Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having difficulty with nasty horsies....


  • Please log in to reply
17 replies to this topic

#1 EvilDeeDlivE

EvilDeeDlivE

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 01:08 PM

Okay, I would like to start by saying HELLO! I am new to the website, and so far it has been very helpful, but now I am at an empasse :mellow: 

 

I had the error message "winsrcmde has stopped working (etc.)" keep popping up. After researching this annoyingly persistent message (and pc performance being allocated without programs running), it seems that I have been infected with a Trojan!

 

Two things: 1) this is my girlfriend's pc. I would neverrrrrr let this happen. 2) I have done my homework on here. I know you have many posts about this particular infection, BUT this virus is active--big time!

 

I DLed TDSSKiller, and it has erased the message. I know there are many more steps to take (such as Malwarebytes, Combofix, etc.) but the virus will not let me DL any of those, whether I rename the programs or not! If I use IE, it says security settings cannot DL it, then I (kind of) circumvent that, but once the file is fully DLed, it says "Failed-Blocked." In Mozilla or Google Chrome, it simply lets me DL it, and then says I don't have a certain .dll to install/open/use whichever program OR says I don't have security clearance to access the program, although I'm on the admin acct.. I was wondering if there are any alternate methods to DLing the programs (aside from flash driving the files from another comp., such as maybe links to compressed .rar files, or something)?? 

 

Also, I believe the comp. illiterate threw away their OS disks, which is why I'm going through all this trouble to repair it, rather than dumping the whole OS and installing a new partition.

 

Any help would be greatly appreciated. Helpful help, even more so!



BC AdBot (Login to Remove)

 


#2 EvilDeeDlivE

EvilDeeDlivE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 01:11 PM

Also, I am on Win7 64-bit, and have heard that Combofix isn't always compatable with 64-bit.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 25 June 2013 - 01:50 PM

Hello, do NOT run Combo unless requested to, thanks.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 EvilDeeDlivE

EvilDeeDlivE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 01:58 PM

Okay, first step with Minitoolbox done. I will continue with other steps. Results here (also, if you would like me to attach as files, rather than post in box, I will do that.):

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by USER (administrator) on 21-03-2008 at 03:15:05
Running from "C:\Users\USER\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros AR928X Wireless Network Adapter = Wireless Network Connection (Connected)
Intel® 82567V-2 Gigabit Network Connection = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : USER-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : local.tld

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : local.tld
   Description . . . . . . . . . . . : Atheros AR928X Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-1F-E1-D6-2D-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1030:c183:c48a:6603%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.15.225(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, March 21, 2008 12:27:28 AM
   Lease Expires . . . . . . . . . . : Friday, March 21, 2008 3:57:29 AM
   Default Gateway . . . . . . . . . : 192.168.15.1
   DHCP Server . . . . . . . . . . . : 192.168.15.1
   DHCPv6 IAID . . . . . . . . . . . : 268443617
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-98-63-E4-00-1D-BA-AE-54-50
   DNS Servers . . . . . . . . . . . : 192.168.15.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Intel® 82567V-2 Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-1D-BA-AE-54-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{82ED6B58-DF83-493E-BE0E-0ADD52F2EE0B}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.gateway.2wire.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.239.4] with 32 bytes of data:

Reply from 74.125.239.4: bytes=32 time=139ms TTL=57

Reply from 74.125.239.4: bytes=32 time=122ms TTL=57



Ping statistics for 74.125.239.4:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 122ms, Maximum = 139ms, Average = 130ms



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=146ms TTL=45

Reply from 206.190.36.45: bytes=32 time=100ms TTL=45



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 100ms, Maximum = 146ms, Average = 123ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 1f e1 d6 2d 6b ...... Atheros AR928X Wireless Network Adapter
 10 ...00 1d ba ae 54 50 ...... Intel® 82567V-2 Gigabit Network Connection
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.{82ED6B58-DF83-493E-BE0E-0ADD52F2EE0B}
 13 ...00 00 00 00 00 00 00 e0  isatap.gateway.2wire.net
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.15.1   192.168.15.225     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.15.0    255.255.255.0         On-link    192.168.15.225    281
   192.168.15.225  255.255.255.255         On-link    192.168.15.225    281
   192.168.15.255  255.255.255.255         On-link    192.168.15.225    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.15.225    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.15.225    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::1030:c183:c48a:6603/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File not found] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog5 06 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 07 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 02 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 03 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 04 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 05 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 06 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 07 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 08 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 11 mswsock.dll [File Not found] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/21/2008 03:16:21 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x1168, application start time 0xnslookup.exe0.

Error: (03/21/2008 03:16:12 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x12d4, application start time 0xnslookup.exe0.

Error: (03/21/2008 03:03:54 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2754670)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/21/2008 03:03:54 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (03/21/2008 03:03:54 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.

Error: (03/21/2008 00:28:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2008 00:27:32 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/20/2008 11:52:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2008 11:51:18 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (03/20/2008 09:59:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/21/2008 03:09:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft Works 9 (KB2754670){DB28D469-D96E-4ECF-924C-BC805754DED1}202

Error: (03/21/2008 00:29:33 AM) (Source: Service Control Manager) (User: )
Description: McAfee Network Agentmfefire

Error: (03/21/2008 00:28:38 AM) (Source: Service Control Manager) (User: )
Description: BHDrvx64
DMICall
SymIRON

Error: (03/21/2008 00:28:38 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (03/21/2008 00:28:38 AM) (Source: Service Control Manager) (User: )
Description: McAfee Proxy Servicemfefire

Error: (03/21/2008 00:28:38 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (03/21/2008 00:28:38 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (03/21/2008 00:28:38 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Servicenvlddmkm%%1058

Error: (03/21/2008 00:27:46 AM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be  changed by +166091940 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123) is working properly.

Error: (03/21/2008 00:27:01 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2011-11-19 18:30:53.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-19 18:30:53.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-19 18:30:52.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-19 18:30:52.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-19 00:30:26.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-19 00:30:02.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-19 00:30:02.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-19 00:30:02.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-19 00:30:01.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-18 00:06:48.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 2.2.5)
Akamai NetSession Interface
Apple Mobile Device Support (Version: 4.0.0.96)
Bonjour (Version: 3.0.0.10)
Dolby Control Center (Version: 1.2.0702)
EasyBits GO
HP Customer Participation Program 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 9.0 (Version: 9.0)
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
iTunes (Version: 10.5.0.142)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Napster Download Manager (Version: 1.0.0.102)
NVIDIA Drivers
ooVoo toolbar, powered by Ask.com Updater (Version: 1.2.0.19709)
PVSonyDll (Version: 1.00.0001)
WIDCOMM Bluetooth Software 6.2.0.5800 (Version: 6.2.0.5800)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Mobile Device Updater Component (Version: 04.07.1407.00)
Yahoo! BrowserPlus 2.9.8
Yontoo Layers Runtime (Drop Down Deals) 1.10.01 (Version: 1.10.01)
Zune (Version: 04.07.1404.01)
Zune Language Pack (DEU) (Version: 04.07.1404.01)
Zune Language Pack (ESP) (Version: 04.07.1404.01)
Zune Language Pack (FRA) (Version: 04.07.1404.01)
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3900.26 MB
Available physical RAM: 2255.17 MB
Total Pagefile: 8003.78 MB
Available Pagefile: 6276.35 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:287.83 GB) (Free:152.39 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator            Guest                    USER                     


**** End of log ****
 



#5 EvilDeeDlivE

EvilDeeDlivE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 02:00 PM

I was also getting this message while trying to start the minitoolbox:  "nslookup" The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll

 

Is that pertinant?



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 25 June 2013 - 02:06 PM

This should fix that.

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 EvilDeeDlivE

EvilDeeDlivE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 02:09 PM

alright, more bad news :( 

 

ran cmd in dos, got messages:

 

"the following helper DLL cannot be loaded: WSHELPER.DLL

"the following helper DLL cannot be loaded: IFMON.DLL

"the following command was not found: winsock reset

 

.........



should i continue with tdsskiller and other tasks?



