Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me remove this malware. Mcvbtnokazd.exe


  • Please log in to reply
36 replies to this topic

#1 tomjoram

tomjoram

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 18 February 2013 - 01:16 AM

HI i Good day Sir!

I would like to remove this process because its causing to increase the CPU usage and my cpu is getting noisy. I really want to get rid of this malware , any help can help or guide me what to do would be greatly appreciated. Thanks!



BC AdBot (Login to Remove)

 


#2 AbsoZed

AbsoZed

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Anna, IL
  • Local time:10:08 AM

Posted 18 February 2013 - 01:24 AM

Hullo there. After some quick research, that appears to be a trojan. Download and install Sophos Virus Removal tool, and that should help you remove it.

 

http://downloads.sophos.com/tools/withides/Sophos%20Virus%20Removal%20Tool.exe



#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 18 February 2013 - 01:36 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#4 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 18 February 2013 - 03:14 AM

16:10:48.0937 20780  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:10:50.0937 20780  ============================================================
16:10:50.0937 20780  Current date / time: 2013/02/18 16:10:50.0937
16:10:50.0937 20780  SystemInfo:
16:10:50.0937 20780  
16:10:50.0937 20780  OS Version: 5.1.2600 ServicePack: 3.0
16:10:50.0937 20780  Product type: Workstation
16:10:50.0937 20780  ComputerName: OWNER-609CDC00D
16:10:50.0937 20780  UserName: OWNER
16:10:50.0937 20780  Windows directory: C:\WINDOWS
16:10:50.0937 20780  System windows directory: C:\WINDOWS
16:10:50.0937 20780  Processor architecture: Intel x86
16:10:50.0937 20780  Number of processors: 2
16:10:50.0937 20780  Page size: 0x1000
16:10:50.0937 20780  Boot type: Normal boot
16:10:50.0937 20780  ============================================================
16:10:52.0531 20780  Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:10:52.0546 20780  ============================================================
16:10:52.0546 20780  \Device\Harddisk0\DR0:
16:10:52.0546 20780  MBR partitions:
16:10:52.0546 20780  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
16:10:52.0562 20780  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A8533F, BlocksNum 0x4A94DC5
16:10:52.0562 20780  ============================================================
16:10:52.0609 20780  C: <-> \Device\Harddisk0\DR0\Partition1
16:10:52.0750 20780  D: <-> \Device\Harddisk0\DR0\Partition2
16:10:52.0765 20780  ============================================================
16:10:52.0765 20780  Initialize success
16:10:52.0765 20780  ============================================================
16:12:44.0437 4136  ============================================================
16:12:44.0437 4136  Scan started
16:12:44.0437 4136  Mode: Manual; 
16:12:44.0437 4136  ============================================================
16:12:45.0109 4136  ================ Scan system memory ========================
16:12:45.0109 4136  System memory - ok
16:12:45.0109 4136  ================ Scan services =============================
16:12:45.0453 4136  Abiosdsk - ok
16:12:45.0468 4136  abp480n5 - ok
16:12:45.0546 4136  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:12:45.0546 4136  ACPI - ok
16:12:45.0593 4136  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
16:12:45.0593 4136  ACPIEC - ok
16:12:45.0609 4136  adpu160m - ok
16:12:45.0687 4136  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
16:12:45.0687 4136  aec - ok
16:12:45.0718 4136  [ D6EE6014241D034E63C49A50CB2B442A ] AFD             C:\WINDOWS\System32\drivers\afd.sys
16:12:45.0734 4136  AFD - ok
16:12:45.0796 4136  Aha154x - ok
16:12:45.0843 4136  aic78u2 - ok
16:12:45.0890 4136  aic78xx - ok
16:12:45.0968 4136  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
16:12:45.0968 4136  Alerter - ok
16:12:45.0984 4136  AliIde - ok
16:12:46.0000 4136  amsint - ok
16:12:46.0062 4136  amsint32 - ok
16:12:46.0093 4136  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
16:12:46.0109 4136  AppMgmt - ok
16:12:46.0140 4136  asc - ok
16:12:46.0187 4136  asc3350p - ok
16:12:46.0234 4136  asc3550 - ok
16:12:46.0484 4136  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:12:46.0500 4136  aspnet_state - ok
16:12:46.0531 4136  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:12:46.0531 4136  AsyncMac - ok
16:12:46.0578 4136  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
16:12:46.0578 4136  atapi - ok
16:12:46.0609 4136  Atdisk - ok
16:12:46.0671 4136  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:12:46.0671 4136  Atmarpc - ok
