649 9704  HidBth - ok
18:02:34.0689 9704  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:02:34.0719 9704  HidIr - ok
18:02:34.0770 9704  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
18:02:34.0775 9704  hidserv - ok
18:02:34.0823 9704  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:02:34.0825 9704  HidUsb - ok
18:02:34.0866 9704  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:02:34.0871 9704  hkmsvc - ok
18:02:34.0905 9704  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:02:34.0909 9704  HpCISSs - ok
18:02:35.0039 9704  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:02:35.0063 9704  HTTP - ok
18:02:35.0094 9704  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:02:35.0097 9704  i2omp - ok
18:02:35.0156 9704  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:02:35.0159 9704  i8042prt - ok
18:02:35.0193 9704  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:02:35.0199 9704  iaStorV - ok
18:02:35.0292 9704  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:02:35.0326 9704  idsvc - ok
18:02:35.0347 9704  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:02:35.0350 9704  iirsp - ok
18:02:35.0392 9704  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:02:35.0426 9704  IKEEXT - ok
18:02:35.0514 9704  [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:02:35.0614 9704  IntcAzAudAddService - ok
18:02:35.0636 9704  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:02:35.0639 9704  intelide - ok
18:02:35.0673 9704  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:02:35.0676 9704  intelppm - ok
18:02:35.0725 9704  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:02:35.0729 9704  IPBusEnum - ok
18:02:35.0749 9704  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:02:35.0751 9704  IpFilterDriver - ok
18:02:35.0819 9704  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:02:35.0826 9704  iphlpsvc - ok
18:02:35.0835 9704  IpInIp - ok
18:02:35.0875 9704  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:02:35.0879 9704  IPMIDRV - ok
18:02:35.0915 9704  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:02:35.0930 9704  IPNAT - ok
18:02:36.0108 9704  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:02:36.0114 9704  iPod Service - ok
18:02:36.0153 9704  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:02:36.0155 9704  IRENUM - ok
18:02:36.0173 9704  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:02:36.0176 9704  isapnp - ok
18:02:36.0219 9704  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:02:36.0224 9704  iScsiPrt - ok
18:02:36.0257 9704  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:02:36.0261 9704  iteatapi - ok
18:02:36.0284 9704  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:02:36.0287 9704  iteraid - ok
18:02:36.0324 9704  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:02:36.0326 9704  kbdclass - ok
18:02:36.0375 9704  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:02:36.0377 9704  kbdhid - ok
18:02:36.0485 9704  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
18:02:36.0487 9704  KeyIso - ok
18:02:36.0650 9704  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:02:36.0682 9704  KSecDD - ok
18:02:36.0727 9704  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:02:36.0928 9704  KtmRm - ok
18:02:37.0061 9704  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:02:37.0095 9704  LanmanServer - ok
18:02:37.0174 9704  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:02:37.0181 9704  LanmanWorkstation - ok
18:02:37.0220 9704  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:02:37.0224 9704  lltdio - ok
18:02:37.0257 9704  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:02:37.0263 9704  lltdsvc - ok
18:02:37.0285 9704  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:02:37.0288 9704  lmhosts - ok
18:02:37.0329 9704  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:02:37.0334 9704  LSI_FC - ok
18:02:37.0360 9704  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:02:37.0364 9704  LSI_SAS - ok
18:02:37.0416 9704  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:02:37.0429 9704  LSI_SCSI - ok
18:02:37.0579 9704  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
18:02:37.0585 9704  luafv - ok
18:02:37.0651 9704  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:02:37.0654 9704  megasas - ok
18:02:37.0685 9704  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
18:02:37.0698 9704  MegaSR - ok
18:02:37.0812 9704  Microsoft SharePoint Workspace Audit Service - ok
18:02:37.0869 9704  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
18:02:37.0875 9704  MMCSS - ok
18:02:37.0909 9704  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
18:02:37.0913 9704  Modem - ok
18:02:37.0952 9704  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:02:37.0954 9704  monitor - ok
18:02:37.0973 9704  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:02:37.0976 9704  mouclass - ok
18:02:37.0993 9704  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:02:37.0995 9704  mouhid - ok
18:02:38.0019 9704  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:02:38.0020 9704  MountMgr - ok
18:02:38.0056 9704  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:02:38.0060 9704  mpio - ok
18:02:38.0080 9704  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:02:38.0083 9704  mpsdrv - ok
18:02:38.0134 9704  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:02:38.0144 9704  MpsSvc - ok
18:02:38.0183 9704  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:02:38.0185 9704  Mraid35x - ok
18:02:38.0229 9704  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:02:38.0232 9704  MRxDAV - ok
18:02:38.0276 9704  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:02:38.0278 9704  mrxsmb - ok
18:02:38.0322 9704  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:02:38.0327 9704  mrxsmb10 - ok
18:02:38.0348 9704  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:02:38.0350 9704  mrxsmb20 - ok
18:02:38.0388 9704  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:02:38.0389 9704  msahci - ok
18:02:38.0420 9704  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:02:38.0423 9704  msdsm - ok
18:02:38.0483 9704  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
18:02:38.0489 9704  MSDTC - ok
18:02:38.0529 9704  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:02:38.0531 9704  Msfs - ok
18:02:38.0562 9704  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:02:38.0564 9704  msisadrv - ok
18:02:38.0613 9704  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:02:38.0618 9704  MSiSCSI - ok
18:02:38.0627 9704  msiserver - ok
18:02:38.0687 9704  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:02:38.0690 9704  MSKSSRV - ok
18:02:38.0709 9704  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:38.0712 9704  MSPCLOCK - ok
18:02:38.0730 9704  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:02:38.0732 9704  MSPQM - ok
18:02:38.0795 9704  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:02:38.0799 9704  MsRPC - ok
18:02:38.0830 9704  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:02:38.0834 9704  mssmbios - ok
18:02:38.0857 9704  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:02:38.0859 9704  MSTEE - ok
18:02:38.0883 9704  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
18:02:38.0885 9704  Mup - ok
18:02:38.0929 9704  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
18:02:38.0939 9704  napagent - ok
18:02:38.0996 9704  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:02:39.0001 9704  NativeWifiP - ok
18:02:39.0025 9704  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:02:39.0036 9704  NDIS - ok