#8 EvilDeeDlivE

EvilDeeDlivE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 02:18 PM

Anyhow, continued with TDSSKiller, results here:

 

03:26:40.0452 3748  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
03:26:41.0575 3748  ============================================================
03:26:41.0575 3748  Current date / time: 2008/03/21 03:26:41.0575
03:26:41.0575 3748  SystemInfo:
03:26:41.0575 3748  
03:26:41.0575 3748  OS Version: 6.0.6002 ServicePack: 2.0
03:26:41.0575 3748  Product type: Workstation
03:26:41.0575 3748  ComputerName: USER-PC
03:26:41.0575 3748  UserName: USER
03:26:41.0575 3748  Windows directory: C:\Windows
03:26:41.0575 3748  System windows directory: C:\Windows
03:26:41.0575 3748  Running under WOW64
03:26:41.0575 3748  Processor architecture: Intel x64
03:26:41.0575 3748  Number of processors: 2
03:26:41.0575 3748  Page size: 0x1000
03:26:41.0575 3748  Boot type: Normal boot
03:26:41.0575 3748  ============================================================
03:26:43.0245 3748  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:26:43.0260 3748  ============================================================
03:26:43.0260 3748  \Device\Harddisk0\DR0:
03:26:43.0260 3748  MBR partitions:
03:26:43.0260 3748  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1486800, BlocksNum 0x23FA7800
03:26:43.0260 3748  ============================================================
03:26:43.0276 3748  C: <-> \Device\Harddisk0\DR0\Partition1
03:26:43.0276 3748  ============================================================
03:26:43.0276 3748  Initialize success
03:26:43.0276 3748  ============================================================
03:31:43.0079 3652  ============================================================
03:31:43.0079 3652  Scan started
03:31:43.0079 3652  Mode: Manual; TDLFS;
03:31:43.0079 3652  ============================================================
03:31:44.0155 3652  ================ Scan system memory ========================
03:31:44.0155 3652  System memory - ok
03:31:44.0155 3652  ================ Scan services =============================
03:31:44.0264 3652  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
03:31:44.0264 3652  ACDaemon - ok
03:31:44.0545 3652  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
03:31:44.0545 3652  ACPI - ok
03:31:44.0592 3652  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
03:31:44.0608 3652  adp94xx - ok
03:31:44.0623 3652  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
03:31:44.0623 3652  adpahci - ok
03:31:44.0639 3652  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
03:31:44.0639 3652  adpu160m - ok
03:31:44.0670 3652  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
03:31:44.0670 3652  adpu320 - ok
03:31:44.0701 3652  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
03:31:44.0701 3652  AeLookupSvc - ok
03:31:44.0748 3652  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
03:31:44.0764 3652  AFD - ok
03:31:44.0795 3652  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
03:31:44.0795 3652  agp440 - ok
03:31:44.0795 3652  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
03:31:44.0810 3652  aic78xx - ok
03:31:44.0966 3652  [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
03:31:44.0966 3652  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
03:31:44.0966 3652  Akamai ( HiddenFile.Multi.Generic ) - warning
03:31:44.0966 3652  Akamai - detected HiddenFile.Multi.Generic (1)
03:31:44.0998 3652  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
03:31:44.0998 3652  ALG - ok
03:31:45.0029 3652  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
03:31:45.0029 3652  aliide - ok
03:31:45.0044 3652  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
03:31:45.0044 3652  amdide - ok
03:31:45.0060 3652  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
03:31:45.0060 3652  AmdK8 - ok
03:31:45.0138 3652  [ B11291CBC71231C373743055FB7F5B48 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
03:31:45.0138 3652  AppHostSvc - ok
03:31:45.0169 3652  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
03:31:45.0169 3652  Appinfo - ok
03:31:45.0263 3652  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:31:45.0263 3652  Apple Mobile Device - ok
03:31:45.0278 3652  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
03:31:45.0278 3652  arc - ok
03:31:45.0310 3652  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
03:31:45.0325 3652  arcsas - ok
03:31:45.0356 3652  [ 1CE3822B05A5E229286A15EA39369870 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
03:31:45.0356 3652  ArcSoftKsUFilter - ok
03:31:45.0372 3652  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
03:31:45.0388 3652  AsyncMac - ok
03:31:45.0419 3652  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
03:31:45.0419 3652  atapi - ok
03:31:45.0466 3652  [ 390BC9B68E1EF2A299731BC775D43004 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
03:31:45.0497 3652  athr - ok
03:31:45.0559 3652  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:31:45.0575 3652  AudioEndpointBuilder - ok
03:31:45.0590 3652  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
03:31:45.0590 3652  AudioSrv - ok
03:31:45.0668 3652  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
03:31:45.0668 3652  BBSvc - ok
03:31:45.0793 3652  [ 82C695630676079F7AD68C85A5E662E5 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx64.sys
03:31:45.0809 3652  BHDrvx64 - ok
03:31:45.0887 3652  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
03:31:45.0918 3652  BITS - ok
03:31:45.0949 3652  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
03:31:45.0949 3652  blbdrive - ok
03:31:46.0058 3652  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:31:46.0074 3652  Bonjour Service - ok
03:31:46.0105 3652  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
03:31:46.0105 3652  bowser - ok
03:31:46.0136 3652  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
03:31:46.0136 3652  BrFiltLo - ok
03:31:46.0152 3652  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
03:31:46.0152 3652  BrFiltUp - ok
03:31:46.0199 3652  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
03:31:46.0199 3652  Browser - ok
03:31:46.0214 3652  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
03:31:46.0214 3652  Brserid - ok
03:31:46.0230 3652  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
03:31:46.0230 3652  BrSerWdm - ok
03:31:46.0246 3652  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
03:31:46.0246 3652  BrUsbMdm - ok
03:31:46.0246 3652  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
03:31:46.0261 3652  BrUsbSer - ok
03:31:46.0277 3652  [ 471FF09330A53177BBE9FD6DDF8A8259 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
03:31:46.0292 3652  BthEnum - ok
03:31:46.0308 3652  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
03:31:46.0308 3652  BTHMODEM - ok
03:31:46.0339 3652  [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
03:31:46.0386 3652  BthPan - ok
03:31:46.0417 3652  [ 7D104F22C04A76F0D2F96F789AC07FCB ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
03:31:46.0448 3652  BTHPORT - ok
03:31:46.0511 3652  [ 22E65FFD640F16968F855F5B3528D366 ] BthServ         C:\Windows\System32\bthserv.dll
03:31:46.0511 3652  BthServ - ok
03:31:46.0511 3652  [ D9324F0C142267961CE900BFC3798BB1 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
03:31:46.0526 3652  BTHUSB - ok
03:31:46.0558 3652  [ AF1D3519B4914100B07CC396020836F5 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
03:31:46.0558 3652  btwaudio - ok
03:31:46.0573 3652  [ 9B87DD0C292C857A3461739FC99BD9CA ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
03:31:46.0573 3652  btwavdt - ok
03:31:46.0636 3652  [ E090E9F1A10AB395B138357F2C600082 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
03:31:46.0636 3652  btwdins - ok
03:31:46.0651 3652  [ D33875CA5940F2E0ED06FB74D556E2DB ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
03:31:46.0651 3652  btwl2cap - ok
03:31:46.0667 3652  [ 09B9B17ED78E0307798CEB9904F1A4C5 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
03:31:46.0667 3652  btwrchid - ok
03:31:46.0698 3652  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
03:31:46.0698 3652  cdfs - ok
03:31:46.0760 3652  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
03:31:46.0760 3652  cdrom - ok
03:31:46.0823 3652  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
03:31:46.0823 3652  CertPropSvc - ok
03:31:46.0854 3652  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
03:31:46.0854 3652  circlass - ok
03:31:46.0870 3652  [ 2C0F16506BCBC80097D58099BC6BE4C0 ] CISVC           C:\Windows\system32\CISVC.EXE
03:31:46.0870 3652  CISVC - ok
03:31:46.0916 3652  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
03:31:46.0932 3652  CLFS - ok
03:31:46.0979 3652  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:31:46.0979 3652  clr_optimization_v2.0.50727_32 - ok
03:31:47.0026 3652  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:31:47.0026 3652  clr_optimization_v2.0.50727_64 - ok
03:31:47.0119 3652  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:31:47.0119 3652  clr_optimization_v4.0.30319_32 - ok
03:31:47.0135 3652  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:31:47.0150 3652  clr_optimization_v4.0.30319_64 - ok
03:31:47.0166 3652  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
03:31:47.0166 3652  cmdide - ok
03:31:47.0182 3652  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
03:31:47.0182 3652  Compbatt - ok
03:31:47.0182 3652  COMSysApp - ok
03:31:47.0213 3652  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
03:31:47.0213 3652  crcdisk - ok
03:31:47.0275 3652  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
03:31:47.0275 3652  CryptSvc - ok
03:31:47.0369 3652  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
03:31:47.0369 3652  DcomLaunch - ok
03:31:47.0462 3652  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
03:31:47.0525 3652  DfsC - ok
03:31:47.0712 3652  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
03:31:47.0774 3652  DFSR - ok
03:31:47.0852 3652  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
03:31:47.0852 3652  Dhcp - ok
03:31:47.0899 3652  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
03:31:47.0899 3652  disk - ok
03:31:47.0930 3652  DMICall - ok
03:31:47.0977 3652  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
03:31:47.0977 3652  Dnscache - ok
03:31:48.0024 3652  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
03:31:48.0024 3652  dot3svc - ok
03:31:48.0071 3652  [ 74C02B1717740C3B8039539E23E4B53F ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
03:31:48.0071 3652  Dot4 - ok
03:31:48.0086 3652  [ 08321D1860235BF42CF2854234337AEA ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
03:31:48.0086 3652  Dot4Print - ok
03:31:48.0102 3652  [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
03:31:48.0102 3652  dot4usb - ok
03:31:48.0149 3652  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
03:31:48.0149 3652  DPS - ok