16:12:46.0703 4136  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:12:46.0718 4136  AudioSrv - ok
16:12:46.0765 4136  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
16:12:46.0765 4136  audstub - ok
16:12:46.0828 4136  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:12:46.0828 4136  Beep - ok
16:12:46.0875 4136  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
16:12:46.0921 4136  BITS - ok
16:12:46.0968 4136  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
16:12:46.0984 4136  Browser - ok
16:12:47.0031 4136  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
16:12:47.0031 4136  cbidf2k - ok
16:12:47.0078 4136  cd20xrnt - ok
16:12:47.0125 4136  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
16:12:47.0125 4136  Cdaudio - ok
16:12:47.0187 4136  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:12:47.0187 4136  Cdfs - ok
16:12:47.0218 4136  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:12:47.0218 4136  Cdrom - ok
16:12:47.0265 4136  Changer - ok
16:12:47.0406 4136  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:12:47.0828 4136  clr_optimization_v4.0.30319_32 - ok
16:12:47.0859 4136  CmdIde - ok
16:12:47.0968 4136  [ A0F7D6B070F15EAD9F4231B51B246E4C ] cmuda3          C:\WINDOWS\system32\drivers\cmudax3.sys
16:12:48.0015 4136  cmuda3 - ok
16:12:48.0046 4136  COMSysApp - ok
16:12:48.0093 4136  Cpqarray - ok
16:12:48.0125 4136  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:12:48.0140 4136  CryptSvc - ok
16:12:48.0156 4136  dac2w2k - ok
16:12:48.0203 4136  dac960nt - ok
16:12:48.0312 4136  [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:12:48.0328 4136  DcomLaunch - ok
16:12:48.0359 4136  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:12:48.0375 4136  Dhcp - ok
16:12:48.0421 4136  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:12:48.0421 4136  Disk - ok
16:12:48.0437 4136  dmadmin - ok
16:12:48.0500 4136  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:12:48.0515 4136  dmboot - ok
16:12:48.0562 4136  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:12:48.0562 4136  dmio - ok
16:12:48.0609 4136  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:12:48.0609 4136  dmload - ok
16:12:48.0656 4136  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:12:48.0656 4136  dmserver - ok
16:12:48.0718 4136  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:12:48.0718 4136  DMusic - ok
16:12:48.0765 4136  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:12:48.0765 4136  Dnscache - ok
16:12:48.0812 4136  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:12:48.0828 4136  Dot3svc - ok
16:12:48.0843 4136  dpti2o - ok
16:12:48.0937 4136  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:12:48.0937 4136  drmkaud - ok
16:12:49.0062 4136  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
16:12:49.0062 4136  EapHost - ok
16:12:49.0109 4136  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
16:12:49.0109 4136  ERSvc - ok
16:12:49.0171 4136  [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog        C:\WINDOWS\system32\services.exe
16:12:49.0171 4136  Eventlog - ok
16:12:49.0218 4136  [ 19A799805B24990867B00C120D300C3A ] EventSystem     C:\WINDOWS\system32\es.dll
16:12:49.0234 4136  EventSystem - ok
16:12:49.0281 4136  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
16:12:49.0281 4136  Fastfat - ok
16:12:49.0328 4136  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:12:49.0343 4136  FastUserSwitchingCompatibility - ok
16:12:49.0375 4136  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
16:12:49.0375 4136  Fdc - ok
16:12:49.0406 4136  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:12:49.0406 4136  Fips - ok
16:12:49.0453 4136  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
16:12:49.0453 4136  Flpydisk - ok
16:12:49.0531 4136  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:12:49.0531 4136  FltMgr - ok
16:12:49.0578 4136  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:12:49.0578 4136  Fs_Rec - ok
16:12:49.0609 4136  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:12:49.0609 4136  Ftdisk - ok
16:12:49.0656 4136  GGSAFERDriver - ok
16:12:49.0734 4136  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:12:49.0734 4136  Gpc - ok
16:12:49.0796 4136  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:12:49.0812 4136  helpsvc - ok
16:12:49.0843 4136  HidServ - ok
16:12:49.0906 4136  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:12:49.0906 4136  HidUsb - ok
16:12:49.0953 4136  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
16:12:49.0953 4136  hkmsvc - ok
16:12:49.0984 4136  hpn - ok
16:12:50.0046 4136  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:12:50.0062 4136  HTTP - ok
16:12:50.0109 4136  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:12:50.0109 4136  HTTPFilter - ok