18:02:39.0056 9704  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:39.0059 9704  NdisTapi - ok
18:02:39.0071 9704  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:39.0073 9704  Ndisuio - ok
18:02:39.0091 9704  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:39.0096 9704  NdisWan - ok
18:02:39.0110 9704  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:02:39.0113 9704  NDProxy - ok
18:02:39.0132 9704  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:02:39.0135 9704  NetBIOS - ok
18:02:39.0157 9704  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:02:39.0163 9704  netbt - ok
18:02:39.0183 9704  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
18:02:39.0187 9704  Netlogon - ok
18:02:39.0224 9704  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
18:02:39.0234 9704  Netman - ok
18:02:39.0254 9704  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
18:02:39.0263 9704  netprofm - ok
18:02:39.0315 9704  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:02:39.0320 9704  NetTcpPortSharing - ok
18:02:39.0388 9704  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:02:39.0478 9704  nfrd960 - ok
18:02:39.0529 9704  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:02:39.0537 9704  NlaSvc - ok
18:02:39.0580 9704  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:02:39.0583 9704  Npfs - ok
18:02:39.0598 9704  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
18:02:39.0603 9704  nsi - ok
18:02:39.0620 9704  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:02:39.0623 9704  nsiproxy - ok
18:02:39.0702 9704  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:02:39.0747 9704  Ntfs - ok
18:02:39.0790 9704  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:02:39.0793 9704  ntrigdigi - ok
18:02:39.0822 9704  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
18:02:39.0825 9704  Null - ok
18:02:40.0146 9704  [ 8FE5350FA6A9F0B6633AEE811C468954 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:02:40.0354 9704  nvlddmkm - ok
18:02:40.0396 9704  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:02:40.0407 9704  nvraid - ok
18:02:40.0465 9704  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:02:40.0469 9704  nvstor - ok
18:02:40.0484 9704  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:02:40.0487 9704  nv_agp - ok
18:02:40.0494 9704  NwlnkFlt - ok
18:02:40.0500 9704  NwlnkFwd - ok
18:02:40.0586 9704  [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash         C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
18:02:40.0588 9704  o2flash - ok
18:02:40.0619 9704  [ D51942F12090FC947CA8AA01736DADE2 ] O2MDRDR         C:\Windows\system32\DRIVERS\o2media.sys
18:02:40.0624 9704  O2MDRDR - ok
18:02:40.0652 9704  [ 602266E7D014D66ED1FC3F062CBCBCB6 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sd.sys
18:02:40.0654 9704  O2SDRDR - ok
18:02:40.0763 9704  [ 86326062A90494BDD79CE383511D7D69 ] OEM13Vfx        C:\Windows\system32\DRIVERS\OEM13Vfx.sys
18:02:40.0766 9704  OEM13Vfx - ok
18:02:40.0793 9704  [ 8D9D3B1B24105796C9B9B1473DEC2D70 ] OEM13Vid        C:\Windows\system32\DRIVERS\OEM13Vid.sys
18:02:40.0799 9704  OEM13Vid - ok
18:02:40.0848 9704  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:02:40.0851 9704  ohci1394 - ok
18:02:40.0855 9704  OMCI - ok
18:02:40.0969 9704  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:02:40.0970 9704  ose - ok
18:02:41.0150 9704  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:02:41.0246 9704  osppsvc - ok
18:02:41.0306 9704  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:02:41.0334 9704  p2pimsvc - ok
18:02:41.0362 9704  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:02:41.0369 9704  p2psvc - ok
18:02:41.0396 9704  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
18:02:41.0408 9704  Parport - ok
18:02:41.0485 9704  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:02:41.0492 9704  partmgr - ok
18:02:41.0617 9704  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:02:41.0620 9704  Parvdm - ok
18:02:41.0654 9704  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:02:41.0659 9704  PcaSvc - ok
18:02:41.0695 9704  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
18:02:41.0700 9704  pci - ok
18:02:41.0728 9704  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
18:02:41.0732 9704  pciide - ok
18:02:41.0758 9704  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:02:41.0764 9704  pcmcia - ok
18:02:41.0825 9704  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:02:41.0859 9704  PEAUTH - ok
18:02:41.0918 9704  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
18:02:41.0962 9704  pla - ok
18:02:42.0014 9704  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:02:42.0024 9704  PlugPlay - ok
18:02:42.0051 9704  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:02:42.0060 9704  PNRPAutoReg - ok
18:02:42.0089 9704  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:02:42.0098 9704  PNRPsvc - ok
18:02:42.0152 9704  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:02:42.0163 9704  PolicyAgent - ok
18:02:42.0216 9704  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:02:42.0219 9704  PptpMiniport - ok
18:02:42.0253 9704  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
18:02:42.0256 9704  Processor - ok
18:02:42.0300 9704  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:02:42.0310 9704  ProfSvc - ok
18:02:42.0326 9704  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:02:42.0332 9704  ProtectedStorage - ok
18:02:42.0372 9704  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:02:42.0379 9704  PSched - ok
18:02:42.0473 9704  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
18:02:42.0484 9704  PxHelp20 - ok
18:02:42.0614 9704  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:02:42.0660 9704  ql2300 - ok
18:02:42.0683 9704  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:02:42.0689 9704  ql40xx - ok
18:02:42.0756 9704  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
18:02:42.0769 9704  QWAVE - ok
18:02:42.0788 9704  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:02:42.0793 9704  QWAVEdrv - ok
18:02:42.0816 9704  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:02:42.0820 9704  RasAcd - ok
18:02:42.0839 9704  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
18:02:42.0847 9704  RasAuto - ok
18:02:42.0869 9704  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:42.0875 9704  Rasl2tp - ok
18:02:42.0932 9704  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
18:02:42.0945 9704  RasMan - ok
18:02:42.0986 9704  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:42.0990 9704  RasPppoe - ok
18:02:43.0034 9704  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:02:43.0039 9704  RasSstp - ok
18:02:43.0091 9704  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:02:43.0100 9704  rdbss - ok
18:02:43.0124 9704  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:43.0128 9704  RDPCDD - ok
18:02:43.0177 9704  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
18:02:43.0187 9704  rdpdr - ok
18:02:43.0198 9704  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:02:43.0202 9704  RDPENCDD - ok
18:02:43.0253 9704  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:02:43.0261 9704  RDPWD - ok
18:02:43.0291 9704  [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
18:02:43.0297 9704  RegSrvc - ok
18:02:43.0345 9704  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:02:43.0352 9704  RemoteAccess - ok
18:02:43.0405 9704  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:02:43.0414 9704  RemoteRegistry - ok
18:02:43.0487 9704  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
18:02:43.0494 9704  RpcLocator - ok
18:02:43.0534 9704  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
