Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keep getting pop ups notifying me of problems


  • This topic is locked This topic is locked
24 replies to this topic

#1 stdoyle84

stdoyle84

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 20 March 2013 - 09:05 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.17.2
Run by Robin at 20:56:39 on 2013-03-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.753 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\vVX3000.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [cdloader] "c:\users\robin\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Greenshot] c:\program files\greenshot\Greenshot.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\robin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{28080EAF-AD6C-466E-B6CD-A704C95B4312} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\robin\appdata\roaming\mozilla\firefox\profiles\crtslaz0.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-17 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-17 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-17 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-17 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-17 44768]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2011-6-17 1034496]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\iexplore.exe="c:\program files\internet explorer\iexplore.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-21 00:47:51 -------- d-----w- c:\users\robin\appdata\local\temp
2013-03-21 00:46:08 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-20 23:52:51 98816 ----a-w- c:\windows\sed.exe
2013-03-20 23:52:51 256000 ----a-w- c:\windows\PEV.exe
2013-03-20 23:52:51 208896 ----a-w- c:\windows\MBR.exe
2013-03-20 22:55:29 -------- d-----w- c:\users\robin\appdata\local\MigWiz
2013-03-19 01:51:31 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 01:51:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-03-19 03:04:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 03:04:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-19 01:49:49 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 20:57:37.16 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/17/2011 1:21:50 PM
System Uptime: 3/20/2013 7:56:55 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 135.225 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP996: 3/18/2013 6:22:31 PM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
avast! Free Antivirus
Bonjour
BufferChm
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CutePDF Writer 2.8
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
Driver Detective
Epson Connect
Epson Connect Printer Setup
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print
Essentials of Health Information Management StudyWARE
eSupportQFolder
F2200
F2200_Help
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Greenshot
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 17
Java Auto Updater
LTCM Client
magicJack
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shop for HP Supplies
Skype Click to Call
Skype™ 5.8
SmartWebPrintingOC
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
WebReg
Zoo Tycoon 2
.
==== Event Viewer Messages From Past Week ========
.
3/20/2013 8:00:52 PM, Error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
3/20/2013 8:00:52 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/20/2013 7:44:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/20/2013 6:52:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/20/2013 6:34:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6
3/20/2013 6:34:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/20/2013 6:34:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/20/2013 6:33:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/20/2013 6:33:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/20/2013 6:33:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/20/2013 6:33:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:31:29 PM on 3/20/2013 was unexpected.
3/20/2013 6:30:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
3/20/2013 6:30:45 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2013 6:24:17 PM, Error: EventLog [6008] - The previous system shutdown at 6:21:40 PM on 3/20/2013 was unexpected.
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows Vista (KB2748349).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office 2007 suites (KB2596802).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office 2007 suites (KB2596660).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office 2007 suites (KB2596620).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2712808).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Works 9 (KB2754670).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2687499).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2687441).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2687439).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2687311).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2596754).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2736416).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2756919).
3/20/2013 3:00:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2789646).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update Rollup for ActiveX Killbits for Windows Vista (KB2736233).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office Outlook 2007 (KB2687404).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office 2007 suites (KB2767916).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft Office 2007 suites (KB2596848).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Skype 5.10 for Windows (KB2727727).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2799494).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2753842).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Silverlight (KB2814124).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office Word 2007 (KB2760421).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office InfoPath 2007 (KB2687440).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office Excel 2007 (KB2687307).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2760416).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2596615).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Internet Explorer 9 for Windows Vista (KB2797052).
3/20/2013 3:00:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2809289).
3/19/2013 10:51:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
3/19/2013 10:51:38 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/19/2013 10:47:55 AM, Error: EventLog [6008] - The previous system shutdown at 10:45:13 AM on 3/19/2013 was unexpected.
3/18/2013 8:46:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/18/2013 8:45:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
3/18/2013 8:21:27 PM, Error: EventLog [6008] - The previous system shutdown at 8:19:11 PM on 3/18/2013 was unexpected.
3/18/2013 8:17:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
3/18/2013 8:17:04 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2013 7:57:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
3/18/2013 2:03:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/18/2013 2:03:20 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2013 2:03:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/18/2013 10:25:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/17/2013 7:47:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB2799494).
3/17/2013 7:33:31 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:16 PM on 3/17/2013 was unexpected.
3/17/2013 7:29:00 PM, Error: EventLog [6008] - The previous system shutdown at 8:26:38 PM on 3/17/2013 was unexpected.
3/17/2013 7:27:55 AM, Error: EventLog [6008] - The previous system shutdown at 8:26:16 AM on 3/17/2013 was unexpected.
3/17/2013 7:25:12 PM, Error: EventLog [6008] - The previous system shutdown at 8:22:49 PM on 3/17/2013 was unexpected.
3/17/2013 7:24:43 AM, Error: EventLog [6008] - The previous system shutdown at 8:21:44 AM on 3/17/2013 was unexpected.
3/15/2013 11:43:50 PM, Error: EventLog [6008] - The previous system shutdown at 12:40:10 AM on 3/16/2013 was unexpected.
.
==== End Of File ===========================

Attached Files


Edited by gringo_pr, 29 March 2013 - 03:19 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 20 March 2013 - 09:11 PM


Hello stdoyle84

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 stdoyle84

stdoyle84
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 21 March 2013 - 03:42 PM

Security check up results:

 

Results of screen317's Security Check version 0.99.61 
 Windows Vista Service Pack 2 x86 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 17 
 Adobe Flash Player  11.6.602.180 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Mozilla Firefox 13.0.1 Firefox out of Date! 
 Google Chrome 20.0.1132.57 
 Google Chrome 25.0.1364.172 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 



#4 stdoyle84

stdoyle84
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 21 March 2013 - 03:57 PM

Results for adware cleaner:

 

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 15:44:26
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Robin - ROBIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Robin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\crtslaz0.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Robin\AppData\Local\APN
Folder Deleted : C:\Users\Robin\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Robin\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Robin\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Robin\AppData\Roaming\Funmoods
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16447

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\crtslaz0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.23] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.26] : keyword = "ask.com",
Deleted [l.29] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=0E[...]
Deleted [l.30] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

*************************

AdwCleaner[S1].txt - [6493 octets] - [21/03/2013 15:44:26]

########## EOF - C:\AdwCleaner[S1].txt - [6553 octets] ##########


#5 stdoyle84

stdoyle84
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 21 March 2013 - 04:28 PM

Thanks for your help thus far Gringo!  I cannot finish run of Rogue ... My computer has restarted after trying to run it 3 times.  Whatever follows "Looking for fake files" makes the computer crash. 

