Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that can't be removed by Microsoft Essentials shuts down computer


  • Please log in to reply
44 replies to this topic

#1 meltin

meltin

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 05 June 2013 - 08:23 PM

My laptop got to a point where I couldn't do anything on the computer. This was a long time ago so I don't remember exactly what it was doing. I reinstalled the operating software, Windows 7 and it worked for a little while.

 

I'm running Mozilla Firefox and Windows Essentials. Windows Essentials gives me a warning that there is a virus threat almost every time I turn the computer on but when I try to remove it, it says it can't.

 

It's gotten to the point where almost daily, it completely shuts down by itself or gives me a blue screen. Unfortunately, I don't remember what the blue screen says.

 

Any help or advice would be so greatly appreciated!! Thanks in advance!!!



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 PM

Posted 05 June 2013 - 09:59 PM

Hello meltin, Did MSE give that virus a name?
 
Can you run these next.
 
If needed to complete the scans use Safe Mode with Networking as a boot option.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 10:14 AM

The name of the virus is Trojan: DOS/Alureon.A

 

I'm starting on your list now.



#4 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 10:34 AM

MiniToolBox by Farbar  Version:21-04-2013
Ran by Dustin (administrator) on 06-06-2013 at 10:20:26
Running from "C:\Users\Dustin\Downloads"
Windows 7 Home Premium  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Dustins-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : broken

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : kc.rr.com
   Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
   Physical Address. . . . . . . . . : 70-F1-A1-17-8E-A1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : broken
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : A4-BA-DB-AA-36-DA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::30ff:5299:3247:b9b6%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, June 06, 2013 9:34:59 AM
   Lease Expires . . . . . . . . . . : Thursday, June 06, 2013 11:34:59 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 245676763
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-D9-C7-64-A4-BA-DB-AA-36-DA
   DNS Servers . . . . . . . . . . . : 192.168.2.1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Reusable ISATAP Interface {EDAEF7AF-8377-4CF7-B24F-EE784898B1D1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1cba:2987:b3a3:6a9f(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1cba:2987:b3a3:6a9f%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.broken:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : broken
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  74.125.227.105
      74.125.227.105


Pinging google.com [74.125.227.131] with 32 bytes of data:
Reply from 74.125.227.131: bytes=32 time=27ms TTL=53
Reply from 74.125.227.131: bytes=32 time=29ms TTL=53

Ping statistics for 74.125.227.131:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 27ms, Maximum = 29ms, Average = 28ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.139.183.24
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=462ms TTL=46
Reply from 98.139.183.24: bytes=32 time=681ms TTL=46

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 462ms, Maximum = 681ms, Average = 571ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...70 f1 a1 17 8e a1 ......Dell Wireless 1397 WLAN Mini-Card
 11...a4 ba db aa 36 da ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.3    276
      192.168.2.3  255.255.255.255         On-link       192.168.2.3    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.3    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:4137:9e76:1cba:2987:b3a3:6a9f/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::1cba:2987:b3a3:6a9f/128
                                    On-link
 11    276 fe80::30ff:5299:3247:b9b6/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/05/2013 09:20:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23135

Error: (06/05/2013 09:20:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23135

Error: (06/05/2013 09:20:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/05/2013 09:20:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22121

Error: (06/05/2013 09:20:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22121

Error: (06/05/2013 09:20:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/05/2013 09:20:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21076

Error: (06/05/2013 09:20:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21076

Error: (06/05/2013 09:20:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/05/2013 09:20:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20078


System errors:
=============
Error: (06/06/2013 09:34:39 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (06/05/2013 11:15:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error: (06/05/2013 11:15:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2813170).

Error: (06/05/2013 11:15:08 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (06/05/2013 07:44:00 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:27:58 PM on ?6/?5/?2013 was unexpected.

Error: (06/05/2013 11:55:44 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/05/2013 07:03:59 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (06/04/2013 11:57:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error: (06/04/2013 11:57:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2813170).

Error: (06/04/2013 04:33:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.


Microsoft Office Sessions:
=========================
Error: (06/05/2013 09:20:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23135

Error: (06/05/2013 09:20:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23135

Error: (06/05/2013 09:20:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/05/2013 09:20:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22121

Error: (06/05/2013 09:20:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22121

Error: (06/05/2013 09:20:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/05/2013 09:20:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21076

Error: (06/05/2013 09:20:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21076

Error: (06/05/2013 09:20:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/05/2013 09:20:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20078


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Akamai NetSession Interface
Amazon Kindle
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bonjour (Version: 3.0.0.10)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Clone Wars
Dell Resource CD (Version: 1.00.0000)
Dell System Detect (Version: 3.3.2.0)
Dell Touchpad (Version: 7.1107.115.102)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Happy Lyrics
HP Deskjet 2050 J510 series Basic Device Software (Version: 28.0.1313.0)
IDT Audio (Version: 1.0.6217.0)
Intel® Graphics Media Accelerator Driver
Internet Explorer Toolbar 4.8 by SweetPacks (Version: 4.8.0000)
iTunes (Version: 11.0.3.42)
LessTabs (Version: 1.7.1.0)
magicJack (Version: 2.0.6073.4413)
Marvell Miniport Driver (Version: 11.10.5.3)
Math 3 Teaching Textbook
Math 7 Teaching Textbook
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Pirate101 (Version: 1.0.0)
PowerDVD DX (Version: 8.3.5424)
Pre-Algebra Teaching Textbook
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30087)
SelectionLinks (Version: 1.0)
SweetPacks Updater Service (Version: 3.0.5.5)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Updater By SweetPacks 2.0.0.586 (Version: 2.0.0.586)
Wizard101 (Version: 1.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3032.36 MB
Available physical RAM: 1612.16 MB
Total Pagefile: 6062.87 MB
Available Pagefile: 4438.19 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.04 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:86.19 GB) NTFS