18:02:43.0547 9704  RpcSs - ok
18:02:43.0583 9704  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:02:43.0587 9704  rspndr - ok
18:02:43.0630 9704  [ CB0BD9E10E3E244D312C106DEE1BBB93 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
18:02:43.0635 9704  RTL8169 - ok
18:02:43.0659 9704  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
18:02:43.0662 9704  SamSs - ok
18:02:43.0691 9704  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:02:43.0696 9704  sbp2port - ok
18:02:43.0751 9704  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:02:43.0759 9704  SCardSvr - ok
18:02:43.0859 9704  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
18:02:43.0893 9704  Schedule - ok
18:02:43.0914 9704  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:02:43.0917 9704  SCPolicySvc - ok
18:02:43.0975 9704  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
18:02:43.0980 9704  sdbus - ok
18:02:44.0031 9704  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:02:44.0040 9704  SDRSVC - ok
18:02:44.0063 9704  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:02:44.0067 9704  secdrv - ok
18:02:44.0092 9704  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
18:02:44.0114 9704  seclogon - ok
18:02:44.0138 9704  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
18:02:44.0144 9704  SENS - ok
18:02:44.0181 9704  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:02:44.0185 9704  Serenum - ok
18:02:44.0204 9704  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
18:02:44.0209 9704  Serial - ok
18:02:44.0226 9704  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:02:44.0230 9704  sermouse - ok
18:02:44.0274 9704  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:02:44.0283 9704  SessionEnv - ok
18:02:44.0321 9704  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:02:44.0324 9704  sffdisk - ok
18:02:44.0350 9704  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:02:44.0354 9704  sffp_mmc - ok
18:02:44.0375 9704  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:02:44.0379 9704  sffp_sd - ok
18:02:44.0435 9704  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:02:44.0441 9704  sfloppy - ok
18:02:44.0504 9704  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:02:44.0516 9704  SharedAccess - ok
18:02:44.0606 9704  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:02:44.0618 9704  ShellHWDetection - ok
18:02:44.0655 9704  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:02:44.0660 9704  sisagp - ok
18:02:44.0688 9704  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:02:44.0692 9704  SiSRaid2 - ok
18:02:44.0732 9704  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:02:44.0737 9704  SiSRaid4 - ok
18:02:44.0892 9704  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
18:02:45.0004 9704  slsvc - ok
18:02:45.0048 9704  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:02:45.0056 9704  SLUINotify - ok
18:02:45.0102 9704  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:02:45.0107 9704  Smb - ok
18:02:45.0149 9704  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:02:45.0156 9704  SNMPTRAP - ok
18:02:45.0172 9704  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
18:02:45.0177 9704  spldr - ok
18:02:45.0257 9704  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
18:02:45.0264 9704  Spooler - ok
18:02:45.0382 9704  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys
18:02:45.0383 9704  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:02:45.0387 9704  sptd ( LockedFile.Multi.Generic ) - warning
18:02:45.0387 9704  sptd - detected LockedFile.Multi.Generic (1)
18:02:45.0481 9704  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:02:45.0491 9704  srv - ok
18:02:45.0570 9704  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:02:45.0577 9704  srv2 - ok
18:02:45.0602 9704  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:02:45.0607 9704  srvnet - ok
18:02:45.0645 9704  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:02:45.0656 9704  SSDPSRV - ok
18:02:45.0716 9704  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:02:45.0727 9704  ssmdrv - ok
18:02:45.0771 9704  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:02:45.0780 9704  SstpSvc - ok
18:02:45.0832 9704  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
18:02:45.0864 9704  stisvc - ok
18:02:45.0956 9704  [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:02:45.0960 9704  stllssvr - ok
18:02:46.0009 9704  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:02:46.0013 9704  swenum - ok
18:02:46.0079 9704  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
18:02:46.0099 9704  swprv - ok
18:02:46.0137 9704  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:02:46.0140 9704  Symc8xx - ok
18:02:46.0158 9704  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:02:46.0160 9704  Sym_hi - ok
18:02:46.0176 9704  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:02:46.0179 9704  Sym_u3 - ok
18:02:46.0233 9704  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
18:02:46.0246 9704  SysMain - ok
18:02:46.0281 9704  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:02:46.0286 9704  TabletInputService - ok
18:02:46.0335 9704  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:02:46.0342 9704  TapiSrv - ok
18:02:46.0359 9704  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
18:02:46.0363 9704  TBS - ok
18:02:46.0432 9704  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:02:46.0466 9704  Tcpip - ok
18:02:46.0499 9704  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:02:46.0507 9704  Tcpip6 - ok
18:02:46.0617 9704  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:02:46.0620 9704  tcpipreg - ok
18:02:46.0652 9704  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:02:46.0654 9704  TDPIPE - ok
18:02:46.0689 9704  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:02:46.0694 9704  TDTCP - ok
18:02:46.0739 9704  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:02:46.0743 9704  tdx - ok
18:02:46.0762 9704  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:02:46.0764 9704  TermDD - ok
18:02:46.0816 9704  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
18:02:46.0827 9704  TermService - ok
18:02:46.0847 9704  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
18:02:46.0850 9704  Themes - ok
18:02:46.0862 9704  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:02:46.0866 9704  THREADORDER - ok
18:02:46.0903 9704  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
18:02:46.0909 9704  TrkWks - ok
18:02:46.0983 9704  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:02:46.0983 9704  TrustedInstaller - ok
18:02:47.0015 9704  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:47.0017 9704  tssecsrv - ok
18:02:47.0052 9704  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:02:47.0054 9704  tunmp - ok
18:02:47.0140 9704  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:02:47.0143 9704  tunnel - ok
18:02:47.0172 9704  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:02:47.0174 9704  uagp35 - ok
18:02:47.0204 9704  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:02:47.0210 9704  udfs - ok
18:02:47.0261 9704  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:02:47.0265 9704  UI0Detect - ok
18:02:47.0284 9704  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:02:47.0286 9704  uliagpkx - ok
18:02:47.0309 9704  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:02:47.0315 9704  uliahci - ok
18:02:47.0343 9704  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:02:47.0346 9704  UlSata - ok
18:02:47.0367 9704  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:02:47.0371 9704  ulsata2 - ok
