Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help PuP.optional keeps coming back


  • Please log in to reply
23 replies to this topic

#1 On the Right

On the Right

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 26 August 2013 - 11:53 AM

MWB keeps picking up Pup.optional. various entries. a. Can't seem to get rid of this and cannot find much info on it online. Only thing I see is programs opening more slowly. Try to keep this puter fairly clean. Posting last 2 MWB logs:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.26.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: FAMILYROOM [administrator]

8/26/2013 9:55:00 AM
mbam-log-2013-08-26 (09-55-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 273326
Time elapsed: 31 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Family\Local Settings\temp\qPvbNVTT.exe.part (PUP.Optional.SpeedUpMyPC.A) -> Quarantined and deleted successfully.

(end)
 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: FAMILYROOM [administrator]

8/19/2013 9:45:29 PM
mbam-log-2013-08-19 (21-45-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 335421
Time elapsed: 4 hour(s), 13 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

After every instance I delete all system recovery file and set a new recovery point.


Edited by Orange Blossom, 26 August 2013 - 12:00 PM.
Moved to AII from Windows XP. ~ OB


BC AdBot (Login to Remove)

 


#2 filipo603

filipo603

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 26 August 2013 - 04:21 PM

I must to say you somthing:Viruses are always coming back!

May Computer Be With You! :luke: 

 

 

 


#3 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 26 August 2013 - 04:39 PM

GEEE Thanks for that valuable info...can some one here actually help?



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:29 AM

Posted 26 August 2013 - 07:19 PM

Yes that was handy..

Now Lets run these and see what's up.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.


Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • >>>
  • Last run ESET.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2013 - 05:54 AM

Mini Tool box log:

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Family (administrator) on 27-08-2013 at 06:40:04
Running from "C:\Documents and Settings\Family\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet  = Home Wireless (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Home Wireless"

set address name="Home Wireless" source=dhcp
set dns name="Home Wireless" source=dhcp register=PRIMARY
set wins name="Home Wireless" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : Familyroom

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Home Wireless:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet #2

        Physical Address. . . . . . . . . : 00-16-17-1B-53-11

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.0.0.8

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 10.0.0.1

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 10.0.0.1

        Lease Obtained. . . . . . . . . . : Monday, August 26, 2013 7:37:10 PM

        Lease Expires . . . . . . . . . . : Tuesday, August 27, 2013 7:37:10 PM

Server:  UnKnown
Address:  10.0.0.1

Name:    google.com
Addresses:  74.125.228.9, 74.125.228.14, 74.125.228.0, 74.125.228.1
      74.125.228.2, 74.125.228.3, 74.125.228.4, 74.125.228.5, 74.125.228.6
      74.125.228.7, 74.125.228.8



Pinging google.com [74.125.228.102] with 32 bytes of data:



Reply from 74.125.228.102: bytes=32 time=33ms TTL=54

Reply from 74.125.228.102: bytes=32 time=38ms TTL=54



Ping statistics for 74.125.228.102:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 33ms, Maximum = 38ms, Average = 35ms

Server:  UnKnown
Address:  10.0.0.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=94ms TTL=46

Reply from 206.190.36.45: bytes=32 time=95ms TTL=46



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 94ms, Maximum = 95ms, Average = 94ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 17 1b 53 11 ...... NVIDIA nForce 10/100 Mbps Ethernet #2 - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.8      20
         10.0.0.0    255.255.255.0         10.0.0.8        10.0.0.8      20
         10.0.0.8  255.255.255.255        127.0.0.1       127.0.0.1      20
   10.255.255.255  255.255.255.255         10.0.0.8        10.0.0.8      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0         10.0.0.8        10.0.0.8      20
        224.0.0.0        240.0.0.0         10.0.0.8        10.0.0.8      20
  255.255.255.255  255.255.255.255         10.0.0.8        10.0.0.8      1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/24/2013 06:05:18 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/30/2013 07:41:39 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.7680

Error: (07/30/2013 07:41:37 AM) (Source: MsiInstaller) (User: FAMILYROOM)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Family\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (07/30/2013 07:41:33 AM) (Source: MsiInstaller) (User: FAMILYROOM)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (07/29/2013 11:26:33 AM) (Source: MSSHA) (User: )
Description: The Windows Security Center service state changed to running. The Windows Security Center service state could not be initialized successfully.
Failure Code :0.