 

Stephen



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 21 March 2013 - 08:15 PM


Hello Stephen

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 stdoyle84

stdoyle84
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 23 March 2013 - 06:17 PM

I am still getting popups from Avast stating that it has blocked problems

ComboFix 13-03-23.01 - Robin 03/23/2013  17:44:38.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2036.369 [GMT -5:00]
Running from: c:\users\Robin\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-23 to 2013-03-23  )))))))))))))))))))))))))))))))
.
.
2013-03-23 22:56 . 2013-03-23 22:56	--------	d-----w-	c:\users\Robin\AppData\Local\temp
2013-03-23 22:56 . 2013-03-23 22:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-23 08:18 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
2013-03-23 08:08 . 2013-01-08 22:01	768000	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-23 08:00 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-03-23 08:00 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2013-03-22 10:57 . 2012-08-21 11:47	224640	----a-w-	c:\windows\system32\drivers\volsnap.sys
2013-03-21 21:03 . 2013-03-21 21:17	15616	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2013-03-20 22:55 . 2013-03-20 22:55	--------	d-----w-	c:\users\Robin\AppData\Local\MigWiz
2013-03-19 01:53 . 2013-03-19 01:53	--------	d-----w-	c:\program files\Common Files\Java
2013-03-19 01:51 . 2013-03-19 01:49	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-19 01:51 . 2013-03-19 01:50	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-16 13:13 . 2013-03-16 13:13	--------	d-----w-	c:\programdata\WindowsSearch
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 03:04 . 2012-04-11 13:40	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-19 03:04 . 2011-06-17 20:35	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 01:49 . 2011-06-17 20:38	782240	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-04 03:44 . 2011-06-17 21:03	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15	123536	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Robin\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-12 548864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-12 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-156132170-1593319661-2834819262-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-19 16:34	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:04]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-12 01:57]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-12 01:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\crtslaz0.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-23 17:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-23  18:00:26
ComboFix-quarantined-files.txt  2013-03-23 23:00
ComboFix2.txt  2013-03-21 00:47
ComboFix3.txt  2013-03-21 00:13
.
Pre-Run: 144,210,288,640 bytes free
Post-Run: 144,240,992,256 bytes free
.
- - End Of File - - A067D42FB874CB8C37F8C5A10A44A853


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 23 March 2013 - 08:44 PM



Hello stdoyle84


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 stdoyle84

stdoyle84
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 24 March 2013 - 12:48 PM