18:02:47.0405 9704  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:02:47.0414 9704  umbus - ok
18:02:47.0452 9704  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:02:47.0459 9704  UmRdpService - ok
18:02:47.0480 9704  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
18:02:47.0488 9704  upnphost - ok
18:02:47.0533 9704  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:02:47.0535 9704  USBAAPL - ok
18:02:47.0585 9704  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:47.0588 9704  usbccgp - ok
18:02:47.0608 9704  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:02:47.0612 9704  usbcir - ok
18:02:47.0675 9704  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:02:47.0678 9704  usbehci - ok
18:02:47.0728 9704  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:02:47.0733 9704  usbhub - ok
18:02:47.0760 9704  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:02:47.0763 9704  usbohci - ok
18:02:47.0796 9704  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:02:47.0798 9704  usbprint - ok
18:02:47.0820 9704  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:47.0823 9704  USBSTOR - ok
18:02:47.0852 9704  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:02:47.0855 9704  usbuhci - ok
18:02:47.0902 9704  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:02:47.0907 9704  usbvideo - ok
18:02:47.0959 9704  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
18:02:47.0964 9704  UxSms - ok
18:02:48.0002 9704  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
18:02:48.0015 9704  vds - ok
18:02:48.0052 9704  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:48.0055 9704  vga - ok
18:02:48.0079 9704  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:02:48.0082 9704  VgaSave - ok
18:02:48.0112 9704  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:02:48.0115 9704  viaagp - ok
18:02:48.0138 9704  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:02:48.0141 9704  ViaC7 - ok
18:02:48.0159 9704  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
18:02:48.0162 9704  viaide - ok
18:02:48.0188 9704  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:02:48.0190 9704  volmgr - ok
18:02:48.0214 9704  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:02:48.0223 9704  volmgrx - ok
18:02:48.0274 9704  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:02:48.0280 9704  volsnap - ok
18:02:48.0311 9704  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:02:48.0316 9704  vsmraid - ok
18:02:48.0379 9704  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
18:02:48.0447 9704  VSS - ok
18:02:48.0493 9704  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
18:02:48.0505 9704  W32Time - ok
18:02:48.0540 9704  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:02:48.0543 9704  WacomPen - ok
18:02:48.0607 9704  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files\Wajam\Updater\WajamUpdater.exe
18:02:48.0609 9704  WajamUpdater - ok
18:02:48.0629 9704  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:02:48.0632 9704  Wanarp - ok
18:02:48.0638 9704  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:02:48.0640 9704  Wanarpv6 - ok
18:02:48.0678 9704  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
18:02:48.0711 9704  wbengine - ok
18:02:48.0767 9704  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:02:48.0782 9704  wcncsvc - ok
18:02:48.0817 9704  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:02:48.0823 9704  WcsPlugInService - ok
18:02:48.0865 9704  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
18:02:48.0868 9704  Wd - ok
18:02:48.0925 9704  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:02:48.0938 9704  Wdf01000 - ok
18:02:48.0954 9704  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:02:48.0961 9704  WdiServiceHost - ok
18:02:48.0966 9704  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:02:48.0971 9704  WdiSystemHost - ok
18:02:48.0993 9704  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
18:02:49.0003 9704  WebClient - ok
18:02:49.0093 9704  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:02:49.0101 9704  Wecsvc - ok
18:02:49.0118 9704  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:02:49.0124 9704  wercplsupport - ok
18:02:49.0176 9704  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:02:49.0185 9704  WerSvc - ok
18:02:49.0240 9704  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:02:49.0247 9704  WinDefend - ok
18:02:49.0255 9704  WinHttpAutoProxySvc - ok
18:02:49.0301 9704  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:02:49.0307 9704  Winmgmt - ok
18:02:49.0419 9704  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:02:49.0475 9704  WinRM - ok
18:02:49.0563 9704  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:02:49.0592 9704  Wlansvc - ok
18:02:49.0599 9704  wltrysvc - ok
18:02:49.0631 9704  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:02:49.0633 9704  WmiAcpi - ok
18:02:49.0677 9704  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:02:49.0682 9704  wmiApSrv - ok
18:02:49.0748 9704  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:02:49.0783 9704  WMPNetworkSvc - ok
18:02:49.0826 9704  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:02:49.0835 9704  WPDBusEnum - ok
18:02:49.0934 9704  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:02:49.0951 9704  WPFFontCache_v0400 - ok
18:02:49.0991 9704  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:02:49.0994 9704  ws2ifsl - ok
18:02:50.0034 9704  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
18:02:50.0040 9704  wscsvc - ok
18:02:50.0124 9704  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
18:02:50.0127 9704  WSDPrintDevice - ok
18:02:50.0131 9704  WSearch - ok
18:02:50.0232 9704  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:02:50.0246 9704  wuauserv - ok
18:02:50.0306 9704  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:02:50.0309 9704  WudfPf - ok
18:02:50.0323 9704  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:02:50.0328 9704  WUDFRd - ok
18:02:50.0369 9704  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:02:50.0374 9704  wudfsvc - ok
18:02:50.0476 9704  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:02:50.0485 9704  YahooAUService - ok
18:02:50.0493 9704  ================ Scan global ===============================
18:02:50.0534 9704  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:02:50.0604 9704  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:02:50.0621 9704  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:02:50.0668 9704  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:02:50.0673 9704  [Global] - ok
18:02:50.0674 9704  ================ Scan MBR ==================================
18:02:50.0685 9704  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:02:51.0274 9704  \Device\Harddisk0\DR0 - ok
18:02:51.0275 9704  ================ Scan VBR ==================================
18:02:51.0388 9704  [ 0178D2EA22BF31314F5F48EEA7935523 ] \Device\Harddisk0\DR0\Partition1
18:02:51.0499 9704  \Device\Harddisk0\DR0\Partition1 - ok
18:02:51.0503 9704  [ EA26451360F49210636A81CCA8F9545B ] \Device\Harddisk0\DR0\Partition2
18:02:51.0506 9704  \Device\Harddisk0\DR0\Partition2 - ok
18:02:51.0507 9704  ============================================================
18:02:51.0507 9704  Scan finished
18:02:51.0507 9704  ============================================================
18:02:51.0517 9060  Detected object count: 1
18:02:51.0518 9060  Actual detected object count: 1
18:03:00.0763 9060  sptd ( LockedFile.Multi.Generic ) - skipped by user
18:03:00.0763 9060  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:03:03.0444 4120  Deinitialize success
 