16:12:50.0234 4136  i2omgmt - ok
16:12:50.0281 4136  i2omp - ok
16:12:50.0359 4136  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:12:50.0359 4136  i8042prt - ok
16:12:50.0421 4136  [ 681887CF1AB16171DBBC7A9FD3BB108B ] IDMTDI          C:\WINDOWS\system32\DRIVERS\idmtdi.sys
16:12:50.0437 4136  IDMTDI - ok
16:12:50.0468 4136  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
16:12:50.0484 4136  Imapi - ok
16:12:50.0515 4136  ini910u - ok
16:12:50.0593 4136  IntelIde - ok
16:12:50.0640 4136  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:12:50.0640 4136  intelppm - ok
16:12:50.0687 4136  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:12:50.0687 4136  Ip6Fw - ok
16:12:50.0750 4136  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:12:50.0750 4136  IpFilterDriver - ok
16:12:50.0781 4136  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:12:50.0781 4136  IpInIp - ok
16:12:50.0828 4136  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:12:50.0843 4136  IpNat - ok
16:12:50.0875 4136  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:12:50.0875 4136  IPSec - ok
16:12:50.0921 4136  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:12:50.0937 4136  IRENUM - ok
16:12:50.0984 4136  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:12:51.0000 4136  isapnp - ok
16:12:51.0046 4136  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:12:51.0046 4136  Kbdclass - ok
16:12:51.0109 4136  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:12:51.0109 4136  kmixer - ok
16:12:51.0156 4136  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:12:51.0156 4136  KSecDD - ok
16:12:51.0203 4136  [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
16:12:51.0218 4136  LanmanServer - ok
16:12:51.0265 4136  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:12:51.0281 4136  lanmanworkstation - ok
16:12:51.0312 4136  lbrtfdc - ok
16:12:51.0406 4136  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
16:12:51.0406 4136  LmHosts - ok
16:12:51.0453 4136  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:12:51.0453 4136  MBAMSwissArmy - ok
16:12:51.0484 4136  mcdbus - ok
16:12:51.0562 4136  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
16:12:51.0562 4136  Messenger - ok
16:12:51.0609 4136  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
16:12:51.0609 4136  mnmdd - ok
16:12:51.0671 4136  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
16:12:51.0671 4136  Modem - ok
16:12:51.0703 4136  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:12:51.0703 4136  Mouclass - ok
16:12:51.0750 4136  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:12:51.0750 4136  mouhid - ok
16:12:51.0796 4136  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:12:51.0796 4136  MountMgr - ok
16:12:51.0828 4136  mraid35x - ok
16:12:51.0875 4136  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:12:51.0890 4136  MRxDAV - ok
16:12:51.0937 4136  [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:12:51.0953 4136  MRxSmb - ok
16:12:52.0031 4136  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:12:52.0031 4136  Msfs - ok
16:12:52.0078 4136  MSIServer - ok
16:12:52.0140 4136  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:12:52.0140 4136  MSKSSRV - ok
16:12:52.0171 4136  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:12:52.0171 4136  MSPCLOCK - ok
16:12:52.0203 4136  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:12:52.0203 4136  MSPQM - ok
16:12:52.0265 4136  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:12:52.0265 4136  mssmbios - ok
16:12:52.0296 4136  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
16:12:52.0296 4136  Mup - ok
16:12:52.0359 4136  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
16:12:52.0390 4136  napagent - ok
16:12:52.0421 4136  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:12:52.0437 4136  NDIS - ok
16:12:52.0468 4136  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:12:52.0468 4136  NdisTapi - ok
16:12:52.0515 4136  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:12:52.0531 4136  Ndisuio - ok
16:12:52.0562 4136  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:12:52.0562 4136  NdisWan - ok
16:12:52.0593 4136  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:12:52.0593 4136  NDProxy - ok
16:12:52.0625 4136  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:12:52.0625 4136  NetBIOS - ok
16:12:52.0671 4136  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:12:52.0687 4136  NetBT - ok
16:12:52.0734 4136  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:12:52.0734 4136  Netlogon - ok
16:12:52.0781 4136  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
16:12:52.0796 4136  Netman - ok