12:33:29.0216 6092  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:33:29.0654 6092  ============================================================
12:33:29.0654 6092  Current date / time: 2013/03/24 12:33:29.0654
12:33:29.0654 6092  SystemInfo:
12:33:29.0654 6092  
12:33:29.0654 6092  OS Version: 6.0.6002 ServicePack: 2.0
12:33:29.0654 6092  Product type: Workstation
12:33:29.0654 6092  ComputerName: ROBIN-PC
12:33:29.0654 6092  UserName: Robin
12:33:29.0654 6092  Windows directory: C:\Windows
12:33:29.0654 6092  System windows directory: C:\Windows
12:33:29.0654 6092  Processor architecture: Intel x86
12:33:29.0654 6092  Number of processors: 2
12:33:29.0654 6092  Page size: 0x1000
12:33:29.0654 6092  Boot type: Normal boot
12:33:29.0654 6092  ============================================================
12:33:30.0887 6092  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:33:30.0887 6092  Drive \Device\Harddisk1\DR1 - Size: 0xEF800000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:33:30.0903 6092  ============================================================
12:33:30.0903 6092  \Device\Harddisk0\DR0:
12:33:30.0903 6092  MBR partitions:
12:33:30.0903 6092  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1D190800
12:33:30.0903 6092  \Device\Harddisk1\DR1:
12:33:30.0903 6092  MBR partitions:
12:33:30.0903 6092  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x458, BlocksNum 0x77BBA8
12:33:30.0903 6092  ============================================================
12:33:30.0934 6092  C: <-> \Device\Harddisk0\DR0\Partition1
12:33:30.0934 6092  ============================================================
12:33:30.0934 6092  Initialize success
12:33:30.0934 6092  ============================================================
12:34:58.0378 4268  ============================================================
12:34:58.0378 4268  Scan started
12:34:58.0378 4268  Mode: Manual; SigCheck; TDLFS; 
12:34:58.0378 4268  ============================================================
12:34:58.0971 4268  ================ Scan system memory ========================
12:34:58.0971 4268  System memory - ok
12:34:58.0971 4268  ================ Scan services =============================
12:34:59.0143 4268  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
12:34:59.0330 4268  ACPI - ok
12:34:59.0424 4268  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:34:59.0439 4268  AdobeARMservice - ok
12:34:59.0533 4268  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:34:59.0548 4268  AdobeFlashPlayerUpdateSvc - ok
12:34:59.0595 4268  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:34:59.0626 4268  adp94xx - ok
12:34:59.0658 4268  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:34:59.0673 4268  adpahci - ok
12:34:59.0704 4268  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
12:34:59.0720 4268  adpu160m - ok
12:34:59.0751 4268  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:34:59.0767 4268  adpu320 - ok
12:34:59.0814 4268  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:35:00.0001 4268  AeLookupSvc - ok
12:35:00.0063 4268  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
12:35:00.0157 4268  AFD - ok
12:35:00.0188 4268  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:35:00.0219 4268  agp440 - ok
12:35:00.0266 4268  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:35:00.0297 4268  aic78xx - ok
12:35:00.0328 4268  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
12:35:00.0422 4268  ALG - ok
12:35:00.0469 4268  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:35:00.0484 4268  aliide - ok
12:35:00.0516 4268  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:35:00.0531 4268  amdagp - ok
12:35:00.0562 4268  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:35:00.0578 4268  amdide - ok
12:35:00.0594 4268  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
12:35:00.0656 4268  AmdK7 - ok
12:35:00.0687 4268  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:35:00.0750 4268  AmdK8 - ok
12:35:00.0796 4268  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
12:35:00.0874 4268  Appinfo - ok
12:35:01.0015 4268  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:35:01.0030 4268  Apple Mobile Device - ok
12:35:01.0124 4268  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
12:35:01.0140 4268  arc - ok
12:35:01.0186 4268  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:35:01.0202 4268  arcsas - ok
12:35:01.0280 4268  [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
12:35:01.0311 4268  aswFsBlk - ok
12:35:01.0342 4268  [ 6693141560B1615D8DCCF0D8EB00087E ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:35:01.0358 4268  aswMonFlt - ok
12:35:01.0374 4268  [ DA12626FD9A67F4E917E2F2FBE1E1764 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
12:35:01.0405 4268  aswRdr - ok
12:35:01.0436 4268  [ DCB199B967375753B5019EC15F008F53 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:35:01.0483 4268  aswSnx - ok
12:35:01.0498 4268  [ B32873E5A1443C0A1E322266E203BF10 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:35:01.0530 4268  aswSP - ok
12:35:01.0561 4268  [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
12:35:01.0576 4268  aswTdi - ok
12:35:01.0592 4268  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:35:01.0686 4268  AsyncMac - ok
12:35:01.0748 4268  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:35:01.0764 4268  atapi - ok
12:35:01.0857 4268  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:35:01.0920 4268  AudioEndpointBuilder - ok
12:35:01.0951 4268  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:35:01.0982 4268  Audiosrv - ok
12:35:02.0060 4268  [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:35:02.0076 4268  avast! Antivirus - ok
12:35:02.0107 4268  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:35:02.0154 4268  Beep - ok
12:35:02.0263 4268  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
12:35:02.0341 4268  BFE - ok
12:35:02.0450 4268  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
12:35:02.0668 4268  BITS - ok
12:35:02.0715 4268  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:35:02.0778 4268  blbdrive - ok
12:35:02.0871 4268  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:35:02.0918 4268  Bonjour Service - ok
12:35:02.0965 4268  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:35:03.0027 4268  bowser - ok
12:35:03.0058 4268  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
12:35:03.0121 4268  BrFiltLo - ok
12:35:03.0152 4268  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
12:35:03.0168 4268  BrFiltUp - ok
12:35:03.0199 4268  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
12:35:03.0261 4268  Browser - ok
12:35:03.0277 4268  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
12:35:03.0339 4268  Brserid - ok
12:35:03.0370 4268  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
12:35:03.0464 4268  BrSerWdm - ok
12:35:03.0480 4268  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
12:35:03.0558 4268  BrUsbMdm - ok
12:35:03.0558 4268  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
12:35:03.0636 4268  BrUsbSer - ok
12:35:03.0667 4268  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:35:03.0745 4268  BTHMODEM - ok
12:35:03.0901 4268  catchme - ok
12:35:03.0916 4268  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:35:03.0994 4268  cdfs - ok
12:35:04.0026 4268  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:35:04.0072 4268  cdrom - ok
12:35:04.0166 4268  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:35:04.0244 4268  CertPropSvc - ok
12:35:04.0275 4268  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:35:04.0338 4268  circlass - ok
12:35:04.0400 4268  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
12:35:04.0431 4268  CLFS - ok
12:35:04.0494 4268  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:35:04.0509 4268  clr_optimization_v2.0.50727_32 - ok
12:35:04.0525 4268  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:35:04.0556 4268  cmdide - ok
12:35:04.0572 4268  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:35:04.0603 4268  Compbatt - ok
12:35:04.0618 4268  COMSysApp - ok
12:35:04.0618 4268  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:35:04.0650 4268  crcdisk - ok
12:35:04.0665 4268  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
12:35:04.0728 4268  Crusoe - ok
12:35:04.0821 4268  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:35:04.0884 4268  CryptSvc - ok
12:35:04.0977 4268  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:35:05.0055 4268  DcomLaunch - ok
12:35:05.0102 4268  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:35:05.0149 4268  DfsC - ok
12:35:05.0289 4268  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
12:35:05.0445 4268  DFSR - ok
12:35:05.0539 4268  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
12:35:05.0586 4268  Dhcp - ok
12:35:05.0648 4268  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
12:35:05.0679 4268  disk - ok
12:35:05.0726 4268  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:35:05.0757 4268  Dnscache - ok
12:35:05.0835 4268  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:35:05.0898 4268  dot3svc - ok
12:35:05.0976 4268  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:35:06.0038 4268  Dot4 - ok
12:35:06.0069 4268  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:35:06.0147 4268  Dot4Print - ok
12:35:06.0178 4268  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:35:06.0241 4268  dot4usb - ok
12:35:06.0288 4268  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
12:35:06.0334 4268  DPS - ok
12:35:06.0381 4268  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:35:06.0444 4268  drmkaud - ok
12:35:06.0490 4268  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:35:06.0537 4268  DXGKrnl - ok
12:35:06.0553 4268  [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
12:35:06.0615 4268  e1express - ok
12:35:06.0662 4268  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
12:35:06.0740 4268  E1G60 - ok
12:35:06.0787 4268  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
12:35:06.0818 4268  EapHost - ok
12:35:06.0896 4268  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
12:35:06.0912 4268  Ecache - ok
12:35:06.0974 4268  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:35:07.0005 4268  ehRecvr - ok
12:35:07.0021 4268  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
12:35:07.0114 4268  ehSched - ok
12:35:07.0114 4268  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
12:35:07.0161 4268  ehstart - ok
12:35:07.0224 4268  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:35:07.0255 4268  elxstor - ok
12:35:07.0317 4268  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
12:35:07.0411 4268  EMDMgmt - ok
12:35:07.0504 4268  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
12:35:07.0536 4268  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
12:35:07.0536 4268  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
12:35:07.0660 4268  [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
12:35:07.0692 4268  EpsonCustomerParticipation - ok
12:35:07.0754 4268  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:35:07.0832 4268  ErrDev - ok
12:35:07.0894 4268  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
12:35:07.0941 4268  EventSystem - ok
12:35:08.0019 4268  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
12:35:08.0066 4268  exfat - ok
12:35:08.0144 4268  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:35:08.0206 4268  fastfat - ok
12:35:08.0222 4268  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:35:08.0300 4268  fdc - ok
12:35:08.0331 4268  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:35:08.0378 4268  fdPHost - ok
12:35:08.0394 4268  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:35:08.0472 4268  FDResPub - ok
12:35:08.0472 4268  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:35:08.0487 4268  FileInfo - ok
12:35:08.0503 4268  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:35:08.0565 4268  Filetrace - ok
12:35:08.0596 4268  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:35:08.0643 4268  flpydisk - ok
12:35:08.0706 4268  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:35:08.0721 4268  FltMgr - ok
12:35:08.0815 4268  [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache       C:\Windows\system32\FntCache.dll
12:35:08.0908 4268  FontCache - ok
12:35:09.0002 4268  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:35:09.0018 4268  FontCache3.0.0.0 - ok
12:35:09.0049 4268  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:35:09.0111 4268  Fs_Rec - ok
12:35:09.0142 4268  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:35:09.0158 4268  gagp30kx - ok
12:35:09.0174 4268  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:35:09.0189 4268  GEARAspiWDM - ok
12:35:09.0267 4268  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:35:09.0361 4268  gpsvc - ok
12:35:09.0532 4268  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:35:09.0564 4268  gupdate - ok
12:35:09.0564 4268  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:35:09.0595 4268  gupdatem - ok
12:35:09.0673 4268  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:35:09.0688 4268  gusvc - ok
12:35:09.0751 4268  [ 57877AB7D10528565CB0C67B3BF12CFF ] HCW85BDA        C:\Windows\system32\drivers\HCW85BDA.sys
12:35:09.0829 4268  HCW85BDA - ok
12:35:09.0891 4268  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:35:09.0985 4268  HdAudAddService - ok
12:35:10.0047 4268  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:35:10.0125 4268  HDAudBus - ok
12:35:10.0188 4268  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:35:10.0266 4268  HidBth - ok
12:35:10.0297 4268  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