03:31:48.0164 3652  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
03:31:48.0164 3652  drmkaud - ok
03:31:48.0227 3652  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
03:31:48.0227 3652  DXGKrnl - ok
03:31:48.0258 3652  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
03:31:48.0258 3652  E1G60 - ok
03:31:48.0274 3652  [ 50F95E488C99AE2B0D9DEF392ACC61FC ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
03:31:48.0274 3652  e1yexpress - ok
03:31:48.0305 3652  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
03:31:48.0305 3652  EapHost - ok
03:31:48.0367 3652  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
03:31:48.0398 3652  Ecache - ok
03:31:48.0476 3652  [ 5CCF1BE80930AEB1CDEBF561666325E8 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
03:31:48.0476 3652  eeCtrl - ok
03:31:48.0523 3652  [ 33510BE001CCDB5A01FCC88F4DD8DFC7 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
03:31:48.0523 3652  ehRecvr - ok
03:31:48.0539 3652  [ 1ABC6436B0EDAA3D496D9C827F92820D ] ehSched         C:\Windows\ehome\ehsched.exe
03:31:48.0539 3652  ehSched - ok
03:31:48.0570 3652  [ 08F48CB2CD4019AFB0456869B49CD76F ] ehstart         C:\Windows\ehome\ehstart.dll
03:31:48.0570 3652  ehstart - ok
03:31:48.0586 3652  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
03:31:48.0601 3652  elxstor - ok
03:31:48.0648 3652  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
03:31:48.0648 3652  EMDMgmt - ok
03:31:48.0664 3652  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
03:31:48.0664 3652  ErrDev - ok
03:31:48.0726 3652  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
03:31:48.0742 3652  EventSystem - ok
03:31:48.0773 3652  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
03:31:48.0788 3652  exfat - ok
03:31:48.0820 3652  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
03:31:48.0820 3652  fastfat - ok
03:31:48.0851 3652  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
03:31:48.0851 3652  fdc - ok
03:31:48.0882 3652  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
03:31:48.0882 3652  fdPHost - ok
03:31:48.0882 3652  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
03:31:48.0882 3652  FDResPub - ok
03:31:48.0913 3652  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
03:31:48.0913 3652  FileInfo - ok
03:31:48.0929 3652  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
03:31:48.0929 3652  Filetrace - ok
03:31:48.0944 3652  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
03:31:48.0944 3652  flpydisk - ok
03:31:48.0991 3652  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
03:31:48.0991 3652  FltMgr - ok
03:31:49.0100 3652  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
03:31:49.0100 3652  FontCache - ok
03:31:49.0163 3652  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:31:49.0163 3652  FontCache3.0.0.0 - ok
03:31:49.0225 3652  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
03:31:49.0225 3652  fssfltr - ok
03:31:49.0350 3652  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:31:49.0397 3652  fsssvc - ok
03:31:49.0428 3652  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
03:31:49.0428 3652  Fs_Rec - ok
03:31:49.0459 3652  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
03:31:49.0459 3652  gagp30kx - ok
03:31:49.0506 3652  [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:31:49.0506 3652  GEARAspiWDM - ok
03:31:49.0568 3652  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
03:31:49.0584 3652  gpsvc - ok
03:31:49.0646 3652  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1caa1605bd8fd0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:31:49.0646 3652  gupdate1caa1605bd8fd0 - ok
03:31:49.0662 3652  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:31:49.0662 3652  gupdatem - ok
03:31:49.0724 3652  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:31:49.0724 3652  gusvc - ok
03:31:49.0771 3652  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:31:49.0771 3652  HdAudAddService - ok
03:31:49.0834 3652  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
03:31:49.0834 3652  HDAudBus - ok
03:31:49.0880 3652  [ 72D70BCF68C092978BFCD32F88BD6454 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
03:31:49.0880 3652  HECIx64 - ok
03:31:49.0896 3652  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
03:31:49.0912 3652  HidBth - ok
03:31:49.0943 3652  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
03:31:49.0943 3652  HidIr - ok
03:31:50.0005 3652  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
03:31:50.0005 3652  hidserv - ok
03:31:50.0036 3652  [ 59A7B5E13356C20D67983868242167C5 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
03:31:50.0036 3652  HidUsb - ok
03:31:50.0052 3652  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
03:31:50.0052 3652  hkmsvc - ok
03:31:50.0114 3652  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
03:31:50.0114 3652  HpCISSs - ok
03:31:50.0208 3652  [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
03:31:50.0208 3652  hpqcxs08 - ok
03:31:50.0239 3652  [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
03:31:50.0255 3652  hpqddsvc - ok
03:31:50.0302 3652  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
03:31:50.0333 3652  HTTP - ok
03:31:50.0364 3652  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
03:31:50.0364 3652  i2omp - ok
03:31:50.0426 3652  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
03:31:50.0426 3652  i8042prt - ok
03:31:50.0489 3652  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
03:31:50.0489 3652  iaStorV - ok
03:31:50.0582 3652  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:31:50.0598 3652  idsvc - ok
03:31:50.0707 3652  [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111206.001\IDSvia64.sys
03:31:50.0707 3652  IDSVia64 - ok
03:31:50.0832 3652  [ 8254F64C0B738C167B7F487ED7C28DB5 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
03:31:50.0941 3652  igfx - ok
03:31:50.0972 3652  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
03:31:50.0972 3652  iirsp - ok
03:31:51.0035 3652  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
03:31:51.0035 3652  IKEEXT - ok
03:31:51.0097 3652  [ C5398AD1389C8EEAF1BF8E85031E97C0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:31:51.0113 3652  IntcAzAudAddService - ok
03:31:51.0144 3652  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
03:31:51.0160 3652  intelide - ok
03:31:51.0175 3652  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
03:31:51.0191 3652  intelppm - ok
03:31:51.0206 3652  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
03:31:51.0206 3652  IPBusEnum - ok
03:31:51.0253 3652  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:31:51.0269 3652  IpFilterDriver - ok
03:31:51.0269 3652  IpInIp - ok
03:31:51.0300 3652  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
03:31:51.0300 3652  IPMIDRV - ok
03:31:51.0316 3652  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
03:31:51.0316 3652  IPNAT - ok
03:31:51.0409 3652  [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
03:31:51.0425 3652  iPod Service - ok
03:31:51.0456 3652  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
03:31:51.0456 3652  IRENUM - ok
03:31:51.0518 3652  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
03:31:51.0518 3652  isapnp - ok
03:31:51.0581 3652  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
03:31:51.0596 3652  iScsiPrt - ok
03:31:51.0628 3652  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
03:31:51.0628 3652  iteatapi - ok
03:31:51.0690 3652  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
03:31:51.0690 3652  iteraid - ok
03:31:51.0737 3652  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
03:31:51.0737 3652  IviRegMgr - ok
03:31:51.0784 3652  [ 2541C1BA5C80AB812E4836BDDAA24C9D ] JLTECH0227      C:\Windows\system32\Drivers\jl2005c.sys
03:31:51.0784 3652  JLTECH0227 - ok
03:31:51.0846 3652  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
03:31:51.0846 3652  kbdclass - ok
03:31:51.0893 3652  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
03:31:51.0893 3652  kbdhid - ok
03:31:51.0924 3652  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
03:31:51.0940 3652  KeyIso - ok
03:31:51.0971 3652  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
03:31:51.0986 3652  KSecDD - ok
03:31:52.0002 3652  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
03:31:52.0002 3652  ksthunk - ok
03:31:52.0049 3652  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
03:31:52.0049 3652  KtmRm - ok
03:31:52.0096 3652  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
03:31:52.0111 3652  LanmanServer - ok
03:31:52.0142 3652  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:31:52.0142 3652  LanmanWorkstation - ok
03:31:52.0158 3652  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
03:31:52.0174 3652  lltdio - ok
03:31:52.0220 3652  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
03:31:52.0236 3652  lltdsvc - ok
03:31:52.0252 3652  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
03:31:52.0267 3652  lmhosts - ok
03:31:52.0298 3652  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
03:31:52.0298 3652  LSI_FC - ok
03:31:52.0345 3652  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
03:31:52.0392 3652  LSI_SAS - ok
03:31:52.0423 3652  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
03:31:52.0454 3652  LSI_SCSI - ok
03:31:52.0486 3652  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
03:31:52.0486 3652  luafv - ok
03:31:52.0501 3652  McComponentHostService - ok
03:31:52.0610 3652  [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
03:31:52.0610 3652  McNASvc - ok
03:31:52.0642 3652  [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
03:31:52.0642 3652  McProxy - ok
03:31:52.0688 3652  [ 4A463D645B48BB487CA7DF12BA5D1602 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
03:31:52.0688 3652  McShield - ok
03:31:52.0735 3652  [ 6DA30C0DE0CC8525E89D612C5063CAC1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
03:31:52.0751 3652  Mcx2Svc - ok
03:31:52.0813 3652  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
03:31:52.0813 3652  megasas - ok
03:31:52.0829 3652  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
03:31:52.0844 3652  MegaSR - ok
03:31:52.0876 3652  [ EF3ACFB7E3F82D5F7CDE9EF5F0A4E2E2 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
03:31:52.0891 3652  mfeapfk - ok
03:31:52.0922 3652  [ E7A60BDB4365B561D896019B82FB7DD0 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
03:31:52.0922 3652  mfeavfk - ok
03:31:52.0938 3652  [ 670DFFE55E2F9AB99D9169C428BCECE9 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
03:31:52.0938 3652  mfefirek - ok
03:31:52.0969 3652  [ 1892616B7F9291FD77C3FA0A5811FE9F ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
03:31:52.0985 3652  mfehidk - ok
03:31:53.0016 3652  [ 65776BD8029E409935B90DE30BF99526 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
03:31:53.0016 3652  mferkdet - ok
03:31:53.0047 3652  [ 8F3B3C3625E3AAA11D6D4DB8423E1721 ] mfevtp          C:\Windows\system32\mfevtps.exe