========================= Users: ========================================

User accounts for \\DUSTINS-PC

Administrator            Dustin                   Guest                    


**** End of log ****
 



#5 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 11:04 AM

10:40:42.0371 0304  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:40:43.0415 0304  ============================================================
10:40:43.0415 0304  Current date / time: 2013/06/06 10:40:43.0415
10:40:43.0415 0304  SystemInfo:
10:40:43.0415 0304  
10:40:43.0415 0304  OS Version: 6.1.7600 ServicePack: 0.0
10:40:43.0415 0304  Product type: Workstation
10:40:43.0416 0304  ComputerName: DUSTINS-PC
10:40:43.0416 0304  UserName: Dustin
10:40:43.0416 0304  Windows directory: C:\Windows
10:40:43.0416 0304  System windows directory: C:\Windows
10:40:43.0416 0304  Running under WOW64
10:40:43.0416 0304  Processor architecture: Intel x64
10:40:43.0416 0304  Number of processors: 2
10:40:43.0416 0304  Page size: 0x1000
10:40:43.0416 0304  Boot type: Normal boot
10:40:43.0416 0304  ============================================================
10:40:46.0425 0304  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:40:46.0425 0304  ============================================================
10:40:46.0425 0304  \Device\Harddisk0\DR0:
10:40:46.0425 0304  MBR partitions:
10:40:46.0425 0304  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
10:40:46.0425 0304  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CB96B0
10:40:46.0425 0304  ============================================================
10:40:46.0465 0304  C: <-> \Device\Harddisk0\DR0\Partition2
10:40:46.0505 0304  ============================================================
10:40:46.0505 0304  Initialize success
10:40:46.0505 0304  ============================================================
10:42:41.0705 3748  ============================================================
10:42:41.0705 3748  Scan started
10:42:41.0705 3748  Mode: Manual; TDLFS;
10:42:41.0705 3748  ============================================================
10:42:43.0939 3748  ================ Scan system memory ========================
10:42:43.0939 3748  System memory - ok
10:42:43.0939 3748  ================ Scan services =============================
10:42:44.0179 3748  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
10:42:44.0226 3748  1394ohci - ok
10:42:44.0261 3748  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
10:42:44.0271 3748  ACPI - ok
10:42:44.0291 3748  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
10:42:44.0291 3748  AcpiPmi - ok
10:42:44.0471 3748  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:42:44.0471 3748  AdobeARMservice - ok
10:42:44.0581 3748  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:42:44.0581 3748  AdobeFlashPlayerUpdateSvc - ok
10:42:44.0691 3748  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:42:44.0711 3748  adp94xx - ok
10:42:44.0781 3748  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:42:44.0791 3748  adpahci - ok
10:42:44.0821 3748  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:42:44.0821 3748  adpu320 - ok
10:42:44.0871 3748  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:42:44.0871 3748  AeLookupSvc - ok
10:42:45.0033 3748  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
10:42:45.0036 3748  AESTFilters - ok
10:42:45.0087 3748  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
10:42:45.0093 3748  AFD - ok
10:42:45.0147 3748  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
10:42:45.0149 3748  agp440 - ok
10:42:45.0173 3748  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:42:45.0173 3748  ALG - ok
10:42:45.0213 3748  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
10:42:45.0213 3748  aliide - ok
10:42:45.0253 3748  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
10:42:45.0253 3748  amdide - ok
10:42:45.0283 3748  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:42:45.0283 3748  AmdK8 - ok
10:42:45.0313 3748  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:42:45.0313 3748  AmdPPM - ok
10:42:45.0353 3748  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:42:45.0363 3748  amdsata - ok
10:42:45.0403 3748  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:42:45.0403 3748  amdsbs - ok
10:42:45.0433 3748  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:42:45.0433 3748  amdxata - ok
10:42:45.0493 3748  [ 98449A2957778A6F025C418438A380F4 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
10:42:45.0493 3748  ApfiltrService - ok
10:42:45.0533 3748  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
10:42:45.0533 3748  AppID - ok
10:42:45.0583 3748  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:42:45.0583 3748  AppIDSvc - ok
10:42:45.0603 3748  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
10:42:45.0603 3748  Appinfo - ok
10:42:45.0773 3748  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:42:45.0773 3748  Apple Mobile Device - ok
10:42:45.0823 3748  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:42:45.0823 3748  arc - ok
10:42:45.0843 3748  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:42:45.0843 3748  arcsas - ok
10:42:45.0873 3748  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:42:45.0873 3748  AsyncMac - ok
10:42:45.0893 3748  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
10:42:45.0893 3748  atapi - ok
10:42:45.0953 3748  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:42:45.0973 3748  AudioEndpointBuilder - ok
10:42:45.0983 3748  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:42:45.0993 3748  AudioSrv - ok
10:42:46.0055 3748  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:42:46.0055 3748  AxInstSV - ok
10:42:46.0095 3748  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:42:46.0105 3748  b06bdrv - ok
10:42:46.0165 3748  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:42:46.0175 3748  b57nd60a - ok
10:42:46.0235 3748  [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
10:42:46.0235 3748  BCM42RLY - ok
10:42:46.0346 3748  [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
10:42:46.0416 3748  BCM43XX - ok
10:42:46.0486 3748  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:42:46.0486 3748  BDESVC - ok
10:42:46.0536 3748  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:42:46.0536 3748  Beep - ok
10:42:46.0576 3748  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
10:42:46.0596 3748  BFE - ok
10:42:46.0656 3748  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
10:42:46.0676 3748  BITS - ok
10:42:46.0716 3748  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:42:46.0726 3748  blbdrive - ok
10:42:46.0816 3748  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:42:46.0816 3748  Bonjour Service - ok
10:42:46.0876 3748  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:42:46.0876 3748  bowser - ok
10:42:46.0896 3748  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:42:46.0896 3748  BrFiltLo - ok
10:42:46.0926 3748  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:42:46.0926 3748  BrFiltUp - ok
10:42:46.0956 3748  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
10:42:46.0956 3748  Browser - ok
10:42:46.0986 3748  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:42:46.0996 3748  Brserid - ok
10:42:47.0026 3748  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:42:47.0026 3748  BrSerWdm - ok
10:42:47.0056 3748  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:42:47.0066 3748  BrUsbMdm - ok
10:42:47.0076 3748  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:42:47.0076 3748  BrUsbSer - ok
10:42:47.0096 3748  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:42:47.0096 3748  BTHMODEM - ok
10:42:47.0136 3748  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:42:47.0136 3748  bthserv - ok
10:42:47.0166 3748  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:42:47.0166 3748  cdfs - ok