12:35:10.0359 4268  HidIr - ok
12:35:10.0437 4268  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
12:35:10.0515 4268  hidserv - ok
12:35:10.0562 4268  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:35:10.0624 4268  HidUsb - ok
12:35:10.0718 4268  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:35:10.0812 4268  hkmsvc - ok
12:35:10.0827 4268  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
12:35:10.0858 4268  HpCISSs - ok
12:35:10.0952 4268  [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:35:10.0983 4268  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:35:10.0983 4268  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:35:11.0014 4268  [ DF446BA625CC441617843E87798CE048 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:35:11.0046 4268  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:35:11.0046 4268  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:35:11.0092 4268  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:35:11.0186 4268  HTTP - ok
12:35:11.0217 4268  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
12:35:11.0233 4268  i2omp - ok
12:35:11.0280 4268  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:35:11.0326 4268  i8042prt - ok
12:35:11.0373 4268  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
12:35:11.0404 4268  iaStorV - ok
12:35:11.0498 4268  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:35:11.0576 4268  idsvc - ok
12:35:11.0670 4268  [ 9378D57E2B96C0A185D844770AD49948 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:35:11.0919 4268  igfx - ok
12:35:11.0982 4268  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:35:11.0997 4268  iirsp - ok
12:35:12.0091 4268  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:35:12.0216 4268  IKEEXT - ok
12:35:12.0294 4268  [ 4EAE74C8BCBCA309A5D7CBAD7E231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:35:12.0465 4268  IntcAzAudAddService - ok
12:35:12.0543 4268  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:35:12.0559 4268  intelide - ok
12:35:12.0621 4268  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:35:12.0684 4268  intelppm - ok
12:35:12.0746 4268  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:35:12.0793 4268  IPBusEnum - ok
12:35:12.0840 4268  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:35:12.0902 4268  IpFilterDriver - ok
12:35:12.0933 4268  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:35:13.0011 4268  iphlpsvc - ok
12:35:13.0011 4268  IpInIp - ok
12:35:13.0027 4268  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
12:35:13.0074 4268  IPMIDRV - ok
12:35:13.0120 4268  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
12:35:13.0167 4268  IPNAT - ok
12:35:13.0245 4268  [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:35:13.0292 4268  iPod Service - ok
12:35:13.0308 4268  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:35:13.0370 4268  IRENUM - ok
12:35:13.0401 4268  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:35:13.0432 4268  isapnp - ok
12:35:13.0495 4268  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:35:13.0526 4268  iScsiPrt - ok
12:35:13.0557 4268  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
12:35:13.0573 4268  iteatapi - ok
12:35:13.0588 4268  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
12:35:13.0620 4268  iteraid - ok
12:35:13.0666 4268  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:35:13.0682 4268  kbdclass - ok
12:35:13.0698 4268  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:35:13.0744 4268  kbdhid - ok
12:35:13.0791 4268  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
12:35:13.0854 4268  KeyIso - ok
12:35:13.0916 4268  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:35:13.0932 4268  KSecDD - ok
12:35:13.0978 4268  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:35:14.0056 4268  KtmRm - ok
12:35:14.0088 4268  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:35:14.0166 4268  LanmanServer - ok
12:35:14.0228 4268  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:35:14.0306 4268  LanmanWorkstation - ok
12:35:14.0337 4268  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:35:14.0400 4268  lltdio - ok
12:35:14.0431 4268  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:35:14.0493 4268  lltdsvc - ok
12:35:14.0524 4268  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:35:14.0649 4268  lmhosts - ok
12:35:14.0680 4268  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:35:14.0712 4268  LSI_FC - ok
12:35:14.0727 4268  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:35:14.0743 4268  LSI_SAS - ok
12:35:14.0758 4268  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:35:14.0790 4268  LSI_SCSI - ok
12:35:14.0805 4268  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
12:35:14.0836 4268  luafv - ok
12:35:14.0946 4268  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
12:35:14.0961 4268  McComponentHostService - ok
12:35:14.0992 4268  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:35:15.0039 4268  Mcx2Svc - ok
12:35:15.0055 4268  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:35:15.0070 4268  megasas - ok
12:35:15.0102 4268  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
12:35:15.0117 4268  MegaSR - ok
12:35:15.0180 4268  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:35:15.0195 4268  Microsoft Office Groove Audit Service - ok
12:35:15.0211 4268  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
12:35:15.0258 4268  MMCSS - ok
12:35:15.0258 4268  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
12:35:15.0289 4268  Modem - ok
12:35:15.0320 4268  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:35:15.0351 4268  monitor - ok
12:35:15.0367 4268  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:35:15.0382 4268  mouclass - ok
12:35:15.0398 4268  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:35:15.0429 4268  mouhid - ok
12:35:15.0445 4268  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
12:35:15.0460 4268  MountMgr - ok
12:35:15.0570 4268  [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:35:15.0585 4268  MozillaMaintenance - ok
12:35:15.0632 4268  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:35:15.0648 4268  mpio - ok
12:35:15.0679 4268  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:35:15.0710 4268  mpsdrv - ok
12:35:15.0788 4268  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:35:15.0928 4268  MpsSvc - ok
12:35:15.0960 4268  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
12:35:15.0975 4268  Mraid35x - ok
12:35:16.0022 4268  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:35:16.0069 4268  MRxDAV - ok
12:35:16.0116 4268  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:35:16.0131 4268  mrxsmb - ok
12:35:16.0194 4268  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:35:16.0240 4268  mrxsmb10 - ok
12:35:16.0272 4268  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:35:16.0303 4268  mrxsmb20 - ok
12:35:16.0334 4268  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
12:35:16.0350 4268  msahci - ok
12:35:16.0474 4268  [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
12:35:16.0506 4268  MSCamSvc - ok
12:35:16.0537 4268  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:35:16.0552 4268  msdsm - ok
12:35:16.0584 4268  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
12:35:16.0646 4268  MSDTC - ok
12:35:16.0677 4268  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:35:16.0740 4268  Msfs - ok
12:35:16.0786 4268  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:35:16.0802 4268  msisadrv - ok
12:35:16.0833 4268  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:35:16.0911 4268  MSiSCSI - ok
12:35:16.0942 4268  msiserver - ok
12:35:16.0974 4268  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:35:17.0052 4268  MSKSSRV - ok
12:35:17.0083 4268  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:35:17.0114 4268  MSPCLOCK - ok
12:35:17.0130 4268  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:35:17.0161 4268  MSPQM - ok
12:35:17.0239 4268  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:35:17.0254 4268  MsRPC - ok
12:35:17.0286 4268  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:35:17.0301 4268  mssmbios - ok
12:35:17.0317 4268  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:35:17.0379 4268  MSTEE - ok
12:35:17.0426 4268  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