16:12:52.0843 4136  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:12:52.0875 4136  NetTcpPortSharing - ok
16:12:52.0921 4136  [ FCEE5FCB99F7C724593365C706D28388 ] Nla             C:\WINDOWS\System32\mswsock.dll
16:12:52.0937 4136  Nla - ok
16:12:52.0968 4136  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:12:52.0984 4136  Npfs - ok
16:12:53.0046 4136  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:12:53.0062 4136  Ntfs - ok
16:12:53.0093 4136  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
16:12:53.0093 4136  NtLmSsp - ok
16:12:53.0218 4136  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
16:12:53.0250 4136  NtmsSvc - ok
16:12:53.0296 4136  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:12:53.0296 4136  Null - ok
16:12:53.0328 4136  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:12:53.0328 4136  NwlnkFlt - ok
16:12:53.0375 4136  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:12:53.0375 4136  NwlnkFwd - ok
16:12:53.0484 4136  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:12:53.0500 4136  odserv - ok
16:12:53.0562 4136  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:12:53.0562 4136  ose - ok
16:12:53.0609 4136  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
16:12:53.0609 4136  Parport - ok
16:12:53.0640 4136  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
16:12:53.0640 4136  PartMgr - ok
16:12:53.0703 4136  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:12:53.0703 4136  ParVdm - ok
16:12:53.0734 4136  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
16:12:53.0734 4136  PCI - ok
16:12:53.0781 4136  PCIDump - ok
16:12:53.0828 4136  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:12:53.0828 4136  PCIIde - ok
16:12:53.0890 4136  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
16:12:53.0906 4136  Pcmcia - ok
16:12:53.0937 4136  PDCOMP - ok
16:12:53.0984 4136  PDFRAME - ok
16:12:54.0015 4136  PDRELI - ok
16:12:54.0062 4136  PDRFRAME - ok
16:12:54.0187 4136  perc2 - ok
16:12:54.0218 4136  perc2hib - ok
16:12:54.0281 4136  [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay        C:\WINDOWS\system32\services.exe
16:12:54.0281 4136  PlugPlay - ok
16:12:54.0296 4136  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
16:12:54.0312 4136  PolicyAgent - ok
16:12:54.0328 4136  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:12:54.0328 4136  PptpMiniport - ok
16:12:54.0343 4136  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:12:54.0343 4136  ProtectedStorage - ok
16:12:54.0359 4136  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
16:12:54.0375 4136  PSched - ok
16:12:54.0406 4136  [ BCF8D075FAD718FEA8EF6E281331A56E ] PStrip          C:\WINDOWS\system32\drivers\pstrip.sys
16:12:54.0406 4136  PStrip - ok
16:12:54.0437 4136  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:12:54.0437 4136  Ptilink - ok
16:12:54.0437 4136  ql1080 - ok
16:12:54.0468 4136  Ql10wnt - ok
16:12:54.0484 4136  ql12160 - ok
16:12:54.0500 4136  ql1240 - ok
16:12:54.0515 4136  ql1280 - ok
16:12:54.0531 4136  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:12:54.0531 4136  RasAcd - ok
16:12:54.0546 4136  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:12:54.0562 4136  RasAuto - ok
16:12:54.0578 4136  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:12:54.0578 4136  Rasl2tp - ok
16:12:54.0609 4136  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:12:54.0640 4136  RasMan - ok
16:12:54.0640 4136  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:12:54.0656 4136  RasPppoe - ok
16:12:54.0687 4136  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:12:54.0687 4136  Raspti - ok
16:12:54.0718 4136  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:12:54.0718 4136  Rdbss - ok
16:12:54.0765 4136  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:12:54.0765 4136  RDPCDD - ok
16:12:54.0796 4136  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:12:54.0796 4136  rdpdr - ok
16:12:54.0843 4136  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
16:12:54.0843 4136  RDPWD - ok
16:12:54.0875 4136  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
16:12:54.0875 4136  redbook - ok
16:12:54.0921 4136  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:12:54.0921 4136  RemoteAccess - ok
16:12:54.0953 4136  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
16:12:54.0953 4136  RemoteRegistry - ok
16:12:54.0984 4136  [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
16:12:55.0000 4136  RpcSs - ok
16:12:55.0078 4136  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:12:55.0078 4136  rtl8139 - ok
16:12:55.0093 4136  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:12:55.0093 4136  SamSs - ok
16:12:55.0140 4136  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:12:55.0156 4136  Schedule - ok