10:42:47.0206 3748  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:42:47.0216 3748  cdrom - ok
10:42:47.0246 3748  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:42:47.0246 3748  CertPropSvc - ok
10:42:47.0276 3748  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:42:47.0276 3748  circlass - ok
10:42:47.0326 3748  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:42:47.0336 3748  CLFS - ok
10:42:47.0437 3748  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:47.0437 3748  clr_optimization_v2.0.50727_32 - ok
10:42:47.0517 3748  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:42:47.0527 3748  clr_optimization_v2.0.50727_64 - ok
10:42:47.0617 3748  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:47.0647 3748  clr_optimization_v4.0.30319_32 - ok
10:42:47.0677 3748  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:42:47.0687 3748  clr_optimization_v4.0.30319_64 - ok
10:42:47.0747 3748  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:42:47.0747 3748  CmBatt - ok
10:42:47.0757 3748  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
10:42:47.0767 3748  cmdide - ok
10:42:47.0807 3748  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
10:42:47.0817 3748  CNG - ok
10:42:47.0867 3748  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:42:47.0867 3748  Compbatt - ok
10:42:47.0917 3748  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:42:47.0917 3748  CompositeBus - ok
10:42:47.0937 3748  COMSysApp - ok
10:42:47.0967 3748  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:42:47.0977 3748  crcdisk - ok
10:42:48.0017 3748  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:42:48.0017 3748  CryptSvc - ok
10:42:48.0097 3748  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:42:48.0117 3748  DcomLaunch - ok
10:42:48.0187 3748  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:42:48.0187 3748  defragsvc - ok
10:42:48.0237 3748  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:42:48.0237 3748  DfsC - ok
10:42:48.0297 3748  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:42:48.0297 3748  Dhcp - ok
10:42:48.0337 3748  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:42:48.0337 3748  discache - ok
10:42:48.0357 3748  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:42:48.0357 3748  Disk - ok
10:42:48.0377 3748  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:42:48.0387 3748  Dnscache - ok
10:42:48.0417 3748  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
10:42:48.0417 3748  dot3svc - ok
10:42:48.0447 3748  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
10:42:48.0447 3748  DPS - ok
10:42:48.0499 3748  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:42:48.0499 3748  drmkaud - ok
10:42:48.0549 3748  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:42:48.0559 3748  DXGKrnl - ok
10:42:48.0609 3748  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:42:48.0609 3748  EapHost - ok
10:42:48.0729 3748  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:42:48.0819 3748  ebdrv - ok
10:42:48.0866 3748  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
10:42:48.0868 3748  EFS - ok
10:42:48.0901 3748  ehjaraat - ok
10:42:48.0981 3748  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:42:49.0001 3748  ehRecvr - ok
10:42:49.0211 3748  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:42:49.0241 3748  ehSched - ok
10:42:49.0381 3748  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:42:49.0391 3748  elxstor - ok
10:42:49.0411 3748  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
10:42:49.0411 3748  ErrDev - ok
10:42:49.0471 3748  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:42:49.0481 3748  EventSystem - ok
10:42:49.0522 3748  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:42:49.0526 3748  exfat - ok
10:42:49.0543 3748  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:42:49.0543 3748  fastfat - ok
10:42:49.0583 3748  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
10:42:49.0603 3748  Fax - ok
10:42:49.0623 3748  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:42:49.0623 3748  fdc - ok
10:42:49.0643 3748  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:42:49.0653 3748  fdPHost - ok
10:42:49.0673 3748  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:42:49.0673 3748  FDResPub - ok
10:42:49.0693 3748  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:42:49.0693 3748  FileInfo - ok
10:42:49.0723 3748  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:42:49.0723 3748  Filetrace - ok
10:42:49.0743 3748  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:42:49.0743 3748  flpydisk - ok
10:42:49.0783 3748  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:42:49.0783 3748  FltMgr - ok
10:42:49.0843 3748  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
10:42:49.0873 3748  FontCache - ok
10:42:49.0933 3748  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:42:49.0933 3748  FontCache3.0.0.0 - ok
10:42:49.0953 3748  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:42:49.0953 3748  FsDepends - ok
10:42:49.0983 3748  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:42:49.0983 3748  Fs_Rec - ok
10:42:50.0053 3748  [ 1F44F8559E61A8306ECC67BB1E168B7C ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:42:50.0063 3748  fvevol - ok
10:42:50.0083 3748  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:42:50.0083 3748  gagp30kx - ok
10:42:50.0133 3748  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:42:50.0133 3748  GEARAspiWDM - ok
10:42:50.0183 3748  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
10:42:50.0193 3748  gpsvc - ok
10:42:50.0233 3748  gyihfrea - ok
10:42:50.0263 3748  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:42:50.0263 3748  hcw85cir - ok
10:42:50.0333 3748  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:42:50.0333 3748  HdAudAddService - ok
10:42:50.0383 3748  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:42:50.0383 3748  HDAudBus - ok
10:42:50.0403 3748  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:42:50.0413 3748  HidBatt - ok
10:42:50.0423 3748  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:42:50.0423 3748  HidBth - ok
10:42:50.0443 3748  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:42:50.0453 3748  HidIr - ok
10:42:50.0493 3748  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:42:50.0493 3748  hidserv - ok
10:42:50.0523 3748  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:42:50.0523 3748  HidUsb - ok
10:42:50.0563 3748  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:42:50.0573 3748  hkmsvc - ok
10:42:50.0593 3748  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:42:50.0593 3748  HomeGroupListener - ok
10:42:50.0693 3748  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:42:50.0703 3748  HomeGroupProvider - ok
10:42:50.0713 3748  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
10:42:50.0723 3748  HpSAMD - ok
10:42:50.0815 3748  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:42:50.0835 3748  HTTP - ok
10:42:50.0885 3748  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:42:50.0885 3748  hwpolicy - ok
10:42:50.0905 3748  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:42:50.0905 3748  i8042prt - ok
10:42:50.0965 3748  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:42:50.0975 3748  iaStorV - ok
10:42:51.0085 3748  [ 8AC7ECAD268CF04FB0BAC6AE7D300E6D ] IBUpdaterService C:\Windows\system32\dmwu.exe
10:42:51.0365 3748  IBUpdaterService - ok
10:42:51.0445 3748  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:42:51.0465 3748  idsvc - ok
10:42:51.0665 3748  [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:42:51.0827 3748  igfx - ok
10:42:51.0879 3748  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:42:51.0879 3748  iirsp - ok
10:42:51.0929 3748  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