12:35:17.0442 4268  Mup - ok
12:35:17.0520 4268  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
12:35:17.0566 4268  napagent - ok
12:35:17.0644 4268  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:35:17.0691 4268  NativeWifiP - ok
12:35:17.0769 4268  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:35:17.0816 4268  NDIS - ok
12:35:17.0847 4268  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:35:17.0878 4268  NdisTapi - ok
12:35:17.0894 4268  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:35:17.0972 4268  Ndisuio - ok
12:35:18.0034 4268  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:35:18.0112 4268  NdisWan - ok
12:35:18.0144 4268  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:35:18.0206 4268  NDProxy - ok
12:35:18.0268 4268  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:35:18.0300 4268  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:35:18.0300 4268  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:35:18.0331 4268  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:35:18.0378 4268  NetBIOS - ok
12:35:18.0440 4268  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
12:35:18.0487 4268  netbt - ok
12:35:18.0518 4268  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
12:35:18.0549 4268  Netlogon - ok
12:35:18.0596 4268  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
12:35:18.0658 4268  Netman - ok
12:35:18.0674 4268  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
12:35:18.0736 4268  netprofm - ok
12:35:18.0799 4268  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:35:18.0830 4268  NetTcpPortSharing - ok
12:35:18.0877 4268  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:35:18.0892 4268  nfrd960 - ok
12:35:18.0939 4268  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:35:18.0986 4268  NlaSvc - ok
12:35:19.0064 4268  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:35:19.0095 4268  Npfs - ok
12:35:19.0111 4268  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
12:35:19.0158 4268  nsi - ok
12:35:19.0173 4268  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:35:19.0236 4268  nsiproxy - ok
12:35:19.0314 4268  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:35:19.0392 4268  Ntfs - ok
12:35:19.0423 4268  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
12:35:19.0501 4268  ntrigdigi - ok
12:35:19.0532 4268  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
12:35:19.0579 4268  Null - ok
12:35:19.0610 4268  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:35:19.0641 4268  nvraid - ok
12:35:19.0657 4268  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:35:19.0672 4268  nvstor - ok
12:35:19.0704 4268  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:35:19.0719 4268  nv_agp - ok
12:35:19.0735 4268  NwlnkFlt - ok
12:35:19.0735 4268  NwlnkFwd - ok
12:35:19.0828 4268  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:35:19.0860 4268  odserv - ok
12:35:19.0906 4268  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:35:19.0969 4268  ohci1394 - ok
12:35:20.0047 4268  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:35:20.0062 4268  ose - ok
12:35:20.0140 4268  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
12:35:20.0250 4268  p2pimsvc - ok
12:35:20.0265 4268  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:35:20.0312 4268  p2psvc - ok
12:35:20.0359 4268  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
12:35:20.0437 4268  Parport - ok
12:35:20.0468 4268  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:35:20.0499 4268  partmgr - ok
12:35:20.0515 4268  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:35:20.0593 4268  Parvdm - ok
12:35:20.0624 4268  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:35:20.0702 4268  PcaSvc - ok
12:35:20.0749 4268  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
12:35:20.0780 4268  pci - ok
12:35:20.0796 4268  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
12:35:20.0827 4268  pciide - ok
12:35:20.0842 4268  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:35:20.0874 4268  pcmcia - ok
12:35:20.0905 4268  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:35:21.0108 4268  PEAUTH - ok
12:35:21.0186 4268  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
12:35:21.0295 4268  pla - ok
12:35:21.0357 4268  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:35:21.0420 4268  PlugPlay - ok
12:35:21.0451 4268  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:35:21.0482 4268  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:35:21.0482 4268  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:35:21.0529 4268  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
12:35:21.0560 4268  PNRPAutoReg - ok
12:35:21.0591 4268  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
12:35:21.0654 4268  PNRPsvc - ok
12:35:21.0747 4268  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:35:21.0810 4268  PolicyAgent - ok
12:35:21.0872 4268  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:35:21.0903 4268  PptpMiniport - ok
12:35:21.0919 4268  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
12:35:21.0981 4268  Processor - ok
12:35:22.0044 4268 begin_of_the_skype_highlighting            0044 4268      end_of_the_skype_highlighting  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:35:22.0090 4268  ProfSvc - ok
12:35:22.0090 4268  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:35:22.0122 4268  ProtectedStorage - ok
12:35:22.0200 4268  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
12:35:22.0246 4268  PSched - ok
12:35:22.0309 4268  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:35:22.0402 4268  ql2300 - ok
12:35:22.0434 4268  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:35:22.0449 4268  ql40xx - ok
12:35:22.0480 4268  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
12:35:22.0543 4268  QWAVE - ok
12:35:22.0574 4268  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:35:22.0590 4268  QWAVEdrv - ok
12:35:22.0605 4268  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:35:22.0652 4268  RasAcd - ok
12:35:22.0683 4268  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
12:35:22.0746 4268  RasAuto - ok
12:35:22.0777 4268  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:35:22.0808 4268  Rasl2tp - ok
12:35:22.0886 4268  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
12:35:22.0917 4268  RasMan - ok
12:35:22.0995 4268  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:35:23.0042 4268  RasPppoe - ok
12:35:23.0073 4268  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:35:23.0089 4268  RasSstp - ok
12:35:23.0151 4268  [ A7BAD9853A70E2E7808BE027EFE0522A ] rcmirror        C:\Windows\system32\DRIVERS\rcmirror.sys
12:35:23.0229 4268  rcmirror - ok
12:35:23.0307 4268  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:35:23.0370 4268  rdbss - ok
12:35:23.0416 4268  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:35:23.0479 4268  RDPCDD - ok
12:35:23.0510 4268  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
12:35:23.0557 4268  rdpdr - ok
12:35:23.0572 4268  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:35:23.0619 4268  RDPENCDD - ok
12:35:23.0666 4268  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:35:23.0697 4268  RDPWD - ok
12:35:23.0744 4268  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:35:23.0775 4268  RemoteAccess - ok
12:35:23.0838 4268  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:35:23.0900 4268  RemoteRegistry - ok
12:35:23.0931 4268  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
12:35:23.0962 4268  RpcLocator - ok
12:35:23.0978 4268  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
12:35:24.0025 4268  RpcSs - ok
12:35:24.0056 4268  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:35:24.0118 4268  rspndr - ok
12:35:24.0118 4268  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
12:35:24.0134 4268  SamSs - ok
12:35:24.0165 4268  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:35:24.0181 4268  sbp2port - ok
12:35:24.0259 4268  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:35:24.0306 4268  SCardSvr - ok
12:35:24.0368 4268  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
12:35:24.0462 4268  Schedule - ok
12:35:24.0477 4268  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:35:24.0508 4268  SCPolicySvc - ok