03:31:53.0063 3652  mfevtp - ok
03:31:53.0078 3652  [ 4F17D8B85B903D96EF7033BB6EF50516 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
03:31:53.0078 3652  mfewfpk - ok
03:31:53.0141 3652  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
03:31:53.0141 3652  Microsoft Office Groove Audit Service - ok
03:31:53.0172 3652  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
03:31:53.0172 3652  MMCSS - ok
03:31:53.0203 3652  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
03:31:53.0203 3652  Modem - ok
03:31:53.0250 3652  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
03:31:53.0250 3652  monitor - ok
03:31:53.0266 3652  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
03:31:53.0266 3652  mouclass - ok
03:31:53.0281 3652  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
03:31:53.0281 3652  mouhid - ok
03:31:53.0297 3652  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
03:31:53.0297 3652  MountMgr - ok
03:31:53.0390 3652  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:31:53.0390 3652  MozillaMaintenance - ok
03:31:53.0422 3652  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
03:31:53.0437 3652  mpio - ok
03:31:53.0468 3652  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
03:31:53.0468 3652  mpsdrv - ok
03:31:53.0500 3652  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
03:31:53.0515 3652  Mraid35x - ok
03:31:53.0562 3652  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
03:31:53.0562 3652  MRxDAV - ok
03:31:53.0609 3652  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
03:31:53.0609 3652  mrxsmb - ok
03:31:53.0656 3652  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:31:53.0656 3652  mrxsmb10 - ok
03:31:53.0671 3652  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:31:53.0671 3652  mrxsmb20 - ok
03:31:53.0702 3652  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
03:31:53.0702 3652  msahci - ok
03:31:53.0765 3652  MSCSPTISRV - ok
03:31:53.0796 3652  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
03:31:53.0796 3652  msdsm - ok
03:31:53.0827 3652  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
03:31:53.0843 3652  MSDTC - ok
03:31:53.0874 3652  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
03:31:53.0874 3652  Msfs - ok
03:31:53.0890 3652  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
03:31:53.0890 3652  msisadrv - ok
03:31:53.0905 3652  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
03:31:53.0921 3652  MSiSCSI - ok
03:31:53.0921 3652  msiserver - ok
03:31:53.0936 3652  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
03:31:53.0936 3652  MSKSSRV - ok
03:31:53.0968 3652  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
03:31:53.0968 3652  MSPCLOCK - ok
03:31:53.0983 3652  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
03:31:53.0983 3652  MSPQM - ok
03:31:54.0030 3652  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
03:31:54.0030 3652  MsRPC - ok
03:31:54.0061 3652  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
03:31:54.0061 3652  mssmbios - ok
03:31:54.0077 3652  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
03:31:54.0077 3652  MSTEE - ok
03:31:54.0108 3652  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
03:31:54.0108 3652  Mup - ok
03:31:54.0186 3652  [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360            C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
03:31:54.0186 3652  N360 - ok
03:31:54.0248 3652  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
03:31:54.0264 3652  napagent - ok
03:31:54.0311 3652  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
03:31:54.0326 3652  NativeWifiP - ok
03:31:54.0420 3652  [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111207.003\ENG64.SYS
03:31:54.0420 3652  NAVENG - ok
03:31:54.0498 3652  [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111207.003\EX64.SYS
03:31:54.0592 3652  NAVEX15 - ok
03:31:54.0670 3652  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
03:31:54.0670 3652  NDIS - ok
03:31:54.0701 3652  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
03:31:54.0701 3652  NdisTapi - ok
03:31:54.0716 3652  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
03:31:54.0716 3652  Ndisuio - ok
03:31:54.0763 3652  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
03:31:54.0763 3652  NdisWan - ok
03:31:54.0779 3652  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
03:31:54.0794 3652  NDProxy - ok
03:31:54.0826 3652  [ BD94210175C488F18ADD3E189EE9304C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
03:31:54.0826 3652  Net Driver HPZ12 - ok
03:31:54.0841 3652  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
03:31:54.0857 3652  NetBIOS - ok
03:31:54.0904 3652  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
03:31:54.0904 3652  netbt - ok
03:31:54.0919 3652  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
03:31:54.0919 3652  Netlogon - ok
03:31:54.0950 3652  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
03:31:54.0966 3652  Netman - ok
03:31:54.0982 3652  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
03:31:54.0997 3652  netprofm - ok
03:31:55.0044 3652  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:31:55.0044 3652  NetTcpPortSharing - ok
03:31:55.0106 3652  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
03:31:55.0106 3652  nfrd960 - ok
03:31:55.0153 3652  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
03:31:55.0153 3652  NlaSvc - ok
03:31:55.0231 3652  [ C31FA031335EFF434B2D94278E74BCCE ] NPF             C:\Windows\system32\drivers\npf.sys
03:31:55.0231 3652  NPF - ok
03:31:55.0278 3652  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
03:31:55.0278 3652  Npfs - ok
03:31:55.0294 3652  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
03:31:55.0294 3652  nsi - ok
03:31:55.0325 3652  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
03:31:55.0325 3652  nsiproxy - ok
03:31:55.0387 3652  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
03:31:55.0418 3652  Ntfs - ok
03:31:55.0465 3652  [ 96E310EC2BB1FC55FA4D32839AA990A2 ] NtmsSvc         C:\Windows\system32\ntmssvc.dll
03:31:55.0496 3652  NtmsSvc - ok
03:31:55.0512 3652  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
03:31:55.0512 3652  Null - ok
03:31:55.0699 3652  [ 234913760C6B8AEDE986753999CD973D ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:31:55.0777 3652  nvlddmkm - ok
03:31:55.0808 3652  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
03:31:55.0824 3652  nvraid - ok
03:31:55.0855 3652  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
03:31:55.0855 3652  nvstor - ok
03:31:55.0902 3652  [ 36E90DA0FDDC126905ED4A994B99A5BD ] nvsvc           C:\Windows\system32\nvvsvc.exe
03:31:55.0902 3652  nvsvc - ok
03:31:55.0933 3652  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
03:31:55.0933 3652  nv_agp - ok
03:31:55.0933 3652  NwlnkFlt - ok
03:31:55.0949 3652  NwlnkFwd - ok
03:31:56.0027 3652  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:31:56.0027 3652  odserv - ok
03:31:56.0089 3652  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
03:31:56.0089 3652  ohci1394 - ok
03:31:56.0120 3652  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:31:56.0120 3652  ose - ok
03:31:56.0167 3652  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
03:31:56.0183 3652  p2pimsvc - ok
03:31:56.0214 3652  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
03:31:56.0230 3652  p2psvc - ok
03:31:56.0261 3652  [ 5D43D0BA9E0C2F8782077F660DFE916F ] PACSPTISVR      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
03:31:56.0261 3652  PACSPTISVR - ok
03:31:56.0308 3652  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
03:31:56.0308 3652  Parport - ok
03:31:56.0354 3652  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
03:31:56.0354 3652  partmgr - ok
03:31:56.0386 3652  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
03:31:56.0386 3652  PcaSvc - ok
03:31:56.0432 3652  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
03:31:56.0432 3652  pci - ok
03:31:56.0495 3652  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
03:31:56.0495 3652  pciide - ok
03:31:56.0542 3652  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
03:31:56.0542 3652  pcmcia - ok
03:31:56.0635 3652  [ E6E503845208A148A9E3E7FAA63B97A4 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
03:31:56.0666 3652  PCToolsSSDMonitorSvc - ok
03:31:56.0682 3652  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
03:31:56.0698 3652  PEAUTH - ok
03:31:56.0776 3652  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
03:31:56.0791 3652  PerfHost - ok
03:31:56.0838 3652  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
03:31:56.0885 3652  pla - ok
03:31:56.0932 3652  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
03:31:56.0932 3652  PlugPlay - ok
03:31:56.0963 3652  [ 7FE2AFB17D91CF39843D6766EA31CFC7 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
03:31:56.0963 3652  Pml Driver HPZ12 - ok
03:31:56.0994 3652  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
03:31:57.0010 3652  PNRPAutoReg - ok
03:31:57.0025 3652  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
03:31:57.0041 3652  PNRPsvc - ok
03:31:57.0088 3652  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
03:31:57.0103 3652  PolicyAgent - ok
03:31:57.0134 3652  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
03:31:57.0134 3652  PptpMiniport - ok
03:31:57.0181 3652  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
03:31:57.0197 3652  Processor - ok
03:31:57.0244 3652  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
03:31:57.0244 3652  ProfSvc - ok
03:31:57.0259 3652  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
03:31:57.0259 3652  ProtectedStorage - ok
03:31:57.0306 3652  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
03:31:57.0306 3652  PSched - ok
03:31:57.0322 3652  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
03:31:57.0337 3652  PxHlpa64 - ok
03:31:57.0368 3652  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
03:31:57.0415 3652  ql2300 - ok
03:31:57.0446 3652  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
03:31:57.0446 3652  ql40xx - ok
03:31:57.0509 3652  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
03:31:57.0524 3652  QWAVE - ok
03:31:57.0540 3652  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
03:31:57.0556 3652  QWAVEdrv - ok
03:31:57.0571 3652  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
03:31:57.0571 3652  RasAcd - ok
03:31:57.0587 3652  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
03:31:57.0587 3652  RasAuto - ok
03:31:57.0634 3652  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
03:31:57.0634 3652  Rasl2tp - ok
03:31:57.0665 3652  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
03:31:57.0665 3652  RasMan - ok
03:31:57.0712 3652  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
03:31:57.0712 3652  RasPppoe - ok
03:31:57.0758 3652  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
03:31:57.0758 3652  RasSstp - ok
03:31:57.0805 3652  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