Error: (07/29/2013 10:19:19 AM) (Source: Application Hang) (User: )
Description: Hanging application soffice.bin, version 3.3.9556.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/29/2013 01:01:05 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.7680

Error: (07/29/2013 01:01:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (07/29/2013 01:01:01 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (07/27/2013 07:08:44 PM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.7680


System errors:
=============
Error: (08/27/2013 05:55:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/27/2013 04:55:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/27/2013 03:55:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/27/2013 02:55:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/27/2013 01:55:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/27/2013 00:55:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/26/2013 11:55:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/26/2013 10:55:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/26/2013 09:55:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (08/26/2013 08:55:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402


Microsoft Office Sessions:
=========================
Error: (08/24/2013 06:05:18 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe11.0.3.37hungapp0.0.0.000000000

Error: (07/30/2013 07:41:39 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.7680

Error: (07/30/2013 07:41:37 AM) (Source: MsiInstaller)(User: FAMILYROOM)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\DOCUME~1\Family\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (07/30/2013 07:41:33 AM) (Source: MsiInstaller)(User: FAMILYROOM)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (07/29/2013 11:26:33 AM) (Source: MSSHA)(User: )
Description: 0

Error: (07/29/2013 10:19:19 AM) (Source: Application Hang)(User: )
Description: soffice.bin3.3.9556.500hungapp0.0.0.000000000

Error: (07/29/2013 01:01:05 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.7680

Error: (07/29/2013 01:01:02 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (07/29/2013 01:01:01 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (07/27/2013 07:08:44 PM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.7680


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 3
Bonjour (Version: 2.0.5.0)
CCleaner (Version: 4.04)
CDDRV_Installer (Version: 4.60)
Coupon Printer for Windows (Version: 5.0.0.3)
DomaIQ
DVD Decoder Pak for Windows XP (Version: 1.0.0)
Epson CreativeZone
Epson Easy Photo Print 2 (Version: 2.2.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
EPSON NX420 Series Printer Uninstall
EPSON Scan
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.3 (Version: 3.3b)
iTunes (Version: 10.2.2.14)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
KhalInstallWrapper (Version: 2.00.0000)
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog Leapster Explorer Plugin (Version: 4.2.11.15696)
Logitech Registration (Version: 0.70.206)
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee AntiVirus Plus (Version: 11.6.511)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 en-GB) (Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center (Version: 0.91.000)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA nView Desktop Manager (Version: 6.14.10.13570)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenOffice.org 3.3 (Version: 3.3.9567)
Photo Viewer 2.4
PictureProject (Version: 1.0)
PictureProject In Touch Downloader 1.0 (Version: 1.0)
Quicken 2012 (Version: 21.1.7.18)
Quicken WillMaker Plus 2012 (Version: 1.0.0.0)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver
Shared C Run-time for x86 (Version: 10.0.0)
Soft Data Fax Modem with SmartCP
swMSM (Version: 12.0.0.1)
System Requirements Lab
U3Launcher (Version: 1.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 1151.36 MB
Available physical RAM: 680.62 MB
Total Pagefile: 2753.34 MB
Available Pagefile: 2144.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:116.41 GB) NTFS

========================= Users: ========================================

User accounts for \\FAMILYROOM

Administrator            ASPNET                   Family                   
Guest                    HelpAssistant            SUPPORT_388945a0         
UpdatusUser              


**** End of log ****
 



#6 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2013 - 05:55 AM

TDSSKiller Report

 