12:35:24.0540 4268  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:35:24.0571 4268  SDRSVC - ok
12:35:24.0602 4268  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:35:24.0680 4268  secdrv - ok
12:35:24.0696 4268  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
12:35:24.0742 4268  seclogon - ok
12:35:24.0758 4268  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
12:35:24.0805 4268  SENS - ok
12:35:24.0836 4268  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:35:24.0898 4268  Serenum - ok
12:35:24.0930 4268  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
12:35:25.0008 4268  Serial - ok
12:35:25.0039 4268  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:35:25.0070 4268  sermouse - ok
12:35:25.0086 4268  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:35:25.0132 4268  SessionEnv - ok
12:35:25.0148 4268  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:35:25.0195 4268  sffdisk - ok
12:35:25.0210 4268  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:35:25.0257 4268  sffp_mmc - ok
12:35:25.0257 4268  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:35:25.0304 4268  sffp_sd - ok
12:35:25.0335 4268  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:35:25.0413 4268  sfloppy - ok
12:35:25.0444 4268  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:35:25.0491 4268  SharedAccess - ok
12:35:25.0538 4268  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:35:25.0569 4268  ShellHWDetection - ok
12:35:25.0585 4268  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:35:25.0600 4268  sisagp - ok
12:35:25.0632 4268  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
12:35:25.0647 4268  SiSRaid2 - ok
12:35:25.0663 4268  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:35:25.0694 4268  SiSRaid4 - ok
12:35:25.0819 4268  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:35:25.0834 4268  SkypeUpdate - ok
12:35:25.0975 4268  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
12:35:26.0193 4268  slsvc - ok
12:35:26.0287 4268  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
12:35:26.0318 4268  SLUINotify - ok
12:35:26.0396 4268  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:35:26.0427 4268  Smb - ok
12:35:26.0474 4268  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:35:26.0505 4268  SNMPTRAP - ok
12:35:26.0536 4268  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
12:35:26.0568 4268  spldr - ok
12:35:26.0614 4268  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
12:35:26.0692 4268  Spooler - ok
12:35:26.0755 4268  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:35:26.0802 4268  srv - ok
12:35:26.0848 4268  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:35:26.0911 4268  srv2 - ok
12:35:26.0926 4268  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:35:26.0989 4268  srvnet - ok
12:35:27.0036 4268  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:35:27.0114 4268  SSDPSRV - ok
12:35:27.0145 4268  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:35:27.0207 4268  SstpSvc - ok
12:35:27.0316 4268  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
12:35:27.0410 4268  stisvc - ok
12:35:27.0457 4268  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:35:27.0472 4268  swenum - ok
12:35:27.0550 4268  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
12:35:27.0628 4268  swprv - ok
12:35:27.0660 4268  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
12:35:27.0675 4268  Symc8xx - ok
12:35:27.0706 4268  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
12:35:27.0738 4268  Sym_hi - ok
12:35:27.0753 4268  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
12:35:27.0784 4268  Sym_u3 - ok
12:35:27.0862 4268  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
12:35:27.0940 4268  SysMain - ok
12:35:27.0972 4268  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:35:28.0018 4268  TabletInputService - ok
12:35:28.0081 4268  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:35:28.0159 4268  TapiSrv - ok
12:35:28.0190 4268  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
12:35:28.0268 4268  TBS - ok
12:35:28.0330 4268  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:35:28.0424 4268  Tcpip - ok
12:35:28.0471 4268  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
12:35:28.0564 4268  Tcpip6 - ok
12:35:28.0596 4268  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:35:28.0689 4268  tcpipreg - ok
12:35:28.0705 4268  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:35:28.0783 4268  TDPIPE - ok
12:35:28.0798 4268  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:35:28.0845 4268  TDTCP - ok
12:35:28.0908 4268  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:35:28.0970 4268  tdx - ok
12:35:29.0001 4268  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:35:29.0017 4268  TermDD - ok
12:35:29.0110 4268  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
12:35:29.0204 4268  TermService - ok
12:35:29.0251 4268  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
12:35:29.0282 4268  Themes - ok
12:35:29.0298 4268  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:35:29.0344 4268  THREADORDER - ok
12:35:29.0360 4268  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
12:35:29.0422 4268  TrkWks - ok
12:35:29.0469 4268  [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight       C:\Windows\system32\drivers\TrueSight.sys
12:35:29.0500 4268  TrueSight ( UnsignedFile.Multi.Generic ) - warning
12:35:29.0500 4268  TrueSight - detected UnsignedFile.Multi.Generic (1)
12:35:29.0594 4268  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:35:29.0641 4268  TrustedInstaller - ok
12:35:29.0703 4268  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:35:29.0781 4268  tssecsrv - ok
12:35:29.0812 4268  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
12:35:29.0859 4268  tunmp - ok
12:35:29.0890 4268  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:35:29.0937 4268  tunnel - ok
12:35:29.0968 4268  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:35:30.0015 4268  uagp35 - ok
12:35:30.0109 4268  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:35:30.0156 4268  udfs - ok
12:35:30.0249 4268  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:35:30.0312 4268  UI0Detect - ok
12:35:30.0343 4268  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:35:30.0390 4268  uliagpkx - ok
12:35:30.0468 4268  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
12:35:30.0530 4268  uliahci - ok
12:35:30.0546 4268  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
12:35:30.0592 4268  UlSata - ok
12:35:30.0608 4268  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
12:35:30.0639 4268  ulsata2 - ok
12:35:30.0670 4268  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:35:30.0733 4268  umbus - ok
12:35:30.0795 4268  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
12:35:30.0873 4268  upnphost - ok
12:35:30.0967 4268  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
12:35:31.0014 4268  USBAAPL - ok
12:35:31.0092 4268  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:35:31.0138 4268  usbaudio - ok
12:35:31.0170 4268  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:35:31.0232 4268  usbccgp - ok
12:35:31.0279 4268  [ 47B9770EA21436DE4AD5AEA7926E0900 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
12:35:31.0326 4268  usbcir - ok
12:35:31.0372 4268  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:35:31.0404 4268  usbehci - ok
12:35:31.0419 4268  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:35:31.0466 4268  usbhub - ok
12:35:31.0482 4268  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:35:31.0544 4268  usbohci - ok
12:35:31.0575 4268  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:35:31.0638 4268  usbprint - ok
12:35:31.0716 4268  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:35:31.0762 4268  usbscan - ok
12:35:31.0794 4268  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:35:31.0856 4268  USBSTOR - ok
12:35:31.0887 4268  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:35:31.0918 4268  usbuhci - ok
12:35:31.0981 4268  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
12:35:32.0028 4268  UxSms - ok
12:35:32.0090 4268  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
12:35:32.0152 4268  vds - ok
12:35:32.0184 4268  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:35:32.0215 4268  vga - ok