16:12:55.0187 4136  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:12:55.0187 4136  Secdrv - ok
16:12:55.0234 4136  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:12:55.0234 4136  seclogon - ok
16:12:55.0250 4136  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
16:12:55.0265 4136  SENS - ok
16:12:55.0281 4136  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
16:12:55.0281 4136  serenum - ok
16:12:55.0312 4136  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
16:12:55.0312 4136  Serial - ok
16:12:55.0343 4136  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
16:12:55.0343 4136  Sfloppy - ok
16:12:55.0375 4136  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:12:55.0406 4136  SharedAccess - ok
16:12:55.0421 4136  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:12:55.0421 4136  ShellHWDetection - ok
16:12:55.0421 4136  Simbad - ok
16:12:55.0437 4136  Sparrow - ok
16:12:55.0453 4136  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:12:55.0453 4136  splitter - ok
16:12:55.0484 4136  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:12:55.0484 4136  sr - ok
16:12:55.0515 4136  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
16:12:55.0531 4136  srservice - ok
16:12:55.0562 4136  [ 5252605079810904E31C332E241CD59B ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
16:12:55.0593 4136  Srv - ok
16:12:55.0609 4136  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:12:55.0625 4136  SSDPSRV - ok
16:12:55.0656 4136  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:12:55.0671 4136  stisvc - ok
16:12:55.0703 4136  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:12:55.0703 4136  swenum - ok
16:12:55.0718 4136  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:12:55.0718 4136  swmidi - ok
16:12:55.0734 4136  SwPrv - ok
16:12:55.0734 4136  symc810 - ok
16:12:55.0750 4136  symc8xx - ok
16:12:55.0765 4136  sym_hi - ok
16:12:55.0765 4136  sym_u3 - ok
16:12:55.0812 4136  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:12:55.0812 4136  sysaudio - ok
16:12:55.0859 4136  [ E5690EA1BA99FE057491C1510A29E066 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
16:12:55.0859 4136  tap0901 - ok
16:12:55.0890 4136  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:12:55.0906 4136  TapiSrv - ok
16:12:55.0937 4136  [ AD978A1B783B5719720CFF204B666C8E ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:12:55.0953 4136  Tcpip - ok
16:12:55.0968 4136  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:12:55.0984 4136  TDPIPE - ok
16:12:55.0984 4136  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
16:12:56.0000 4136  TDTCP - ok
16:12:56.0015 4136  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:12:56.0015 4136  TermDD - ok
16:12:56.0062 4136  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
16:12:56.0093 4136  TermService - ok
16:12:56.0109 4136  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:12:56.0109 4136  Themes - ok
16:12:56.0140 4136  TosIde - ok
16:12:56.0171 4136  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:12:56.0187 4136  TrkWks - ok
16:12:56.0218 4136  [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys
16:12:56.0218 4136  uagp35 - ok
16:12:56.0234 4136  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:12:56.0234 4136  Udfs - ok
16:12:56.0250 4136  ultra - ok
16:12:56.0328 4136  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
16:12:56.0359 4136  Update - ok
16:12:56.0390 4136  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:12:56.0437 4136  upnphost - ok
16:12:56.0468 4136  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
16:12:56.0468 4136  usbaudio - ok
16:12:56.0515 4136  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:12:56.0515 4136  usbccgp - ok
16:12:56.0546 4136  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:12:56.0546 4136  usbehci - ok
16:12:56.0593 4136  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:12:56.0593 4136  usbhub - ok
16:12:56.0703 4136  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:12:56.0718 4136  usbprint - ok
16:12:56.0750 4136  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:12:56.0750 4136  USBSTOR - ok
16:12:56.0750 4136  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:12:56.0765 4136  usbuhci - ok
16:12:56.0796 4136  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
16:12:56.0796 4136  VgaSave - ok
16:12:56.0828 4136  [ 82F397AAD55FFD1ADAC98E945FBCDA19 ] viagfx          C:\WINDOWS\system32\DRIVERS\vtmini.sys
16:12:56.0843 4136  viagfx - ok
16:12:56.0859 4136  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
16:12:56.0875 4136  ViaIde - ok
16:12:56.0875 4136  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
16:12:56.0875 4136  VolSnap - ok