06:47:28.0767 0x0a88  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
06:47:30.0760 0x0a88  ============================================================
06:47:30.0760 0x0a88  Current date / time: 2013/08/27 06:47:30.0760
06:47:30.0760 0x0a88  SystemInfo:
06:47:30.0760 0x0a88  
06:47:30.0760 0x0a88  OS Version: 5.1.2600 ServicePack: 3.0
06:47:30.0760 0x0a88  Product type: Workstation
06:47:30.0770 0x0a88  ComputerName: FAMILYROOM
06:47:30.0770 0x0a88  UserName: Family
06:47:30.0770 0x0a88  Windows directory: C:\WINDOWS
06:47:30.0770 0x0a88  System windows directory: C:\WINDOWS
06:47:30.0770 0x0a88  Processor architecture: Intel x86
06:47:30.0770 0x0a88  Number of processors: 1
06:47:30.0770 0x0a88  Page size: 0x1000
06:47:30.0770 0x0a88  Boot type: Normal boot
06:47:30.0770 0x0a88  ============================================================
06:47:43.0017 0x0a88  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:47:43.0017 0x0a88  ============================================================
06:47:43.0017 0x0a88  \Device\Harddisk0\DR0:
06:47:43.0127 0x0a88  MBR partitions:
06:47:43.0127 0x0a88  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
06:47:43.0127 0x0a88  ============================================================
06:47:47.0754 0x0a88  C: <-> \Device\Harddisk0\DR0\Partition1
06:47:47.0754 0x0a88  ============================================================
06:47:47.0754 0x0a88  Initialize success
06:47:47.0754 0x0a88  ============================================================
06:48:10.0697 0x0c48  ============================================================
06:48:10.0697 0x0c48  Scan started
06:48:10.0697 0x0c48  Mode: Manual; TDLFS;
06:48:10.0697 0x0c48  ============================================================
06:48:11.0138 0x0c48  ================ Scan system memory ========================
06:48:11.0138 0x0c48  System memory - ok
06:48:11.0138 0x0c48  ================ Scan services =============================
06:48:11.0578 0x0c48  Abiosdsk - ok
06:48:11.0628 0x0c48  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:48:12.0540 0x0c48  abp480n5 - ok
06:48:12.0650 0x0c48  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:48:12.0740 0x0c48  ACPI - ok
06:48:12.0790 0x0c48  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
06:48:12.0800 0x0c48  ACPIEC - ok
06:48:12.0970 0x0c48  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:48:13.0060 0x0c48  AdobeFlashPlayerUpdateSvc - ok
06:48:13.0130 0x0c48  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:48:13.0381 0x0c48  adpu160m - ok
06:48:13.0451 0x0c48  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
06:48:13.0511 0x0c48  aec - ok
06:48:13.0621 0x0c48  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
06:48:13.0671 0x0c48  AFD - ok
06:48:13.0731 0x0c48  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
06:48:13.0811 0x0c48  agp440 - ok
06:48:13.0841 0x0c48  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:48:13.0871 0x0c48  agpCPQ - ok
06:48:13.0912 0x0c48  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:48:14.0082 0x0c48  Aha154x - ok
06:48:14.0132 0x0c48  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:48:14.0322 0x0c48  aic78u2 - ok
06:48:14.0382 0x0c48  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:48:14.0532 0x0c48  aic78xx - ok
06:48:14.0603 0x0c48  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
06:48:14.0603 0x0c48  Alerter - ok
06:48:14.0653 0x0c48  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
06:48:14.0673 0x0c48  ALG - ok
06:48:14.0703 0x0c48  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
06:48:14.0973 0x0c48  AliIde - ok
06:48:15.0023 0x0c48  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:48:15.0053 0x0c48  alim1541 - ok
06:48:15.0073 0x0c48  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:48:15.0103 0x0c48  amdagp - ok
06:48:15.0173 0x0c48  [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
06:48:15.0594 0x0c48  AmdPPM - ok
06:48:15.0644 0x0c48  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
06:48:15.0794 0x0c48  amsint - ok
06:48:15.0924 0x0c48  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:48:16.0155 0x0c48  Apple Mobile Device - ok
06:48:16.0175 0x0c48  AppMgmt - ok