03:31:57.0805 3652  rdbss - ok
03:31:57.0821 3652  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
03:31:57.0836 3652  RDPCDD - ok
03:31:57.0868 3652  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
03:31:57.0883 3652  rdpdr - ok
03:31:57.0883 3652  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
03:31:57.0883 3652  RDPENCDD - ok
03:31:57.0961 3652  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
03:31:57.0961 3652  RDPWD - ok
03:31:58.0008 3652  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
03:31:58.0008 3652  RemoteAccess - ok
03:31:58.0055 3652  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
03:31:58.0055 3652  RemoteRegistry - ok
03:31:58.0102 3652  [ 72C35598BA591ABDDC37FCE7D26FE1C4 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
03:31:58.0102 3652  RFCOMM - ok
03:31:58.0148 3652  [ 7EAE3999B94A8CE60BFBAA83462B89A1 ] rimsptsk        C:\Windows\system32\DRIVERS\rimssn64.sys
03:31:58.0148 3652  rimsptsk - ok
03:31:58.0164 3652  [ FA6D7CD63AD08A01D9259F58E0C5C09E ] risdptsk        C:\Windows\system32\DRIVERS\risdsn64.sys
03:31:58.0164 3652  risdptsk - ok
03:31:58.0226 3652  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
03:31:58.0226 3652  rpcapd - ok
03:31:58.0273 3652  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
03:31:58.0273 3652  RpcLocator - ok
03:31:58.0320 3652  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
03:31:58.0336 3652  RpcSs - ok
03:31:58.0367 3652  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
03:31:58.0367 3652  rspndr - ok
03:31:58.0398 3652  [ E98774D99E6DEE35A703F0CBAB5A39BB ] RtkAudioService C:\Windows\RtkAudioService.exe
03:31:58.0398 3652  RtkAudioService - ok
03:31:58.0476 3652  [ 9A5FB8DE6567BC86FCCDE2F0336857A3 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
03:31:58.0476 3652  SampleCollector - ok
03:31:58.0507 3652  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
03:31:58.0507 3652  SamSs - ok
03:31:58.0554 3652  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
03:31:58.0554 3652  sbp2port - ok
03:31:58.0632 3652  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
03:31:58.0632 3652  SCardSvr - ok
03:31:58.0694 3652  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
03:31:58.0694 3652  Schedule - ok
03:31:58.0741 3652  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
03:31:58.0741 3652  SCPolicySvc - ok
03:31:58.0788 3652  [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
03:31:58.0788 3652  sdbus - ok
03:31:58.0835 3652  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
03:31:58.0835 3652  SDRSVC - ok
03:31:58.0928 3652  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
03:31:58.0928 3652  SeaPort - ok
03:31:58.0944 3652  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
03:31:58.0960 3652  secdrv - ok
03:31:58.0975 3652  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
03:31:58.0975 3652  seclogon - ok
03:31:58.0991 3652  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
03:31:58.0991 3652  SENS - ok
03:31:59.0022 3652  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
03:31:59.0022 3652  Serenum - ok
03:31:59.0053 3652  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
03:31:59.0053 3652  Serial - ok
03:31:59.0069 3652  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
03:31:59.0069 3652  sermouse - ok
03:31:59.0116 3652  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
03:31:59.0116 3652  SessionEnv - ok
03:31:59.0147 3652  [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
03:31:59.0147 3652  SFEP - ok
03:31:59.0178 3652  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
03:31:59.0178 3652  sffdisk - ok
03:31:59.0194 3652  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
03:31:59.0194 3652  sffp_mmc - ok
03:31:59.0209 3652  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
03:31:59.0209 3652  sffp_sd - ok
03:31:59.0240 3652  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
03:31:59.0240 3652  sfloppy - ok
03:31:59.0287 3652  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
03:31:59.0303 3652  SharedAccess - ok
03:31:59.0350 3652  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:31:59.0365 3652  ShellHWDetection - ok
03:31:59.0381 3652  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
03:31:59.0381 3652  SiSRaid2 - ok
03:31:59.0412 3652  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
03:31:59.0412 3652  SiSRaid4 - ok
03:31:59.0568 3652  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
03:31:59.0599 3652  Skype C2C Service - ok
03:31:59.0662 3652  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
03:31:59.0662 3652  SkypeUpdate - ok
03:31:59.0755 3652  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
03:31:59.0802 3652  slsvc - ok
03:31:59.0849 3652  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
03:31:59.0849 3652  SLUINotify - ok
03:31:59.0880 3652  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
03:31:59.0880 3652  Smb - ok
03:31:59.0927 3652  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
03:31:59.0927 3652  SNMPTRAP - ok
03:32:00.0005 3652  [ 1A9DD46C547646A54CDB4065C1996A07 ] SOHCImp         C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe
03:32:00.0020 3652  SOHCImp - ok
03:32:00.0036 3652  [ 2E1B0D8278BB616148DDCA13DAE87544 ] SOHDms          C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe
03:32:00.0036 3652  SOHDms - ok
03:32:00.0067 3652  [ 892529EE03211C35AEA7132E119F4862 ] SOHDs           C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe
03:32:00.0083 3652  SOHDs - ok
03:32:00.0114 3652  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
03:32:00.0114 3652  spldr - ok
03:32:00.0161 3652  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
03:32:00.0176 3652  Spooler - ok
03:32:00.0176 3652  SPTISRV - ok
03:32:00.0254 3652  [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP           C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
03:32:00.0270 3652  SRTSP - ok
03:32:00.0301 3652  [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX          C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
03:32:00.0301 3652  SRTSPX - ok
03:32:00.0348 3652  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
03:32:00.0348 3652  srv - ok
03:32:00.0395 3652  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
03:32:00.0395 3652  srv2 - ok
03:32:00.0410 3652  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
03:32:00.0410 3652  srvnet - ok
03:32:00.0442 3652  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
03:32:00.0442 3652  SSDPSRV - ok
03:32:00.0488 3652  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
03:32:00.0488 3652  SstpSvc - ok
03:32:00.0566 3652  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
03:32:00.0598 3652  stisvc - ok
03:32:00.0629 3652  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
03:32:00.0629 3652  swenum - ok
03:32:00.0644 3652  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
03:32:00.0660 3652  swprv - ok
03:32:00.0691 3652  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
03:32:00.0691 3652  Symc8xx - ok
03:32:00.0754 3652  [ 6160145C7A87FC7672E8E3B886888176 ] SymDS           C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
03:32:00.0769 3652  SymDS - ok
03:32:00.0800 3652  [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA          C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
03:32:00.0816 3652  SymEFA - ok
03:32:00.0832 3652  [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
03:32:00.0832 3652  SymEvent - ok
03:32:00.0847 3652  [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON         C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
03:32:00.0847 3652  SymIRON - ok
03:32:00.0878 3652  [ 6CB70A5D30E4322BAB4AD52866B0A4B8 ] SYMTDIv         C:\Windows\system32\drivers\N360x64\0501000.01D\SYMTDIV.SYS
03:32:00.0878 3652  SYMTDIv - ok
03:32:00.0925 3652  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
03:32:00.0925 3652  Sym_hi - ok
03:32:00.0988 3652  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
03:32:00.0988 3652  Sym_u3 - ok
03:32:01.0050 3652  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
03:32:01.0050 3652  SysMain - ok
03:32:01.0081 3652  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:32:01.0081 3652  TabletInputService - ok
03:32:01.0128 3652  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
03:32:01.0144 3652  TapiSrv - ok
03:32:01.0159 3652  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
03:32:01.0159 3652  TBS - ok
03:32:01.0237 3652  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
03:32:01.0268 3652  Tcpip - ok
03:32:01.0315 3652  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
03:32:01.0331 3652  Tcpip6 - ok
03:32:01.0362 3652  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
03:32:01.0362 3652  tcpipreg - ok
03:32:01.0409 3652  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
03:32:01.0424 3652  TDPIPE - ok
03:32:01.0440 3652  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
03:32:01.0440 3652  TDTCP - ok
03:32:01.0471 3652  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
03:32:01.0471 3652  tdx - ok
03:32:01.0518 3652  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
03:32:01.0518 3652  TermDD - ok
03:32:01.0580 3652  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
03:32:01.0612 3652  TermService - ok
03:32:01.0627 3652  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
03:32:01.0643 3652  Themes - ok
03:32:01.0658 3652  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
03:32:01.0674 3652  THREADORDER - ok
03:32:01.0690 3652  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
03:32:01.0690 3652  TrkWks - ok
03:32:01.0768 3652  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:32:01.0768 3652  TrustedInstaller - ok
03:32:01.0814 3652  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
03:32:01.0814 3652  tssecsrv - ok
03:32:01.0846 3652  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
03:32:01.0861 3652  tunmp - ok
03:32:01.0892 3652  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
03:32:01.0908 3652  tunnel - ok
03:32:01.0939 3652  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
03:32:01.0939 3652  uagp35 - ok
03:32:02.0002 3652  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
03:32:02.0002 3652  uCamMonitor - ok
03:32:02.0048 3652  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
03:32:02.0048 3652  udfs - ok
03:32:02.0095 3652  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
03:32:02.0095 3652  UI0Detect - ok
03:32:02.0126 3652  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
03:32:02.0142 3652  uliagpkx - ok
03:32:02.0173 3652  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
03:32:02.0173 3652  uliahci - ok
03:32:02.0204 3652  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
03:32:02.0204 3652  UlSata - ok
03:32:02.0236 3652  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
03:32:02.0236 3652  ulsata2 - ok