16:12:56.0906 4136  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
16:12:56.0921 4136  W32Time - ok
16:12:56.0953 4136  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:12:56.0953 4136  Wanarp - ok
16:12:56.0953 4136  WDICA - ok
16:12:56.0984 4136  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:12:56.0984 4136  wdmaud - ok
16:12:57.0000 4136  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:12:57.0015 4136  WebClient - ok
16:12:57.0078 4136  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:12:57.0093 4136  winmgmt - ok
16:12:57.0125 4136  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
16:12:57.0125 4136  WmdmPmSN - ok
16:12:57.0218 4136  [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi             C:\WINDOWS\System32\advapi32.dll
16:12:57.0265 4136  Wmi - ok
16:12:57.0359 4136  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:12:57.0406 4136  WPFFontCache_v0400 - ok
16:12:57.0453 4136  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:12:57.0500 4136  wscsvc - ok
16:12:57.0515 4136  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:12:57.0546 4136  wuauserv - ok
16:12:57.0578 4136  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:12:57.0578 4136  WudfPf - ok
16:12:57.0656 4136  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:12:57.0656 4136  WudfRd - ok
16:12:57.0718 4136  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
16:12:57.0718 4136  WudfSvc - ok
16:12:57.0796 4136  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:12:57.0843 4136  WZCSVC - ok
16:12:57.0875 4136  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
16:12:57.0921 4136  xmlprov - ok
16:12:57.0921 4136  ZTEusbmdm6k - ok
16:12:57.0937 4136  ZTEusbnmea - ok
16:12:57.0937 4136  ZTEusbser6k - ok
16:12:57.0953 4136  ================ Scan global ===============================
16:12:57.0968 4136  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:12:57.0984 4136  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
16:12:58.0015 4136  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
16:12:58.0031 4136  [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
16:12:58.0046 4136  [Global] - ok
16:12:58.0046 4136  ================ Scan MBR ==================================
16:12:58.0062 4136  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:12:58.0828 4136  \Device\Harddisk0\DR0 - ok
16:12:58.0828 4136  ================ Scan VBR ==================================
16:12:58.0859 4136  [ 8B8926ADCCAD5D159FECE93B269739B3 ] \Device\Harddisk0\DR0\Partition1
16:12:58.0859 4136  \Device\Harddisk0\DR0\Partition1 - ok
16:12:58.0921 4136  [ EFB33CA23E3255DF03667CFC68AE613E ] \Device\Harddisk0\DR0\Partition2
16:12:58.0921 4136  \Device\Harddisk0\DR0\Partition2 - ok
16:12:58.0921 4136  ============================================================
16:12:58.0921 4136  Scan finished
16:12:58.0921 4136  ============================================================
16:12:59.0000 8524  Detected object count: 0
16:12:59.0000 8524  Actual detected object count: 0
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-18 15:59:46
-----------------------------
15:59:46.703    OS Version: Windows 5.1.2600 Service Pack 3
15:59:46.703    Number of processors: 2 586 0x409
15:59:46.703    ComputerName: OWNER-609CDC00D  UserName: OWNER
15:59:48.343    Initialize success
15:59:56.562    AVAST engine download error: 0
16:00:01.750    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-a
16:00:01.750    Disk 0 Vendor: SAMSUNG_SP0822N WA100-34 Size: 76351MB BusType: 3
16:00:01.796    Disk 0 MBR read successfully
16:00:01.796    Disk 0 MBR scan
16:00:01.796    Disk 0 Windows XP default MBR code
16:00:01.812    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        38154 MB offset 63
16:00:01.812    Disk 0 Partition - 00     0F Extended LBA             38185 MB offset 78140160
16:00:01.859    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        38185 MB offset 78140223
16:00:01.890    Disk 0 scanning sectors +156344580
16:00:02.078    Disk 0 scanning C:\WINDOWS\system32\drivers
16:00:17.562    Service scanning
16:00:26.750    Modules scanning
16:00:35.734    Disk 0 trace - called modules:
16:00:35.750    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS 
16:00:35.750    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859e73f0]
16:00:35.750    3 CLASSPNP.SYS[f75b0fd7] -> nt!IofCallDriver -> \Device\0000005e[0x859522d0]
16:00:35.750    5 ACPI.sys[f7447620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-a[0x85951940]
16:00:35.750    Scan finished successfully
16:04:36.593    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\OWNER\Desktop\MBR.dat"
16:04:36.593    The log file has been saved successfully to "C:\Documents and Settings\OWNER\Desktop\aswMBR.txt"
 