10:42:51.0949 3748  IKEEXT - ok
10:42:51.0979 3748  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
10:42:51.0989 3748  intelide - ok
10:42:52.0019 3748  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:42:52.0019 3748  intelppm - ok
10:42:52.0039 3748  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:42:52.0049 3748  IPBusEnum - ok
10:42:52.0069 3748  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:42:52.0079 3748  IpFilterDriver - ok
10:42:52.0109 3748  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:42:52.0119 3748  iphlpsvc - ok
10:42:52.0139 3748  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:42:52.0139 3748  IPMIDRV - ok
10:42:52.0159 3748  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:42:52.0159 3748  IPNAT - ok
10:42:52.0219 3748  [ 2872B90D57C8310194A78A9787406467 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:42:52.0229 3748  iPod Service - ok
10:42:52.0289 3748  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:42:52.0289 3748  IRENUM - ok
10:42:52.0309 3748  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
10:42:52.0309 3748  isapnp - ok
10:42:52.0349 3748  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:42:52.0359 3748  iScsiPrt - ok
10:42:52.0379 3748  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:42:52.0379 3748  kbdclass - ok
10:42:52.0409 3748  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:42:52.0419 3748  kbdhid - ok
10:42:52.0429 3748  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
10:42:52.0429 3748  KeyIso - ok
10:42:52.0459 3748  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:42:52.0469 3748  KSecDD - ok
10:42:52.0479 3748  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:42:52.0479 3748  KSecPkg - ok
10:42:52.0499 3748  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:42:52.0499 3748  ksthunk - ok
10:42:52.0539 3748  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:42:52.0549 3748  KtmRm - ok
10:42:52.0593 3748  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:42:52.0598 3748  LanmanServer - ok
10:42:52.0641 3748  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:42:52.0641 3748  LanmanWorkstation - ok
10:42:52.0681 3748  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:42:52.0681 3748  lltdio - ok
10:42:52.0721 3748  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:42:52.0731 3748  lltdsvc - ok
10:42:52.0761 3748  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:42:52.0761 3748  lmhosts - ok
10:42:52.0791 3748  lnyxvkfa - ok
10:42:52.0821 3748  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:42:52.0821 3748  LSI_FC - ok
10:42:52.0841 3748  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:42:52.0841 3748  LSI_SAS - ok
10:42:52.0861 3748  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:42:52.0871 3748  LSI_SAS2 - ok
10:42:52.0901 3748  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:42:52.0901 3748  LSI_SCSI - ok
10:42:52.0921 3748  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:42:52.0931 3748  luafv - ok
10:42:52.0961 3748  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:42:52.0971 3748  Mcx2Svc - ok
10:42:53.0001 3748  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:42:53.0011 3748  megasas - ok
10:42:53.0041 3748  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:42:53.0041 3748  MegaSR - ok
10:42:53.0101 3748  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:42:53.0101 3748  MMCSS - ok
10:42:53.0121 3748  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:42:53.0131 3748  Modem - ok
10:42:53.0161 3748  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:42:53.0171 3748  monitor - ok
10:42:53.0191 3748  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:42:53.0191 3748  mouclass - ok
10:42:53.0221 3748  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:42:53.0221 3748  mouhid - ok
10:42:53.0291 3748  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:42:53.0301 3748  mountmgr - ok
10:42:53.0371 3748  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:42:53.0371 3748  MozillaMaintenance - ok
10:42:53.0431 3748  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:42:53.0431 3748  MpFilter - ok
10:42:53.0451 3748  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
10:42:53.0461 3748  mpio - ok
10:42:53.0601 3748  [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl46d7cc07   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8B47EA9-6610-43FC-9170-CAA68B2A8AB5}\MpKsl46d7cc07.sys
10:42:53.0611 3748  MpKsl46d7cc07 - ok
10:42:53.0651 3748  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:42:53.0651 3748  mpsdrv - ok
10:42:53.0701 3748  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:42:53.0721 3748  MpsSvc - ok
10:42:53.0751 3748  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:42:53.0751 3748  MRxDAV - ok
10:42:53.0791 3748  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:42:53.0801 3748  mrxsmb - ok
10:42:53.0821 3748  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:42:53.0821 3748  mrxsmb10 - ok
10:42:53.0861 3748  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:53.0861 3748  mrxsmb20 - ok
10:42:53.0891 3748  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
10:42:53.0891 3748  msahci - ok
10:42:53.0911 3748  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
10:42:53.0911 3748  msdsm - ok
10:42:53.0941 3748  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:42:53.0941 3748  MSDTC - ok
10:42:53.0991 3748  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:42:53.0991 3748  Msfs - ok
10:42:54.0022 3748  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:42:54.0022 3748  mshidkmdf - ok
10:42:54.0042 3748  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
10:42:54.0042 3748  msisadrv - ok
10:42:54.0092 3748  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:42:54.0092 3748  MSiSCSI - ok
10:42:54.0102 3748  msiserver - ok
10:42:54.0142 3748  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:42:54.0142 3748  MSKSSRV - ok
10:42:54.0212 3748  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:42:54.0212 3748  MsMpSvc - ok
10:42:54.0242 3748  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:54.0242 3748  MSPCLOCK - ok
10:42:54.0262 3748  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:42:54.0262 3748  MSPQM - ok
10:42:54.0292 3748  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:42:54.0292 3748  MsRPC - ok
10:42:54.0312 3748  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:42:54.0312 3748  mssmbios - ok
10:42:54.0336 3748  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:42:54.0338 3748  MSTEE - ok
10:42:54.0354 3748  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:42:54.0364 3748  MTConfig - ok
10:42:54.0584 3748  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:42:54.0624 3748  Mup - ok
10:42:54.0784 3748  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
10:42:54.0814 3748  napagent - ok
10:42:54.0884 3748  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:42:54.0884 3748  NativeWifiP - ok
10:42:54.0944 3748  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:42:54.0964 3748  NDIS - ok
10:42:54.0994 3748  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:42:54.0994 3748  NdisCap - ok
10:42:55.0024 3748  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:55.0024 3748  NdisTapi - ok
10:42:55.0054 3748  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:55.0054 3748  Ndisuio - ok
10:42:55.0084 3748  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:55.0084 3748  NdisWan - ok
10:42:55.0094 3748  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:42:55.0104 3748  NDProxy - ok
10:42:55.0114 3748  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:42:55.0114 3748  NetBIOS - ok
10:42:55.0134 3748  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:42:55.0144 3748  NetBT - ok
10:42:55.0154 3748  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