#4 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 10 February 2013 - 08:21 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-10 18:49:06
-----------------------------
18:49:06.623    OS Version: Windows 6.0.6002 Service Pack 2
18:49:06.623    Number of processors: 2 586 0x1706
18:49:06.623    ComputerName: OWENNE-LT-PC  UserName: Owenne
18:49:22.691    Initialize success
18:52:59.383    AVAST engine defs: 13021001
19:05:25.079    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:05:25.079    Disk 0 Vendor: ST9250320AS DE05 Size: 238475MB BusType: 3
19:05:25.094    Disk 0 MBR read successfully
19:05:25.110    Disk 0 MBR scan
19:05:25.110    Disk 0 Windows VISTA default MBR code
19:05:25.126    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       86 MB offset 63
19:05:25.141    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 178176
19:05:25.172    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       228147 MB offset 21149696
19:05:25.188    Disk 0 scanning sectors +488394752
19:05:25.313    Disk 0 scanning C:\Windows\system32\drivers
19:05:42.192    Service scanning
19:06:08.494    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:06:16.886    Modules scanning
19:06:25.810    Disk 0 trace - called modules:
19:06:25.856    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x851341f8]<<
19:06:25.856    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853fc4a0]
19:06:25.872    3 CLASSPNP.SYS[8a79e8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85194b98]
19:06:25.872    \Driver\atapi[0x851bdf38] -> IRP_MJ_CREATE -> 0x851341f8
19:06:27.354    AVAST engine scan C:\Windows
19:06:31.160    AVAST engine scan C:\Windows\system32
19:10:54.114    AVAST engine scan C:\Windows\system32\drivers
19:11:13.598    AVAST engine scan C:\Users\Owenne
19:20:00.475    Disk 0 MBR has been saved successfully to "C:\Users\Owenne\Desktop\MBR.dat"
19:20:00.475    The log file has been saved successfully to "C:\Users\Owenne\Desktop\aswMBR.txt"