12:35:32.0246 4268  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:35:32.0293 4268  VgaSave - ok
12:35:32.0308 4268  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:35:32.0324 4268  viaagp - ok
12:35:32.0340 4268  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:35:32.0418 4268  ViaC7 - ok
12:35:32.0464 4268  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
12:35:32.0480 4268  viaide - ok
12:35:32.0496 4268  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:35:32.0511 4268  volmgr - ok
12:35:32.0589 4268  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:35:32.0620 4268  volmgrx - ok
12:35:32.0652 4268  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:35:32.0667 4268  volsnap - ok
12:35:32.0698 4268  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:35:32.0714 4268  vsmraid - ok
12:35:32.0792 4268  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
12:35:32.0901 4268  VSS - ok
12:35:32.0964 4268  [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2        C:\Windows\system32\DRIVERS\VSTBS23.SYS
12:35:33.0026 4268  VSTHWBS2 - ok
12:35:33.0073 4268  [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:35:33.0198 4268  VST_DPV - ok
12:35:33.0322 4268  [ E26744E5DD71A16E80D4DD5A286B8423 ] VX3000          C:\Windows\system32\DRIVERS\VX3000.sys
12:35:33.0463 4268  VX3000 - ok
12:35:33.0541 4268  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
12:35:33.0588 4268  W32Time - ok
12:35:33.0603 4268  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:35:33.0697 4268  WacomPen - ok
12:35:33.0744 4268  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:35:33.0806 4268  Wanarp - ok
12:35:33.0806 4268  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:35:33.0837 4268  Wanarpv6 - ok
12:35:33.0868 4268  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:35:33.0900 4268  wcncsvc - ok
12:35:33.0931 4268  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:35:33.0978 4268  WcsPlugInService - ok
12:35:34.0009 4268  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
12:35:34.0024 4268  Wd - ok
12:35:34.0087 4268  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:35:34.0134 4268  Wdf01000 - ok
12:35:34.0165 4268  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:35:34.0196 4268  WdiServiceHost - ok
12:35:34.0196 4268  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:35:34.0243 4268  WdiSystemHost - ok
12:35:34.0321 4268  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
12:35:34.0368 4268  WebClient - ok
12:35:34.0430 4268  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:35:34.0492 4268  Wecsvc - ok
12:35:34.0508 4268  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:35:34.0570 4268  wercplsupport - ok
12:35:34.0633 4268  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:35:34.0680 4268  WerSvc - ok
12:35:34.0742 4268  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:35:34.0820 4268  winachsf - ok
12:35:34.0867 4268  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:35:34.0898 4268  WinDefend - ok
12:35:34.0914 4268  WinHttpAutoProxySvc - ok
12:35:35.0007 4268  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:35:35.0038 4268  Winmgmt - ok
12:35:35.0116 4268  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:35:35.0226 4268  WinRM - ok
12:35:35.0288 4268  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:35:35.0350 4268  Wlansvc - ok
12:35:35.0382 4268  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:35:35.0413 4268  WmiAcpi - ok
12:35:35.0491 4268  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:35:35.0553 4268  wmiApSrv - ok
12:35:35.0631 4268  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:35:35.0740 4268  WMPNetworkSvc - ok
12:35:35.0818 4268  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:35:35.0865 4268  WPCSvc - ok
12:35:35.0928 4268  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:35:35.0974 4268  WPDBusEnum - ok
12:35:35.0990 4268  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
12:35:36.0052 4268  WpdUsb - ok
12:35:36.0099 4268  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:35:36.0177 4268  ws2ifsl - ok
12:35:36.0240 4268  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
12:35:36.0302 4268  wscsvc - ok
12:35:36.0302 4268  WSearch - ok
12:35:36.0396 4268  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:35:36.0536 4268  wuauserv - ok
12:35:36.0598 4268  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:35:36.0645 4268  WUDFRd - ok
12:35:36.0708 4268  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:35:36.0786 4268  wudfsvc - ok
12:35:36.0801 4268  ================ Scan global ===============================
12:35:36.0848 4268  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:35:36.0895 4268  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:35:36.0926 4268  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:35:37.0004 4268  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:35:37.0020 4268  [Global] - ok
12:35:37.0020 4268  ================ Scan MBR ==================================
12:35:37.0035 4268  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:35:37.0035 4268  Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:35:37.0098 4268  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:35:37.0098 4268  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:35:37.0160 4268  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:35:37.0160 4268  \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:35:37.0176 4268  ================ Scan VBR ==================================
12:35:37.0176 4268  [ 42686C34008FBD4E1DB6033F31DAED6B ] \Device\Harddisk0\DR0\Partition1
12:35:37.0176 4268  \Device\Harddisk0\DR0\Partition1 - ok
12:35:37.0191 4268  ============================================================
12:35:37.0191 4268  Scan finished
12:35:37.0191 4268  ============================================================
12:35:37.0207 4240  Detected object count: 8
12:35:37.0207 4240  Actual detected object count: 8
12:36:36.0456 4240  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:36.0456 4240  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:36:36.0456 4240  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:36.0456 4240  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:36:36.0456 4240  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:36.0456 4240  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:36:36.0456 4240  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:36.0456 4240  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:36:36.0471 4240  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:36.0471 4240  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:36:36.0471 4240  TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
12:36:36.0471 4240  TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:36:43.0880 4240  \Device\Harddisk0\DR0\# - copied to quarantine
12:36:43.0883 4240  \Device\Harddisk0\DR0 - copied to quarantine
12:36:43.0912 4240  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:36:43.0922 4240  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:36:44.0184 4240  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:36:44.0267 4240  \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:36:57.0079 4240  \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:36:59.0929 4240  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:37:00.0080 4240  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:37:00.0188 4240  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:37:00.0191 4240  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:37:00.0194 4240  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:37:00.0197 4240  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:37:00.0335 4240  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:37:00.0569 4240  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:37:00.0610 4240  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:37:00.0657 4240  \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:37:00.0907 4240  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:37:01.0047 4240  \Device\Harddisk0\DR0 - ok
12:37:01.0141 4240  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
12:37:01.0142 4240  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:37:01.0142 4240  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
12:37:25.0977 1396  Deinitialize success