10:42:55.0154 3748  Netlogon - ok
10:42:55.0214 3748  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:42:55.0224 3748  Netman - ok
10:42:55.0244 3748  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:42:55.0254 3748  netprofm - ok
10:42:55.0284 3748  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:42:55.0284 3748  NetTcpPortSharing - ok
10:42:55.0304 3748  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:42:55.0314 3748  nfrd960 - ok
10:42:55.0384 3748  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:42:55.0394 3748  NisDrv - ok
10:42:55.0424 3748  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
10:42:55.0434 3748  NisSrv - ok
10:42:55.0454 3748  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:42:55.0464 3748  NlaSvc - ok
10:42:55.0484 3748  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:42:55.0484 3748  Npfs - ok
10:42:55.0514 3748  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:42:55.0514 3748  nsi - ok
10:42:55.0544 3748  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:42:55.0544 3748  nsiproxy - ok
10:42:55.0624 3748  [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:42:55.0664 3748  Ntfs - ok
10:42:55.0684 3748  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:42:55.0694 3748  Null - ok
10:42:55.0724 3748  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:42:55.0734 3748  nvraid - ok
10:42:55.0754 3748  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:42:55.0764 3748  nvstor - ok
10:42:55.0794 3748  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
10:42:55.0794 3748  nv_agp - ok
10:42:55.0814 3748  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
10:42:55.0824 3748  ohci1394 - ok
10:42:55.0854 3748  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:42:55.0854 3748  p2pimsvc - ok
10:42:55.0884 3748  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:42:55.0894 3748  p2psvc - ok
10:42:55.0916 3748  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:42:55.0919 3748  Parport - ok
10:42:55.0950 3748  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:42:55.0953 3748  partmgr - ok
10:42:55.0977 3748  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:42:55.0982 3748  PcaSvc - ok
10:42:56.0006 3748  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
10:42:56.0010 3748  pci - ok
10:42:56.0029 3748  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
10:42:56.0030 3748  pciide - ok
10:42:56.0053 3748  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:42:56.0058 3748  pcmcia - ok
10:42:56.0074 3748  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:42:56.0076 3748  pcw - ok
10:42:56.0112 3748  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:42:56.0129 3748  PEAUTH - ok
10:42:56.0218 3748  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:42:56.0220 3748  PerfHost - ok
10:42:56.0306 3748  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
10:42:56.0346 3748  pla - ok
10:42:56.0406 3748  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:42:56.0406 3748  PlugPlay - ok
10:42:56.0436 3748  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:42:56.0436 3748  PNRPAutoReg - ok
10:42:56.0476 3748  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:42:56.0476 3748  PNRPsvc - ok
10:42:56.0516 3748  [ 32D374C60778253B81FA76C2FE19E155 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
10:42:56.0516 3748  Point64 - ok
10:42:56.0556 3748  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:42:56.0566 3748  PolicyAgent - ok
10:42:56.0626 3748  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:42:56.0626 3748  Power - ok
10:42:56.0676 3748  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:42:56.0676 3748  PptpMiniport - ok
10:42:56.0736 3748  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:42:56.0736 3748  Processor - ok
10:42:56.0776 3748  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
10:42:56.0776 3748  ProfSvc - ok
10:42:56.0786 3748  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:42:56.0786 3748  ProtectedStorage - ok
10:42:56.0826 3748  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:42:56.0826 3748  Psched - ok
10:42:56.0886 3748  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:42:56.0926 3748  ql2300 - ok
10:42:56.0966 3748  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:42:56.0966 3748  ql40xx - ok
10:42:57.0006 3748  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:42:57.0006 3748  QWAVE - ok
10:42:57.0036 3748  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:42:57.0036 3748  QWAVEdrv - ok
10:42:57.0046 3748  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:42:57.0056 3748  RasAcd - ok
10:42:57.0096 3748  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:42:57.0106 3748  RasAgileVpn - ok
10:42:57.0126 3748  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:42:57.0126 3748  RasAuto - ok
10:42:57.0146 3748  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:57.0146 3748  Rasl2tp - ok
10:42:57.0176 3748  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
10:42:57.0186 3748  RasMan - ok
10:42:57.0196 3748  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:57.0196 3748  RasPppoe - ok
10:42:57.0226 3748  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:42:57.0236 3748  RasSstp - ok
10:42:57.0276 3748  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:42:57.0286 3748  rdbss - ok
10:42:57.0306 3748  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:42:57.0306 3748  rdpbus - ok
10:42:57.0336 3748  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:57.0336 3748  RDPCDD - ok
10:42:57.0366 3748  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:42:57.0366 3748  RDPENCDD - ok
10:42:57.0406 3748  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:42:57.0406 3748  RDPREFMP - ok
10:42:57.0436 3748  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:42:57.0456 3748  RDPWD - ok
10:42:57.0486 3748  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:42:57.0496 3748  rdyboost - ok
10:42:57.0546 3748  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:42:57.0556 3748  RemoteAccess - ok
10:42:57.0606 3748  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:42:57.0653 3748  RemoteRegistry - ok
10:42:57.0688 3748  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:42:57.0698 3748  RpcEptMapper - ok
10:42:57.0728 3748  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:42:57.0738 3748  RpcLocator - ok
10:42:57.0758 3748  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
10:42:57.0768 3748  RpcSs - ok
10:42:57.0808 3748  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:42:57.0818 3748  rspndr - ok
10:42:57.0898 3748  [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
10:42:57.0898 3748  RSUSBSTOR - ok
10:42:57.0908 3748  RtsUIR - ok
10:42:57.0958 3748  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
10:42:57.0958 3748  SamSs - ok
10:42:57.0978 3748  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
10:42:57.0978 3748  sbp2port - ok
10:42:58.0018 3748  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:42:58.0028 3748  SCardSvr - ok
10:42:58.0048 3748  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:42:58.0048 3748  scfilter - ok
10:42:58.0098 3748  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
10:42:58.0138 3748  Schedule - ok
10:42:58.0198 3748  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:42:58.0198 3748  SCPolicySvc - ok
10:42:58.0228 3748  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:42:58.0228 3748  SDRSVC - ok
10:42:58.0258 3748  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:42:58.0258 3748  secdrv - ok
10:42:58.0288 3748  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
10:42:58.0288 3748  seclogon - ok
10:42:58.0318 3748  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:42:58.0318 3748  SENS - ok