#5 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 11 February 2013 - 07:51 AM

C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Users\Owenne\AppData\Local\Temp\YontooSetup-Silent.exe multiple threats 
C:\Windows.old\Documents and Settings\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Windows.old\Documents and Settings\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Windows.old\Documents and Settings\Owenne\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application 
C:\Windows.old\Documents and Settings\Owenne\AppData\Local\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application 
C:\Windows.old\Documents and Settings\Owenne\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application 
C:\Windows.old\Documents and Settings\Owenne\AppData\Local\Temp\YontooLayers.crx Win32/Adware.Yontoo.C application 
C:\Windows.old\Documents and Settings\Owenne\AppData\Local\Temp\YontooSetup-Silent.exe multiple threats 
C:\Windows.old\Documents and Settings\Owenne\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application 
C:\Windows.old\ProgramData\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Windows.old\ProgramData\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Windows.old\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Windows.old\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application 
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Owenne\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Owenne\AppData\Local\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application deleted - quarantined
C:\Users\Owenne\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Owenne\AppData\Local\Temp\YontooLayers.crx Win32/Adware.Yontoo.C application deleted - quarantined
C:\Users\Owenne\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SR1IUP6X\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Windows.old\Users\Guest user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\6a94002e-54227762 Java/TrojanDownloader.OpenStream.AF trojan deleted - quarantined
 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:56 AM