#5 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 February 2013 - 10:54 PM

hello?



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 20 February 2013 - 10:55 PM

You still didnot post the ESET scanner log :)



#7 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 February 2013 - 10:56 PM

i cant seem to run it online. and when i click start it just stocked up in downloading components i think the malware is stopping the download?



#8 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 February 2013 - 10:58 PM

it also says. "cannot get update? Is proxy configured?" i dont even use proxy.



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 20 February 2013 - 10:59 PM

Please run ESET online scanner from safemode with networking.

 

Run the following scans from normal mode

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#10 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 February 2013 - 11:20 PM

when i press F8 and choose safe mode with networking it doesnt go through it just reboot and tried safe mode, safe mode with cmd. i still cant get in only in normal mode, and the tools mentioned here i cannot download them and error appears 

Oops! Google Chrome could not connect to download.bleepingcomputer.com Suggestions:

 

 

 



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 20 February 2013 - 11:28 PM

Download from here

 

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

 

Ignore ESET scan for now.Run all the scans in normal mode


Edited by narenxp, 20 February 2013 - 11:28 PM.


#12 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 February 2013 - 12:11 AM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.21.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
OWNER :: OWNER-609CDC00D [administrator]
 
2/21/2013 1:12:03 PM
mbam-log-2013-02-21 (13-12-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208699
Time elapsed: 4 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.
 
Registry Values Detected: 5
HKCR\exefile|NeverShowExt (Risk.HiddenExt) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|blank (Trojan.StartPage) -> Data: http://www.114116.info -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Data: http://www.114116.info -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|blank (Trojan.StartPage) -> Data: http://www.114116.info -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Data: http://www.114116.info -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.114116.info) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.114116.info) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.114116.info) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.114116.info) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 11
C:\Documents and Settings\OWNER\Desktop\ Anti Malware.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\Documents and Settings\OWNER\Desktop\ janjan.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\Documents and Settings\OWNER\Desktop\ JOSEPH.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\Documents and Settings\OWNER\Desktop\ New Folder (2).exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\Documents and Settings\OWNER\Desktop\ New Folder.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\Documents and Settings\OWNER\Desktop\ TOMMY DOC.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1123561945-1659004503-1177238915-1003\Dc3.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1123561945-1659004503-1177238915-1003\Dc4.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1123561945-1659004503-1177238915-1003\Dc8.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1123561945-1659004503-1177238915-1003\Dc9.exe (Trojn.VBAgent) -> Quarantined and deleted successfully.
C:\Documents and Settings\OWNER\Application Data\cssrs.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
 
(end)


#13 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 February 2013 - 12:17 AM

MiniToolBox by Farbar  Version:10-01-2013
Ran by OWNER (administrator) on 21-02-2013 at 13:26:33
Running from "C:\Documents and Settings\OWNER\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 Windows IP Configuration  Successfully flushed the DNS Resolver Cache. 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================


#14 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 February 2013 - 12:19 AM

Farbar Service Scanner Version: 20-02-2013
Ran by OWNER (administrator) on 21-02-2013 at 13:29:36
Running from "C:\Documents and Settings\OWNER\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
 
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2008-07-12 11:09] - [2008-07-12 11:09] - 0138496 ____A (Microsoft Corporation) D6EE6014241D034E63C49A50CB2B442A
 
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2012-11-29 09:06] - [2008-04-14 00:00] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
 
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2008-04-14 00:00] - [2008-04-14 00:00] - 0108544 ____A (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185
 
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****


#15 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 174 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 February 2013 - 12:24 AM

# AdwCleaner v2.112 - Logfile created 02/21/2013 at 13:31:57
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : OWNER - OWNER-609CDC00D
# Boot Mode : Normal
# Running from : C:\Documents and Settings\OWNER\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\0wnh8axg.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Softonic
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v7.0.6000.16674
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v9.0.1 (en-US)
 
File : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\0wnh8axg.default\prefs.js
 
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Documents and Settings\OWNER\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [1117 octets] - [21/02/2013 13:31:57]
 
########## EOF - C:\AdwCleaner[S1].txt - [1177 octets] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users