10:42:58.0338 3748  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:42:58.0348 3748  SensrSvc - ok
10:42:58.0368 3748  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:42:58.0368 3748  Serenum - ok
10:42:58.0418 3748  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:42:58.0418 3748  Serial - ok
10:42:58.0438 3748  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:42:58.0438 3748  sermouse - ok
10:42:58.0478 3748  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
10:42:58.0478 3748  SessionEnv - ok
10:42:58.0518 3748  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
10:42:58.0518 3748  sffdisk - ok
10:42:58.0528 3748  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:42:58.0528 3748  sffp_mmc - ok
10:42:58.0548 3748  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
10:42:58.0548 3748  sffp_sd - ok
10:42:58.0558 3748  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:42:58.0558 3748  sfloppy - ok
10:42:58.0608 3748  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:42:58.0608 3748  SharedAccess - ok
10:42:58.0658 3748  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:42:58.0658 3748  ShellHWDetection - ok
10:42:58.0689 3748  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:42:58.0699 3748  SiSRaid2 - ok
10:42:58.0709 3748  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:42:58.0719 3748  SiSRaid4 - ok
10:42:58.0749 3748  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:42:58.0749 3748  Smb - ok
10:42:58.0811 3748  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:42:58.0811 3748  SNMPTRAP - ok
10:42:58.0821 3748  soggbmil - ok
10:42:58.0841 3748  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:42:58.0841 3748  spldr - ok
10:42:58.0891 3748  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
10:42:58.0911 3748  Spooler - ok
10:42:59.0011 3748  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:42:59.0103 3748  sppsvc - ok
10:42:59.0134 3748  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:42:59.0138 3748  sppuinotify - ok
10:42:59.0175 3748  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:42:59.0175 3748  srv - ok
10:42:59.0255 3748  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:42:59.0257 3748  srv2 - ok
10:42:59.0317 3748  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:42:59.0327 3748  srvnet - ok
10:42:59.0347 3748  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:42:59.0357 3748  SSDPSRV - ok
10:42:59.0377 3748  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:42:59.0377 3748  SstpSvc - ok
10:42:59.0537 3748  [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
10:42:59.0537 3748  STacSV - ok
10:42:59.0567 3748  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:42:59.0567 3748  stexstor - ok
10:42:59.0627 3748  [ 02E784FA49032F84964DB90A3ED81890 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
10:42:59.0627 3748  STHDA - ok
10:42:59.0698 3748  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
10:42:59.0718 3748  stisvc - ok
10:42:59.0778 3748  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:42:59.0788 3748  swenum - ok
10:42:59.0878 3748  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:42:59.0888 3748  swprv - ok
10:42:59.0938 3748  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
10:42:59.0978 3748  SysMain - ok
10:42:59.0998 3748  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:43:00.0008 3748  TabletInputService - ok
10:43:00.0038 3748  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:43:00.0038 3748  TapiSrv - ok
10:43:00.0058 3748  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:43:00.0058 3748  TBS - ok
10:43:00.0128 3748  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:43:00.0178 3748  Tcpip - ok
10:43:00.0238 3748  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:43:00.0248 3748  TCPIP6 - ok
10:43:00.0300 3748  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:43:00.0300 3748  tcpipreg - ok
10:43:00.0340 3748  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:43:00.0360 3748  TDPIPE - ok
10:43:00.0400 3748  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:43:00.0410 3748  TDTCP - ok
10:43:00.0440 3748  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:43:00.0440 3748  tdx - ok
10:43:00.0460 3748  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:43:00.0460 3748  TermDD - ok
10:43:00.0540 3748  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
10:43:00.0560 3748  TermService - ok
10:43:00.0590 3748  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:43:00.0590 3748  Themes - ok
10:43:00.0620 3748  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:43:00.0630 3748  THREADORDER - ok
10:43:00.0650 3748  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:43:00.0650 3748  TrkWks - ok
10:43:00.0730 3748  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:43:00.0730 3748  TrustedInstaller - ok
10:43:00.0750 3748  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:43:00.0760 3748  tssecsrv - ok
10:43:00.0800 3748  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:43:00.0800 3748  tunnel - ok
10:43:00.0840 3748  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:43:00.0850 3748  uagp35 - ok
10:43:00.0870 3748  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:43:00.0880 3748  udfs - ok
10:43:00.0920 3748  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:43:00.0920 3748  UI0Detect - ok
10:43:00.0950 3748  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
10:43:00.0950 3748  uliagpkx - ok
10:43:00.0981 3748  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:43:00.0981 3748  umbus - ok
10:43:01.0001 3748  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:43:01.0001 3748  UmPass - ok
10:43:01.0081 3748  [ 4F887D2C0362E1B4183139A5EB926A50 ] Updater By SweetPacks C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
10:43:01.0213 3748  Updater By SweetPacks - ok
10:43:01.0255 3748  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:43:01.0265 3748  upnphost - ok
10:43:01.0315 3748  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:43:01.0315 3748  usbaudio - ok
10:43:01.0355 3748  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:43:01.0365 3748  usbccgp - ok
10:43:01.0375 3748  USBCCID - ok
10:43:01.0415 3748  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
10:43:01.0415 3748  usbcir - ok
10:43:01.0455 3748  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:43:01.0455 3748  usbehci - ok
10:43:01.0535 3748  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:43:01.0545 3748  usbhub - ok
10:43:01.0595 3748  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:43:01.0595 3748  usbohci - ok
10:43:01.0635 3748  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:43:01.0675 3748  usbprint - ok
10:43:01.0725 3748  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:43:01.0735 3748  usbscan - ok
10:43:01.0813 3748  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:43:01.0827 3748  USBSTOR - ok
10:43:01.0877 3748  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:43:01.0887 3748  usbuhci - ok
10:43:01.0927 3748  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:43:01.0927 3748  UxSms - ok
10:43:01.0947 3748  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
10:43:01.0947 3748  VaultSvc - ok
10:43:01.0977 3748  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
10:43:01.0977 3748  vdrvroot - ok
10:43:02.0007 3748  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
10:43:02.0017 3748  vds - ok
10:43:02.0047 3748  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:43:02.0047 3748  vga - ok
10:43:02.0057 3748  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:43:02.0067 3748  VgaSave - ok
10:43:02.0097 3748  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
10:43:02.0097 3748  vhdmp - ok
10:43:02.0137 3748  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
10:43:02.0137 3748  viaide - ok