03:32:02.0267 3652  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
03:32:02.0282 3652  umbus - ok
03:32:02.0298 3652  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
03:32:02.0314 3652  upnphost - ok
03:32:02.0360 3652  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
03:32:02.0407 3652  USBAAPL64 - ok
03:32:02.0454 3652  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
03:32:02.0454 3652  usbaudio - ok
03:32:02.0516 3652  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
03:32:02.0516 3652  usbccgp - ok
03:32:02.0563 3652  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
03:32:02.0641 3652  usbcir - ok
03:32:02.0672 3652  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
03:32:02.0672 3652  usbehci - ok
03:32:02.0719 3652  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
03:32:02.0735 3652  usbhub - ok
03:32:02.0766 3652  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
03:32:02.0766 3652  usbohci - ok
03:32:02.0813 3652  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
03:32:02.0828 3652  usbprint - ok
03:32:02.0860 3652  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
03:32:02.0860 3652  usbscan - ok
03:32:02.0906 3652  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:32:02.0906 3652  USBSTOR - ok
03:32:02.0953 3652  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
03:32:02.0953 3652  usbuhci - ok
03:32:02.0984 3652  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
03:32:02.0984 3652  usbvideo - ok
03:32:03.0016 3652  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
03:32:03.0031 3652  UxSms - ok
03:32:03.0094 3652  [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
03:32:03.0094 3652  VAIO Entertainment TV Device Arbitration Service - ok
03:32:03.0140 3652  [ 5DD4C8830AE7D5FF0E5B7C92EE943A47 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
03:32:03.0140 3652  VAIO Event Service - ok
03:32:03.0187 3652  [ B09E87175AD240A5B65112DD6573BCF8 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
03:32:03.0203 3652  VAIO Power Management - ok
03:32:03.0250 3652  [ 89E0EFDDA4287E0C9C4A61CD7E2A2232 ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
03:32:03.0265 3652  VCFw - ok
03:32:03.0312 3652  [ 2686B87EDC54ED215CE479AC9B7675DE ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
03:32:03.0312 3652  VcmIAlzMgr - ok
03:32:03.0374 3652  [ 24235BA03209B2BF183FCF073C3CEC41 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
03:32:03.0374 3652  VcmXmlIfHelper - ok
03:32:03.0390 3652  Vcsw - ok
03:32:03.0452 3652  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
03:32:03.0468 3652  vds - ok
03:32:03.0515 3652  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
03:32:03.0515 3652  vga - ok
03:32:03.0546 3652  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
03:32:03.0562 3652  VgaSave - ok
03:32:03.0593 3652  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
03:32:03.0655 3652  viaide - ok
03:32:03.0655 3652  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
03:32:03.0671 3652  volmgr - ok
03:32:03.0718 3652  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
03:32:03.0718 3652  volmgrx - ok
03:32:03.0764 3652  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
03:32:03.0764 3652  volsnap - ok
03:32:03.0811 3652  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
03:32:03.0811 3652  vsmraid - ok
03:32:03.0889 3652  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
03:32:03.0920 3652  VSS - ok
03:32:03.0983 3652  [ 0260E5F1790F90E8D7EC0588227AA42C ] VUAgent         C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
03:32:03.0998 3652  VUAgent - ok
03:32:04.0045 3652  [ 071634532066C2E29350D450C3412837 ] VzCdbSvc        C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
03:32:04.0045 3652  VzCdbSvc - ok
03:32:04.0076 3652  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
03:32:04.0092 3652  W32Time - ok
03:32:04.0154 3652  [ 1ED89751BBC0B2A050B6367A613C1C51 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
03:32:04.0170 3652  W3SVC - ok
03:32:04.0201 3652  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
03:32:04.0201 3652  WacomPen - ok
03:32:04.0264 3652  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
03:32:04.0264 3652  Wanarp - ok
03:32:04.0264 3652  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
03:32:04.0264 3652  Wanarpv6 - ok
03:32:04.0295 3652  [ 1ED89751BBC0B2A050B6367A613C1C51 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
03:32:04.0295 3652  WAS - ok
03:32:04.0342 3652  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
03:32:04.0357 3652  wcncsvc - ok
03:32:04.0388 3652  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:32:04.0388 3652  WcsPlugInService - ok
03:32:04.0451 3652  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
03:32:04.0451 3652  Wd - ok
03:32:04.0498 3652  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
03:32:04.0513 3652  Wdf01000 - ok
03:32:04.0529 3652  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
03:32:04.0544 3652  WdiServiceHost - ok
03:32:04.0544 3652  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
03:32:04.0560 3652  WdiSystemHost - ok
03:32:04.0576 3652  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
03:32:04.0576 3652  WebClient - ok
03:32:04.0622 3652  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
03:32:04.0638 3652  Wecsvc - ok
03:32:04.0669 3652  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
03:32:04.0669 3652  wercplsupport - ok
03:32:04.0685 3652  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
03:32:04.0685 3652  WerSvc - ok
03:32:04.0732 3652  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
03:32:04.0732 3652  WimFltr - ok
03:32:04.0747 3652  WinHttpAutoProxySvc - ok
03:32:04.0825 3652  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
03:32:04.0825 3652  Winmgmt - ok
03:32:04.0903 3652  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
03:32:04.0950 3652  WinRM - ok
03:32:05.0028 3652  [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
03:32:05.0028 3652  WinUSB - ok
03:32:05.0075 3652  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
03:32:05.0090 3652  Wlansvc - ok
03:32:05.0184 3652  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:32:05.0184 3652  wlcrasvc - ok
03:32:05.0262 3652  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:32:05.0293 3652  wlidsvc - ok
03:32:05.0340 3652  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
03:32:05.0340 3652  WmiAcpi - ok
03:32:05.0402 3652  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
03:32:05.0402 3652  wmiApSrv - ok
03:32:05.0434 3652  WMPNetworkSvc - ok
03:32:05.0527 3652  [ 58540037A4A3EEEEFA47C84100E1694F ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
03:32:05.0543 3652  WMZuneComm - ok
03:32:05.0590 3652  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
03:32:05.0605 3652  WPCSvc - ok
03:32:05.0652 3652  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
03:32:05.0668 3652  WPDBusEnum - ok
03:32:05.0730 3652  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
03:32:05.0730 3652  WpdUsb - ok
03:32:05.0855 3652  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:32:05.0886 3652  WPFFontCache_v0400 - ok
03:32:05.0933 3652  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
03:32:05.0933 3652  ws2ifsl - ok
03:32:05.0995 3652  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
03:32:05.0995 3652  WsAudio_DeviceS(1) - ok
03:32:06.0011 3652  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
03:32:06.0011 3652  WsAudio_DeviceS(2) - ok
03:32:06.0026 3652  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
03:32:06.0042 3652  WsAudio_DeviceS(3) - ok
03:32:06.0042 3652  WSearch - ok
03:32:06.0151 3652  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
03:32:06.0182 3652  wuauserv - ok
03:32:06.0214 3652  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
03:32:06.0214 3652  WudfPf - ok
03:32:06.0260 3652  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
03:32:06.0260 3652  WUDFRd - ok
03:32:06.0276 3652  [ 3DCC7BF5AFA921B479E622BD999121F3 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
03:32:06.0292 3652  wudfsvc - ok
03:32:06.0370 3652  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
03:32:06.0385 3652  YahooAUService - ok
03:32:06.0557 3652  [ D6EF205269C2A584AF6B56B9F95010F8 ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
03:32:06.0713 3652  ZuneNetworkSvc - ok
03:32:06.0760 3652  [ 7A565AFE58F3822A9E622868E5CC0E5C ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
03:32:06.0775 3652  ZuneWlanCfgSvc - ok
03:32:06.0791 3652  ================ Scan global ===============================
03:32:06.0806 3652  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
03:32:06.0869 3652  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
03:32:06.0916 3652  [ 4D7CDE615A0F534BD5E359951829554B ] C:\Windows\system32\consrv.dll
03:32:06.0947 3652  C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - infected
03:32:06.0947 3652  C:\Windows\system32\consrv.dll - detected Backdoor.Multi.ZAccess.genb (0)
03:32:07.0056 3652  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
03:32:07.0103 3652  ================ Scan MBR ==================================
03:32:07.0181 3652  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
03:32:07.0633 3652  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
03:32:07.0633 3652  \Device\Harddisk0\DR0 - detected TDSS File System (1)
03:32:07.0649 3652  ================ Scan VBR ==================================
03:32:07.0649 3652  [ 3CAB14A388419662498D27BCBCD8FABE ] \Device\Harddisk0\DR0\Partition1
03:32:07.0649 3652  \Device\Harddisk0\DR0\Partition1 - ok
03:32:07.0649 3652  ============================================================
03:32:07.0649 3652  Scan finished
03:32:07.0649 3652  ============================================================
03:32:07.0664 4504  Detected object count: 3
03:32:07.0664 4504  Actual detected object count: 3
03:32:17.0758 4504  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
03:32:17.0758 4504  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
03:32:17.0851 4504  C:\Windows\system32\consrv.dll - copied to quarantine
03:32:19.0427 4504  C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
03:32:19.0427 4504  C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
03:32:19.0442 4504  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems:Windows - will be cured on reboot
03:32:19.0442 4504  C:\Windows\system32\consrv.dll - will be deleted on reboot
03:32:19.0505 4504  C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
03:32:19.0505 4504  C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
03:32:19.0520 4504  C:\Windows\system32\consrv.dll ( Backdoor.Multi.ZAccess.genb ) - User select action: Delete
03:32:19.0520 4504  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
03:32:19.0520 4504  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
03:32:24.0575 2240  Deinitialize success
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 25 June 2013 - 02:22 PM