#10 stdoyle84

stdoyle84
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 24 March 2013 - 01:05 PM

No Clean up was required when I ran MBar

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 2135375872, free: 1190211584

------------ Kernel report ------------
     03/24/2013 12:49:51
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\51303768.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\VSTBS23.SYS
\SystemRoot\system32\DRIVERS\VSTDPV3.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\VX3000.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\drivers\07641119.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8686dac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000061\
Lower Device Object: 0xffffffff86836318
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85827440
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85621b98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.24.05
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85827440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85f7cd18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85827440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85605918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85621b98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffaec5e190, 0xffffffff85827440, 0xffffffff84e6bac8
Lower DeviceData: 0xffffffffaecd7f88, 0xffffffff85621b98, 0xffffffff88204288
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 96327

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 98304  Numsec = 488179712
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8686dac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87120440, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8686dac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86836318, DeviceName: \Device\00000061\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================





#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 24 March 2013 - 01:10 PM


Hello



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 stdoyle84

stdoyle84
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 26 March 2013 - 03:59 PM

Thanks for your help!  My popups have ceased and all seems back to "normal".  Is there something I should do to "finish up"?  I know I need to get rid of the programs I downloaded on to my desk top.  Thanks again!



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 26 March 2013 - 11:45 PM


Hello stdoyle84

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
      • let me know of any problems you may have had
        • How is the computer doing now after running the script?
      Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 stdoyle84

stdoyle84
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 29 March 2013 - 07:58 AM

Computer seems to be running better and I have no pop ups.  However, I did notice that at the end of running Combofix ... Combofix told me that my computer is infected and it was restoring windows to a restore point.  Here's the log that combofix created:

 

ComboFix 13-03-28.01 - Robin 03/29/2013   7:29.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2036.902 [GMT -5:00]
Running from: c:\users\Robin\Downloads\ComboFix.exe
Command switches used :: c:\users\Robin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET152C.tmp
c:\windows\system32\SETDF64.tmp
.
Infected copy of c:\windows\system32\ntdll.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18541_none_5a931ff3f973738d\ntdll.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-28 to 2013-03-29  )))))))))))))))))))))))))))))))
.
.
2013-03-29 12:39 . 2013-03-29 12:43 -------- d-----w- c:\users\Robin\AppData\Local\temp
2013-03-29 12:39 . 2013-03-29 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-29 12:12 . 2013-03-29 12:12 -------- d-----w- c:\windows\LastGood.Tmp
2013-03-29 12:12 . 2011-03-15 08:03 81408 ----a-w- c:\windows\system32\E_FD4BHBA.DLL
2013-03-26 08:02 . 2013-03-26 08:02 -------- d-----w- c:\windows\CheckSur
2013-03-25 08:15 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-03-25 08:15 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-03-25 08:15 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-03-25 08:15 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-25 08:14 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-25 08:14 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-03-25 08:14 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-25 08:14 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-25 08:13 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-03-25 08:13 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-03-25 08:13 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-25 08:12 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-03-25 08:12 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-24 23:28 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-24 17:49 . 2013-03-24 17:49 -------- d-----w- c:\programdata\Malwarebytes
2013-03-24 17:36 . 2013-03-24 21:48 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-24 04:02 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-24 04:02 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-23 08:18 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-03-23 08:08 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-23 08:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-03-23 08:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-03-22 10:57 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-03-21 21:03 . 2013-03-21 21:17 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-03-20 22:55 . 2013-03-20 22:55 -------- d-----w- c:\users\Robin\AppData\Local\MigWiz
2013-03-19 01:53 . 2013-03-19 01:53 -------- d-----w- c:\program files\Common Files\Java
2013-03-19 01:51 . 2013-03-19 01:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 01:51 . 2013-03-19 01:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-16 13:13 . 2013-03-16 13:13 -------- d-----w- c:\programdata\WindowsSearch
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 03:04 . 2012-04-11 13:40 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-19 03:04 . 2011-06-17 20:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 01:49 . 2011-06-17 20:38 782240 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 03:44 . 2011-06-17 21:03 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Robin\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-12 548864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-12 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHBA.EXE" [2012-02-29 249440]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHBA.EXE" [2012-02-29 249440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-156132170-1593319661-2834819262-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-19 16:34 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:04]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-12 01:57]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-12 01:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\crtslaz0.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-37505183.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-29 07:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
c:\windows\DtcInstall.log 3257 bytes
c:\windows\MEMORY.DMP 226757198 bytes
c:\windows\msxml4-KB954430-enu.LOG 284502 bytes
c:\windows\msxml4-KB973688-enu.LOG 280252 bytes
c:\windows\ntbtlog.txt 326162 bytes
c:\windows\setupact.log 11639 bytes
c:\windows\setuperr.log 0 bytes
c:\windows\sruna.log 12 bytes
c:\windows\TSSysprep.log 1355 bytes
c:\windows\WindowsUpdate.log 1709340 bytes
c:\windows\WMFDist11.log 530 bytes
c:\windows\ie8_main.log 2084 bytes
c:\windows\IE9_main.log 3898 bytes
c:\windows\PFRO.log 38018 bytes
c:\windows\system32\wbem\Logs\FrameWork.log 48756 bytes
c:\windows\system32\wbem\Logs\wmiprov.log 37984 bytes
c:\windows\system32\wbem\Logs\WMITracing.log 16777216 bytes
c:\windows\TEMP\hpqddsvc.log 515 bytes
c:\windows\TEMP\_avast_\Webshlock.txt 0 bytes
C:\avast! sandbox
.
scan completed successfully
hidden files: 20
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-03-29  07:53:03 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-29 12:51
ComboFix2.txt  2013-03-23 23:00
ComboFix3.txt  2013-03-21 00:47
ComboFix4.txt  2013-03-21 00:13
.
Pre-Run: 138,964,451,328 bytes free
Post-Run: 138,353,487,872 bytes free
.
- - End Of File - - 11D428D33FB2D87C5A69CBF7882089F1
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 29 March 2013 - 03:21 PM



Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader X (10.1.6)
      Ask Toolbar
      Ask Toolbar Updater
      Java 7 Update 17
      McAfee Security Scan Plus


Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
  • .

    Update Adobe reader
    • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

      You can download it from http://www.adobe.com/products/acrobat/readstep2.html
      After installing the latest Adobe Reader, uninstall all previous versions.
      If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

        Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

    Clean Out Temp Files
    • This small application you may want to keep and use once a week to keep the computer clean.

      Download CCleaner from here http://www.ccleaner.com/
      • Run the installer to install the application.
      • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
      • Run CCleaner. default settings are fine
      • Click Run Cleaner.
      • Close CCleaner.
Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    Download HijackThis
    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic
    "information and logs"
    • In your next post I need the following
      • Log From MBAM
      • report from Hijackthis
      • let me know of any problems you may have had
      • How is the computer doing now?
    Gringo





I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users