10:43:02.0147 3748  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
10:43:02.0157 3748  volmgr - ok
10:43:02.0167 3748  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:43:02.0177 3748  volmgrx - ok
10:43:02.0207 3748  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:43:02.0217 3748  volsnap - ok
10:43:02.0267 3748  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:43:02.0277 3748  vsmraid - ok
10:43:02.0347 3748  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
10:43:02.0387 3748  VSS - ok
10:43:02.0417 3748  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:43:02.0417 3748  vwifibus - ok
10:43:02.0457 3748  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:43:02.0457 3748  vwififlt - ok
10:43:02.0487 3748  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:43:02.0497 3748  W32Time - ok
10:43:02.0567 3748  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:43:02.0567 3748  WacomPen - ok
10:43:02.0607 3748  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:43:02.0607 3748  WANARP - ok
10:43:02.0627 3748  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:43:02.0627 3748  Wanarpv6 - ok
10:43:02.0707 3748  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:43:02.0747 3748  WatAdminSvc - ok
10:43:02.0817 3748  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
10:43:02.0867 3748  wbengine - ok
10:43:02.0907 3748  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:43:02.0907 3748  WbioSrvc - ok
10:43:02.0967 3748  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:43:02.0977 3748  wcncsvc - ok
10:43:03.0008 3748  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:43:03.0008 3748  WcsPlugInService - ok
10:43:03.0048 3748  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:43:03.0048 3748  Wd - ok
10:43:03.0088 3748  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:43:03.0118 3748  Wdf01000 - ok
10:43:03.0148 3748  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:43:03.0158 3748  WdiServiceHost - ok
10:43:03.0158 3748  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:43:03.0168 3748  WdiSystemHost - ok
10:43:03.0208 3748  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
10:43:03.0208 3748  WebClient - ok
10:43:03.0238 3748  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:43:03.0248 3748  Wecsvc - ok
10:43:03.0268 3748  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:43:03.0268 3748  wercplsupport - ok
10:43:03.0298 3748  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:43:03.0308 3748  WerSvc - ok
10:43:03.0358 3748  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:43:03.0358 3748  WfpLwf - ok
10:43:03.0388 3748  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:43:03.0388 3748  WIMMount - ok
10:43:03.0448 3748  WinDefend - ok
10:43:03.0458 3748  WinHttpAutoProxySvc - ok
10:43:03.0558 3748  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:43:03.0558 3748  Winmgmt - ok
10:43:03.0658 3748  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:43:03.0718 3748  WinRM - ok
10:43:03.0808 3748  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:43:03.0858 3748  WinUsb - ok
10:43:03.0928 3748  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:43:03.0948 3748  Wlansvc - ok
10:43:04.0018 3748  [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
10:43:04.0068 3748  wltrysvc - ok
10:43:04.0138 3748  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:43:04.0138 3748  WmiAcpi - ok
10:43:04.0188 3748  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:43:04.0198 3748  wmiApSrv - ok
10:43:04.0238 3748  WMPNetworkSvc - ok
10:43:04.0278 3748  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:43:04.0278 3748  WPCSvc - ok
10:43:04.0288 3748  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:43:04.0298 3748  WPDBusEnum - ok
10:43:04.0318 3748  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:43:04.0318 3748  ws2ifsl - ok
10:43:04.0348 3748  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:43:04.0348 3748  wscsvc - ok
10:43:04.0348 3748  WSearch - ok
10:43:04.0458 3748  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:43:04.0518 3748  wuauserv - ok
10:43:04.0568 3748  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:43:04.0568 3748  WudfPf - ok
10:43:04.0658 3748  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:43:04.0658 3748  WUDFRd - ok
10:43:04.0708 3748  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:43:04.0708 3748  wudfsvc - ok
10:43:04.0748 3748  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:43:04.0758 3748  WwanSvc - ok
10:43:04.0828 3748  [ 79D9CE9614C955DD31AA2556B4014662 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
10:43:04.0838 3748  yukonw7 - ok
10:43:04.0838 3748  ================ Scan global ===============================
10:43:05.0090 3748  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:43:05.0240 3748  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
10:43:05.0280 3748  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
10:43:05.0310 3748  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:43:05.0350 3748  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:43:05.0350 3748  [Global] - ok
10:43:05.0350 3748  ================ Scan MBR ==================================
10:43:05.0360 3748  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:43:05.0360 3748  Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:43:05.0420 3748  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:43:05.0420 3748  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:43:05.0490 3748  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:43:05.0490 3748  \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:43:05.0490 3748  ================ Scan VBR ==================================
10:43:05.0490 3748  [ 942D36AC2A4EF5FD761960B7B31BA3D6 ] \Device\Harddisk0\DR0\Partition1
10:43:05.0490 3748  \Device\Harddisk0\DR0\Partition1 - ok
10:43:05.0520 3748  [ 315A8AA45847FB098B8CE38C1974A2A2 ] \Device\Harddisk0\DR0\Partition2
10:43:05.0520 3748  \Device\Harddisk0\DR0\Partition2 - ok
10:43:05.0520 3748  ============================================================
10:43:05.0520 3748  Scan finished
10:43:05.0520 3748  ============================================================
10:43:05.0540 3444  Detected object count: 2
10:43:05.0540 3444  Actual detected object count: 2
10:43:56.0104 3444  \Device\Harddisk0\DR0\# - copied to quarantine
10:43:56.0364 3444  \Device\Harddisk0\DR0 - copied to quarantine
10:43:57.0869 3444  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:43:57.0984 3444  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:43:58.0032 3444  \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:43:58.0141 3444  \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:43:58.0280 3444  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:43:59.0765 3444  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:43:59.0930 3444  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:43:59.0937 3444  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:43:59.0943 3444  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:44:00.0114 3444  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:44:00.0144 3444  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:44:00.0166 3444  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:44:00.0172 3444  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:44:00.0178 3444  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:44:00.0197 3444  \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:44:00.0292 3444  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:44:00.0293 3444  \Device\Harddisk0\DR0 - ok
10:44:00.0336 3444  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:44:00.0336 3444  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:44:00.0336 3444  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:44:12.0111 1936  Deinitialize success
 