Lets see how it is after ESET,trt netsh then.

Also rerun TDSS and change the option on this to Cure or Delete

TDSS File System

Reboot.

be back in a couple hours.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 EvilDeeDlivE

EvilDeeDlivE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 05:44 PM

Alright! Was able to DL all the software, and ended up finding more than a few problems! Also, reran the netsh in cmd, and it worked this time. Here are the results of ESET:

 

C:\Users\All Users\Ask\APN-Stub\ORJ\APNToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\All Users\Ask\APN-Stub\ORJ\Local\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\All Users\Ask\APN-Stub\ORJ\Local\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\All Users\Ask\APN-Stub\ORJ\Local\APNToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\All Users\Microsoft\Windows\DRM\5150.tmp    Win64/Olmarik.AD trojan    
C:\Users\All Users\Microsoft\Windows\DRM\5150.tmp.dat    Win32/Olmarik.AYD trojan    
C:\Users\All Users\Microsoft\Windows\DRM\5151.tmp    Win64/Olmarik.AD trojan    
C:\Users\All Users\Microsoft\Windows\DRM\929.tmp    Win32/Olmarik.AYD trojan    
C:\Users\All Users\Microsoft\Windows\DRM\ncrypt.dll    Win32/Olmarik.AYD trojan    
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    
C:\Users\USER\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll    Win32/Adware.Gamevance.AI application    
C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\05h7wjcd.default-1204068385735\extensions\kyuafmlvck@kyuafmlvck.org.xpi    Win32/TrojanDownloader.Tracur.V trojan    
C:\Users\USER\Downloads\FlashPlayer_V.57669408b.exe    multiple threats    
C:\Users\USER\Downloads\Flash_Player_Pro_Setup.exe    a variant of Win32/Adware.iBryte.G application    
C:\Users\USER\Downloads\VLCMediaPlayerSetup-cDS6rDA.exe    a variant of Win32/Somoto.A application    
C:\Windows\System32\f3PSSavr.scr    Win32/Toolbar.MyWebSearch application    
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVSC5LY8\player[1].htm    HTML/ScrInject.B.Gen virus    
C:\Windows\SysWOW64\f3PSSavr.scr    Win32/Toolbar.MyWebSearch application    
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVSC5LY8\player[1].htm    HTML/ScrInject.B.Gen virus    
C:\Windows\Temp\jar_cache8485058327693572656.tmp    a variant of Java/TrojanDownloader.OpenStream.NCD trojan    
C:\Windows\Temp\lvvm.exe    a variant of Win32/Kryptik.AARB trojan    
C:\Windows\Temp\qqdhhh.exe    Win32/Cycbot.AK trojan    
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3EZSETP.DLL    a variant of Win32/FunWeb.AA application    cleaned by deleting - quarantined
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\Gamevance\gamevance32.exe    a variant of Win32/Adware.Gamevance.BB application    cleaned by deleting - quarantined
C:\Program Files (x86)\Gamevance\gamevancelib32.dll    a variant of Win32/Adware.Gamevance.AJ application    cleaned by deleting - quarantined
C:\Program Files (x86)\Internet Explorer\BFC6.tmp    Win32/PSW.Agent.NTM trojan    cleaned by deleting - quarantined
C:\Program Files (x86)\iWonEI\Installr\1.bin\jfEIPlug.dll    a variant of Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\iWonEI\Installr\1.bin\jfEZSETP.dll    a variant of Win32/Toolbar.MyWebSearch.Q application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3CJPEG.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3DTACTL.DLL    Win32/FunWeb application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HISTSW.DLL    Win32/FunWeb application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HKSTUB.DLL    Win32/Toolbar.MyWebSearch.G application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HTMLMU.DLL    Win32/Toolbar.MyWebSearch.B application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3HTTPCT.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3IMSTUB.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3POPSWT.DLL    Win32/FunWeb application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3PSSAVR.SCR    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REGHK.DLL    Win32/Toolbar.MyWebSearch.G application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3REPROX.DLL    Win32/Toolbar.MyWebSearch.D application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3RESTUB.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCHMON.EXE    Win32/FunWeb application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3SCRCTR.DLL    Win32/Toolbar.MyWebSearch.P application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\F3WPHOOK.DLL    Win32/FunWeb application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3AUXSTB.DLL    Win32/Toolbar.MyWebSearch.H application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3DLGHK.DLL    a variant of Win32/Toolbar.MyWebSearch.I application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3HTML.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IDLE.DLL    Win32/Toolbar.MyWebSearch.P application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3IMPIPE.EXE    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3MSG.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3OUTLCN.DLL    Win32/Toolbar.MyWebSearch.J application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3PLUGIN.DLL    a variant of Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SKIN.DLL    Win32/Toolbar.MyWebSearch.P application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SKPLAY.EXE    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SLSRCH.EXE    Win32/Toolbar.MyWebSearch.J application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3SRCHMN.EXE    Win32/Toolbar.MyWebSearch.I application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3TPINST.DLL    a variant of Win32/Toolbar.MyWebSearch.I application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\M3UNPAT.DLL    a variant of Win32/Toolbar.MyWebSearch.I application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSMLBTN.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEPLG.DLL    Win32/Toolbar.MyWebSearch.J application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSUABTN.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMYWEBS.DLL    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll    a variant of Win32/Adware.Yontoo.A application    cleaned by deleting - quarantined
C:\ProgramData\Ask\APN-Stub\ORJ\APNToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\ProgramData\Ask\APN-Stub\ORJ\Local\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\ProgramData\Ask\APN-Stub\ORJ\Local\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\ProgramData\Ask\APN-Stub\ORJ\Local\APNToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5150.tmp    Win64/Olmarik.AD trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5150.tmp.dat    Win32/Olmarik.AYD trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5151.tmp    Win64/Olmarik.AD trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\929.tmp    Win32/Olmarik.AYD trojan    cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\ncrypt.dll    Win32/Olmarik.AYD trojan    cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\mbr0000\tdlfs0000\tsk0000.dta    Win32/Olmarik.AYI trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\mbr0000\tdlfs0000\tsk0001.dta    Win64/Olmarik.AD trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\mbr0000\tdlfs0000\tsk0002.dta    Win32/Olmarik.AWO trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\mbr0000\tdlfs0000\tsk0003.dta    Win64/Olmarik.AC trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\mbr0000\tdlfs0000\tsk0007.dta    Win32/Olmarik.AWO trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\mbr0000\tdlfs0000\tsk0008.dta    Win64/Olmarik.X trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\mbr0000\tdlfs0000\tsk0013.dta    a variant of Win32/Olmarik.AYI trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\mbr0000\tdlfs0000\tsk0014.dta    Win64/Olmarik.BC trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\zasubsys0000\file0000\tsk0000.dta    Win64/Sirefef.G trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\zasubsys0000\zafs0000\tsk0000.dta    Win32/Sirefef.DN trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.03.2008_01.28.09\zasubsys0000\zafs0000\tsk0001.dta    Win64/Sirefef.G trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.03.2008_03.26.41\zasubsys0000\file0000\tsk0000.dta    Win64/Sirefef.G trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.03.2008_03.26.41\zasubsys0000\zafs0000\tsk0000.dta    Win32/Sirefef.DN trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.03.2008_03.26.41\zasubsys0000\zafs0000\tsk0001.dta    Win64/Sirefef.G trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Conduit\Windows Live\xjammjjqa.dll    Win32/TrojanDownloader.Tracur.V trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\51BF.tmp    Win32/Olmarik.AYD trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\DropDownDealsSetup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\fka0.7059198631314464.exe    a variant of Win32/Kryptik.ZHC trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\fka0.7319444347483214.exe    Win32/Sirefef.DQ trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\mos0.21981776011335674.exe    a variant of Win32/Kryptik.ZHC trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\msimg32.dll    Win32/Sirefef.DB trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\oiu0.0538744877287588.exe    a variant of Win32/Kryptik.YAP trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\oiu0.7274541757416088.exe    a variant of Win32/Kryptik.YZS trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\SetupDataMngr_Searchqu.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\YontooFFClient.xpi    Win32/Adware.Yontoo application    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\YontooIEClient.dll    a variant of Win32/Adware.Yontoo.A application    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\Temp\YontooLayers.crx    multiple threats    deleted - quarantined
C:\Users\USER\AppData\Local\Temp\xjammjjqa\xjammjjqa.dll    Win32/TrojanDownloader.Tracur.V trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\Local\WinRAR\kltnktwr.dll    Win32/Boaxxe.G trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\AskToolbar\setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(0004b8e2).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(00052d37).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(00064e7d).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(0006ec22).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(000721f1).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(000782e5).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(00151ffe).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(0016a0e0).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(0017a14d).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(00187187).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(002728a6).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(00448c96).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(0088315e).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(00f6255f).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(02615edd).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\MyWebSearch\bar\setups\My Web Search Installer(035f9406).exe    a variant of Win32/Toolbar.MyWebSearch.K application    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\66723e56-1bec7d29    a variant of Win32/Kryptik.BEEL trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-1494a8b4    a variant of Java/TrojanDownloader.Agent.NDJ trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\6ac925b7-49490107    Win32/PSW.Fareit.A trojan    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-3e276fa6    multiple threats    cleaned by deleting - quarantined
C:\Users\USER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2fbd9407-5e070150    multiple threats    cleaned by deleting - quarantined
 