Posted 11 February 2013 - 12:10 PM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log


 



#7 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 February 2013 - 10:55 AM

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Owenne-LT-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
   Physical Address. . . . . . . . . : 00-22-5F-35-EA-32
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fdeb:d2b4:494c:0:9c47:d2e2:fb78:8f3c(Preferred)
   Temporary IPv6 Address. . . . . . : fdeb:d2b4:494c:0:d0da:144b:812e:ffb(Preferred)
   Link-local IPv6 Address . . . . . : fe80::9c47:d2e2:fb78:8f3c%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 12, 2013 9:13:08 AM
   Lease Expires . . . . . . . . . . : Wednesday, February 13, 2013 9:13:07 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 268444255
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-56-E4-CB-00-21-70-9B-02-83
   DNS Servers . . . . . . . . . . . : 66.184.128.38
                                       207.230.75.50
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-21-70-9B-02-83
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{8F38DD36-EBF0-4FE3-B034-E31FF4446150}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:c4b:676:3f57:fe96(Preferred)
   Link-local IPv6 Address . . . . . : fe80::c4b:676:3f57:fe96%13(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-anycast.deltacom.net
Address:  66.184.128.38

Name:    google.com
Addresses:  2607:f8b0:4002:c04::65
   74.125.140.139
   74.125.140.100
   74.125.140.101
   74.125.140.102
   74.125.140.113
   74.125.140.138

 

Pinging google.com [74.125.140.100] with 32 bytes of data:

Reply from 74.125.140.100: bytes=32 time=255ms TTL=45

Reply from 74.125.140.100: bytes=32 time=223ms TTL=45

 

Ping statistics for 74.125.140.100:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 223ms, Maximum = 255ms, Average = 239ms

Server:  dns-anycast.deltacom.net
Address:  66.184.128.38

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=252ms TTL=50

Reply from 206.190.36.45: bytes=32 time=312ms TTL=50

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 252ms, Maximum = 312ms, Average = 282ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 12 ...00 22 5f 35 ea 32 ...... Dell Wireless 1395 WLAN Mini-Card
 10 ...00 21 70 9b 02 83 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 11 ...00 00 00 00 00 00 00 e0  isatap.{8F38DD36-EBF0-4FE3-B034-E31FF4446150}
 14 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
 13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.105     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.105    281
    192.168.1.105  255.255.255.255         On-link     192.168.1.105    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.105    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.105    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.105    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13     18 2001::/32                On-link
 13    266 2001:0:9d38:6ab8:c4b:676:3f57:fe96/128
                                    On-link
 12     33 fdeb:d2b4:494c::/64      On-link
 12    281 fdeb:d2b4:494c:0:9c47:d2e2:fb78:8f3c/128
                                    On-link
 12    281 fdeb:d2b4:494c:0:d0da:144b:812e:ffb/128
                                    On-link
 12    281 fe80::/64                On-link
 13    266 fe80::/64                On-link
 13    266 fe80::c4b:676:3f57:fe96/128
                                    On-link
 12    281 fe80::9c47:d2e2:fb78:8f3c/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/12/2013 09:14:06 AM) (Source: Application Error) (User: )
Description: Faulting application ApplePhotoStreams.exe, version 7.2.5.1, time stamp 0x4f3a19cc, faulting module CoreFoundation.dll, version 1.630.18.0, time stamp 0x50a590d1, exception code 0xc0000005, fault offset 0x0004bdcb,
process id 0xbc4, application start time 0xApplePhotoStreams.exe0.

Error: (02/12/2013 09:12:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59300520

Error: (02/12/2013 09:12:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59300520

Error: (02/12/2013 09:12:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2013 04:44:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16568

Error: (02/11/2013 04:44:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16568

Error: (02/11/2013 04:44:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2013 04:44:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15460

Error: (02/11/2013 04:44:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15460

Error: (02/11/2013 04:44:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/12/2013 09:14:33 AM) (Source: Print) (User: NT AUTHORITY)
Description: The document Child Watch Hours.pub, owned by Owenne, failed to print on printer Dell 7130cdn PS-2. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 3362440. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\OWENNE-LT-PC. Win32 error code returned by the print processor: Child Watch Hours.pub0. Child Watch Hours.pub1

Error: (02/12/2013 09:13:17 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/12/2013 09:13:16 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/12/2013 09:13:15 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/12/2013 09:13:14 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/12/2013 09:13:13 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/12/2013 09:12:58 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/12/2013 09:12:57 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/11/2013 08:39:52 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (02/11/2013 08:39:51 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2