#6 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 11:29 AM

# AdwCleaner v2.301 - Logfile created 06/06/2013 at 11:24:05
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Dustin - DUSTINS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dustin\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IBUpdaterService

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\64azyqme.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\64azyqme.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\HappyLyrics
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Dustin\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\64azyqme.default\SweetPacksToolbarData
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [happylyrics@hpyproductions.net]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={33A7BCF3-CE5D-11E2-B5DE-A4BADBAA36DA} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={33A7BCF3-CE5D-11E2-B5DE-A4BADBAA36DA} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\64azyqme.default\prefs.js

C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\64azyqme.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.button.facebook_40839.click", "1");
Deleted : user_pref("aol_toolbar.button.netflix_46519.click", "1");
Deleted : user_pref("aol_toolbar.button.radio_46530.click", "1");
Deleted : user_pref("aol_toolbar.button.twitter_40883.click", "1");
Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;w[...]
Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Deleted : user_pref("aol_toolbar.cookie.search", "");
Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.homepage.protection", true);
Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000020");
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_i[...]
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{72B48279-1B32-1C92-A096-5DCE10484B42}");
Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9393");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000020");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "6");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "5");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "14");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "6");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2012");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1370529398307");
Deleted : user_pref("aol_toolbar.reset.flag", "1");
Deleted : user_pref("aol_toolbar.reset.style", "B");
Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Sat Apr 13 2013 19:37:27 GMT-0500 (Central Day[...]
Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "05-04-2013");
Deleted : user_pref("aol_toolbar.search.instd", "20121015033936242");
Deleted : user_pref("aol_toolbar.search.oid", "14-11-2012");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "webpickaol-ff");
Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Deleted : user_pref("aol_toolbar.searchprotection.enabled", false);
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "59");
Deleted : user_pref("aol_toolbar.surf.lastDate", "6");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "5");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "781");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "2848");
Deleted : user_pref("aol_toolbar.surf.total", "10657");
Deleted : user_pref("aol_toolbar.surf.week", "585");
Deleted : user_pref("aol_toolbar.surf.year", "9297");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "21");
Deleted : user_pref("aol_toolbar.weather.degf", "69");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
Deleted : user_pref("aol_toolbar.weather.update", "1370534158761");
Deleted : user_pref("aol_toolbar.winamp.volume", "");
Deleted : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid={33A7BCF3-CE5D-11E2-B5DE-[...]
Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Deleted : user_pref("sweetim.toolbar.newtab.enable", "false");
Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "hxxp://start.sweetpacks.com/?barid={33A7BC[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AOL Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.aol.com/search/search[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.aol.com/?mtmhp=hyplogusao[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{33A7BCF3-CE5D-11E2-B5DE-A4BADBAA36DA}");
Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]
Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Deleted : user_pref("sweetim.toolbar.version", "1.13.0.1");
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks")[...]
Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={33A7BC[...]

*************************

AdwCleaner[S1].txt - [19136 octets] - [06/06/2013 11:24:05]

########## EOF - C:\AdwCleaner[S1].txt - [19197 octets] ##########



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 PM

Posted 06 June 2013 - 12:37 PM

This is looking good...
Did you install this ?? SweetPacks Updater Service (Version: 3.0.5.5)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 02:11 PM

No, I don't think so...

 

 

Here's the ESET log...

 

C:\Users\All Users\wxDownload\507b87332688c.html    Win32/Adware.MultiPlug.H application    
C:\Users\All Users\wxDownload\cbgpgglfamchgefcjmegdeoenihnbamo.crx    Win32/Adware.MultiPlug.H application    
C:\ProgramData\wxDownload\507b87332688c.html    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined
C:\ProgramData\wxDownload\cbgpgglfamchgefcjmegdeoenihnbamo.crx    Win32/Adware.MultiPlug.H application    deleted - quarantined
C:\TDSSKiller_Quarantine\06.06.2013_10.40.43\mbr0000\tdlfs0000\tsk0001.dta    Win64/Olmarik.BC trojan    cleaned by deleting - quarantined
C:\Users\Dustin\AppData\Local\Temp\Shortcut_sweetim_3005-426703e9.exe    probably a variant of Win32/SweetIM.C application    cleaned by deleting - quarantined
C:\Users\Dustin\AppData\Local\Temp\nsl8D75.tmp\519ccf03-7d58-4734-a488-45e35bc06f2f.exe    a variant of MSIL/Solimba.I application    cleaned by deleting - quarantined
C:\Users\Dustin\AppData\Local\Temp\nsl8D75.tmp\HappyLyrics_2204-e2f0cce3.exe    Win32/Adware.AddLyrics.F application    cleaned by deleting - quarantined
C:\Users\Dustin\AppData\Local\Temp\nsl8D75.tmp\sweetim_3005-426703e9.exe    probably a variant of Win32/SweetIM.C application    cleaned by deleting - quarantined
C:\Users\Dustin\Downloads\Setup.exe    MSIL/Solimba.Q application    cleaned by deleting - quarantined
 



#9 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 02:14 PM

I also can't get AOL off of my computer. I want Google to be the search engine that comes up. There's an AOL toolbar that I can't get rid of no matter what I try.



#10 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 02:24 PM

I also keep getting a pop-up that says my Java is out of date and a pop-up ad keeps coming up in the lower right hand corner of my screen even after all the scans.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 PM

Posted 06 June 2013 - 02:33 PM

OK, interesting as I don't see Java installed.

Ok run this then RE boot and see what's left.



thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download Rkill by Grinler and save it to your desktop.
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.


    Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    • Double-click on the renamed file to install, then follow these instructions
    • for doing a Quick Scan in normal mode.
    • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • After completing the scan, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 04:32 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dustin on Thu 06/06/2013 at 16:23:19.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] updater by sweetpacks
Successfully deleted: [Service] updater by sweetpacks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF}



~~~ Files

Successfully deleted [File] C:\Windows\svchost.exe  [Check for TDL4 Rootkit!]



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\ProgramData\wxdownload"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\64azyqme.default\extensions\507b86fdca6ee@507b86fdca718.com
Successfully deleted: [Folder] C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\64azyqme.default\extensions\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1}
Successfully deleted the following from C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\64azyqme.default\prefs.js

user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=20121015033936242&tb_oid=06-06-2013&tb_mrud
user_pref("aol_toolbar.search.searchtype", "web");
user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=20121015033936242&tb_oid=06-06-2013&tb_mrud=06-0
user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.
user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");
Emptied folder: C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\64azyqme.default\minidumps [162 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/06/2013 at 16:28:19.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 04:35 PM

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/06/2013 04:34:28 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Dustin\Desktop\rkill\rkill-06-06-2013-04-34-33.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/06/2013 04:35:29 PM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)
 



#14 meltin

meltin
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 06 June 2013 - 04:52 PM

I wasn't able to change the name of the .exe file when I downloaded it for Malwarebytes but was still able to perform a scan successfully. Will that cause a problem?

 

 

 

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.06.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Dustin :: DUSTINS-PC [administrator]

Protection: Enabled

6/6/2013 4:46:31 PM
mbam-log-2013-06-06 (16-46-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213501
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:28 PM

Posted 06 June 2013 - 06:26 PM

No the change is for IF it won't run then we change it to fool the malware.

We got the AOL toolbar. Do you still have the Java issue and any other?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users