Edited by EvilDeeDlivE, 25 June 2013 - 06:16 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 25 June 2013 - 06:21 PM

Now that looks real good.. Run one more quick tool...

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 EvilDeeDlivE

EvilDeeDlivE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 07:17 PM

Getting there! Runs a little faster, and I now have a non-hijacked homepage again :thumbsup:

 

Here are the results of JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by USER on Fri 03/21/2008 at  8:28:58.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\my web search bar search scope monitor
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-553915583-2180488337-3667644051-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\compete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\cpturlpassthru.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dca-api.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dca-bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cpturlpassthru.httpmonitor
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cpturlpassthru.httpmonitor.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dcabho.dca
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dcabho.dca.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.urlalertbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.toolbarplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.toolbarplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\queryexplorer
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000062385.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000062385.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000062385.Shopping
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000062385.Shopping.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCSB000062385.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCSB000062385.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCSB000062385.Shopping
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCSB000062385.Shopping.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1320680
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2418376
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2612669
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{e0215546-2e99-4e57-aabe-3e0ee1a4a558}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{627AF46B-2076-42AE-A2FD-8428734D3E74}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F92A9FE4-2850-4198-B9D5-279880E49B16}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"



~~~ Files

Successfully deleted: [File] "C:\Windows\syswow64\f3pssavr.scr"
Successfully deleted: [File] "C:\Users\USER\AppData\Local\Temp\searchqu.ini"
Successfully deleted: [File] "C:\Users\USER\AppData\Local\Temp\searchqutoolbar-manifest.xml"
Successfully deleted [File] C:\Windows\svchost.exe  [Check for TDL4 Rootkit!]



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\queryexplorer"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\USER\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\USER\appdata\local\free_ride_games"
Successfully deleted: [Folder] "C:\Users\USER\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\free_ride_games"
Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\imvu_inc"
Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\simppulltoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\free_ride_games"
Successfully deleted: [Folder] "C:\Program Files (x86)\funwebproducts"
Successfully deleted: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\imvu_inc"
Successfully deleted: [Folder] "C:\Program Files (x86)\mywebsearch"
Successfully deleted: [Folder] "C:\Program Files (x86)\queryexplorer"
Successfully deleted: [Folder] "C:\Program Files (x86)\search toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchqu toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo layers client"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\freecause"
Successfully deleted: [Empty Folder] C:\Users\USER\appdata\local\{41960C0D-885E-4925-BA86-6FF826DA8CBA}
Successfully deleted: [Empty Folder] C:\Users\USER\appdata\local\{706E2751-A928-441F-A80B-5BFEDD8B8844}
Successfully deleted: [Empty Folder] C:\Users\USER\appdata\local\{8350A32E-FC9C-45F4-9A5E-1DAAF7647660}
Successfully deleted: [Empty Folder] C:\Users\USER\appdata\local\{920035B7-1781-4B37-995E-C4DCD7B086B8}
Successfully deleted: [Empty Folder] C:\Users\USER\appdata\local\{FC2D6A8D-66E0-4B6C-8EE5-AE9339DB450E}
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\i0w7niur.default\user.js
Successfully deleted: [Folder] C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\i0w7niur.default\conduitcommon
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com
Successfully deleted the following from C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\i0w7niur.default\prefs.js

user_pref("CT1320680..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1320680..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT1320680.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT1320680.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT1320680.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1320680&SearchSource=13");
user_pref("CT1320680.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT1320680.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=2&q=");
user_pref("CT1320680.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT1320680.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT1320680.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1320680");
user_pref("CT1320680.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT1320680.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT1320680.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1320680.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT3196716.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"58°F\",\"temperatureClear\":\"58°F\",\"highTemperature\":\"59°F\",\"lowTemperature\":\"44
user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=");
user_pref("CT3196716.embeddedsData", "[{\"appId\":\"129755756826636815\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3196716.isPerformedSmartBarTransition", "true");
user_pref("CT3196716.search.searchAppId", "129755756826636815");
user_pref("CT3196716.search.searchCount", "2");
user_pref("CT3196716.smartbar.CTID", "CT3196716");
user_pref("CT3196716.smartbar.Uninstall", "0");
user_pref("CT3196716.smartbar.homepage", true);
user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1320680&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "A Free Ride Games Bar Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1320680/CT1320680", "\"1326723881\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/19248/18861/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1320680", "\"1280836704\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:1254\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:1278\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"023d3d3f2c9cc1:12ac\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1320680", "\"567c96be3ef640e157660940cadc2edb\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1320680&octid=CT1320680", "\"1323260428\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1320680/CT1320680", "\"1314126942\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"d8a0f069ed8cc2e4a591480305885535\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"634515953213470000\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\USER\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\i0w7niur.default\\conduitCommon\\modules\\3.9.0.3");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm2514PUS&ptb=m5HFqO5NBoXOW3m6XtzuBA&ind=2010100113&pt
user_pref("CommunityToolbar.ToolbarsList", "CT1320680");
user_pref("CommunityToolbar.ToolbarsList2", "CT1320680");
user_pref("CommunityToolbar.ToolbarsList4", "CT1320680");
user_pref("CommunityToolbar.globalUserId", "3687a232-53b7-46eb-bd03-248be5a89b55");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1320680");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jan 10 2012 15:52:10 GMT-0800 (Pacific Standard Time)");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jan 16 2012 23:44:36 GMT-0800 (Pacific Standard Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 16 2012 23:44:28 GMT-0800 (Pacific Standard Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "b8177e4b-dbdf-437d-8a2d-d9db0813d648");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm2514PUS&ptnrS=ZLxdm2514PUS&si=2121&ptb=m5HFqO5NBoXOW3m6XtzuB
user_pref("Smartbar.keywordURLSelectedCTID", "CT3196716");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.defaultthis.engineName", "A Free Ride Games Bar Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm2514PUS&ptb=m5HFqO5NBoXOW3m6XtzuBA&ind=2010100113&ptnrS=Z
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZLxdm2514PUS&ptnrS=ZLxdm2514PUS&si=2121&ptb=m5HFqO5NBoXOW3m6Xt
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://www.tepela.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=rJZoKlZH&q=");



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/21/2008 at  8:33:51.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 25 June 2013 - 07:42 PM

It looks so good we should run SAS and get the last of the junk off here.. Its takes an hour or two..
Make sure you have your passwords written down as it may take them off some sites and you will have to log back in..

SAS...How to use SUPERAntiSpyware to scan and remove malware from your computer


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 EvilDeeDlivE

EvilDeeDlivE
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 June 2013 - 09:39 PM

It removed almost 2000 issues! Is there anything else I need to do, O Wise One of the Interwebz? And do I need to uninstall any of the installed software I have used today (I almost don't want to; they seem to have helped quite a bit)!?

 

In any case, dude, you rock. You've been a huge help today!



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 26 June 2013 - 07:19 PM

Looks great!!, thanks for the kind words.
 
 Other than SAS and ESET nothing is installed more than a desktop icon and can be deleted.
 
You can remove ESET thru Control Panel /Uninstall.
 
Keep the download links as you need to download  a new copy of of MINI< ADWcleaner and TDSS for each use as that is how to get the latest version.
 
 
If there are no more issues..... Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users