Microsoft Office Sessions:
=========================
Error: (02/12/2013 09:14:06 AM) (Source: Application Error)(User: )
Description: ApplePhotoStreams.exe7.2.5.14f3a19ccCoreFoundation.dll1.630.18.050a590d1c00000050004bdcbbc401ce07ed6e3e1492

Error: (02/12/2013 09:12:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59300520

Error: (02/12/2013 09:12:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59300520

Error: (02/12/2013 09:12:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2013 04:44:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16568

Error: (02/11/2013 04:44:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16568

Error: (02/11/2013 04:44:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2013 04:44:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15460

Error: (02/11/2013 04:44:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15460

Error: (02/11/2013 04:44:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2012-08-22 09:46:23.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Active@ ISO Burner (Version: 2.5.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.149)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Avira Free Antivirus (Version: 12.1.9.1236)
Bonjour (Version: 3.0.0.10)
Cisco EAP-FAST Module (Version: 2.0.26)
Cisco LEAP Module (Version: 1.0.11)
Cisco PEAP Module (Version: 1.0.12)
Cisco WebEx Meetings
DealRunner 1.27 (Version: 1.26)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Resource CD (Version: 1.00.0000)
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card (Version: 4.170.25.12)
DocuWare 5 Client (Version: 5.1.202)
ESET Online Scanner v3
Freeze.com NetAssistant (Version: 3.8.3)
FrostWire 5.5.1 (Version: 5.5.1.0)
Google Talk Plugin (Version: 3.13.2.11592)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.123)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HP LaserJet P2030 Series
hppusgP2030 (Version: 000.000.00005)
HPSSupply (Version: 2.1.1.0000)
iCloud (Version: 1.1.0.40)
InstallIQ Updater (Version: 1.4.3.0)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
iTunes (Version: 10.7.0.21)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Laptop Integrated Webcam Driver (1.00.01.0108) 
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MarketResearch (Version: 100.0.170.000)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
mMHouse (Version: 9.24.0000)
mPfMgr (Version: 9.24.0000)
MrvlUsgTracking (Version: 1.0.7)
mWMI (Version: 9.24.0000)
NetAssistant (Version: 3.8.3)
Norton Security Scan (Version: 3.7.2.5)
NVIDIA Drivers (Version: 1.3)
O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.17)
QuickTime (Version: 7.69.80.9)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5555)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Wajam (Version: 1.47)
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Devices: ================================

Name: Biometric Coprocessor
Description: Biometric Coprocessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: MATbleepA DVD+-RW UJ-875S ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 3069.5 MB
Available physical RAM: 1222.36 MB
Total Pagefile: 6348.08 MB
Available Pagefile: 2647.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.73 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:222.8 GB) (Free:109.14 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.64 GB) NTFS

========================= Users: ========================================

User accounts for \\OWENNE-LT-PC

Administrator            Guest                    Owenne                  


**** End of log ****



#8 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 February 2013 - 10:58 AM

Farbar Service Scanner Version: 10-02-2013
Ran by Owenne (administrator) on 12-02-2013 at 09:57:33
Running from "C:\Users\Owenne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYGAI7I9"
Windows Vista ™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#9 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 February 2013 - 11:18 AM

# AdwCleaner v2.112 - Logfile created 02/12/2013 at 10:08:59
# Updated 10/02/2013 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : Owenne - OWENNE-LT-PC
# Boot Mode : Normal
# Running from : C:\Users\Owenne\Desktop\Clean Up Programs\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\DealRunner
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealRunner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Owenne\AppData\Local\Wajam
Folder Deleted : C:\Users\Owenne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\DealRunner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [6240 octets] - [12/02/2013 10:08:59]

########## EOF - C:\AdwCleaner[S1].txt - [6300 octets] ##########



#10 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 February 2013 - 11:26 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows Vista ™ Business x86
Ran by Owenne on Tue 02/12/2013 at 10:20:37.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-971216754-287460907-2504456307-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\Owenne\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/12/2013 at 10:23:47.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 February 2013 - 11:30 AM

kill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/12/2013 10:28:42 AM in x86 mode.
Windows Version: Windows Vista ™ Business Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\System32\WLTRYSVC.EXE (PID: 1720) [WD-HEUR]
 * C:\Windows\System32\bcmwltry.exe (PID: 1832) [WD-HEUR]
 * C:\Windows\System32\WLTRAY.EXE (PID: 1472) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * WPCSvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 02/12/2013 10:29:00 AM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)



#12 ooutlaw

ooutlaw
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 February 2013 - 11:31 AM

Seem to be in good working order now.  Please let me know if you advise any other actions.


Thanks again for you help!



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:56 AM

Posted 12 February 2013 - 11:34 AM

Still need the malwarebytes & Autoruns log.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users