06:48:16.0906 0x0c48  [ B24B2A1D5DBECCC294C713DA19D21881 ] AR9271          C:\WINDOWS\system32\DRIVERS\athuw.sys
06:48:17.0667 0x0c48  AR9271 - ok
06:48:17.0737 0x0c48  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
06:48:17.0887 0x0c48  asc - ok
06:48:17.0927 0x0c48  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:48:18.0348 0x0c48  asc3350p - ok
06:48:18.0598 0x0c48  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:48:18.0959 0x0c48  asc3550 - ok
06:48:21.0763 0x0c48  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
06:48:22.0013 0x0c48  aspnet_state - ok
06:48:22.0053 0x0c48  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:48:22.0063 0x0c48  AsyncMac - ok
06:48:22.0143 0x0c48  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
06:48:22.0143 0x0c48  atapi - ok
06:48:22.0153 0x0c48  Atdisk - ok
06:48:22.0203 0x0c48  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:48:22.0244 0x0c48  Atmarpc - ok
06:48:22.0294 0x0c48  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
06:48:22.0314 0x0c48  AudioSrv - ok
06:48:22.0364 0x0c48  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
06:48:22.0374 0x0c48  audstub - ok
06:48:22.0404 0x0c48  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
06:48:22.0414 0x0c48  Beep - ok
06:48:22.0614 0x0c48  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
06:48:22.0824 0x0c48  BITS - ok
06:48:23.0005 0x0c48  [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:48:23.0005 0x0c48  Bonjour Service - ok
06:48:23.0115 0x0c48  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
06:48:23.0145 0x0c48  Browser - ok
06:48:23.0255 0x0c48  catchme - ok
06:48:23.0285 0x0c48  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:48:23.0305 0x0c48  cbidf - ok
06:48:24.0407 0x0c48  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
06:48:24.0407 0x0c48  cbidf2k - ok
06:48:24.0417 0x0c48  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:48:24.0687 0x0c48  cd20xrnt - ok
06:48:24.0717 0x0c48  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
06:48:24.0737 0x0c48  Cdaudio - ok
06:48:24.0767 0x0c48  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
06:48:24.0767 0x0c48  Cdfs - ok
06:48:24.0847 0x0c48  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:48:24.0877 0x0c48  Cdrom - ok
06:48:24.0947 0x0c48  [ 25C323075C5EA4A2555E35355A01F793 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
06:48:25.0128 0x0c48  cfwids - ok
06:48:25.0148 0x0c48  Changer - ok
06:48:25.0198 0x0c48  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
06:48:25.0208 0x0c48  CiSvc - ok
06:48:25.0238 0x0c48  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
06:48:25.0258 0x0c48  ClipSrv - ok
06:48:25.0398 0x0c48  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:48:25.0709 0x0c48  clr_optimization_v2.0.50727_32 - ok
06:48:25.0799 0x0c48  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:48:26.0089 0x0c48  clr_optimization_v4.0.30319_32 - ok
06:48:26.0149 0x0c48  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:48:26.0239 0x0c48  CmdIde - ok
06:48:26.0249 0x0c48  COMSysApp - ok
06:48:26.0279 0x0c48  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:48:26.0299 0x0c48  Cpqarray - ok
06:48:26.0379 0x0c48  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
06:48:26.0400 0x0c48  CryptSvc - ok
06:48:26.0480 0x0c48  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:48:26.0570 0x0c48  dac2w2k - ok
06:48:26.0590 0x0c48  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:48:26.0800 0x0c48  dac960nt - ok
06:48:26.0990 0x0c48  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
06:48:27.0131 0x0c48  DcomLaunch - ok
06:48:27.0221 0x0c48  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
06:48:27.0231 0x0c48  Dhcp - ok
06:48:27.0371 0x0c48  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
06:48:27.0371 0x0c48  Disk - ok
06:48:27.0391 0x0c48  dmadmin - ok
06:48:28.0893 0x0c48  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
06:48:29.0204 0x0c48  dmboot - ok
06:48:29.0294 0x0c48  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
06:48:29.0364 0x0c48  dmio - ok
06:48:29.0414 0x0c48  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
06:48:29.0464 0x0c48  dmload - ok
06:48:29.0504 0x0c48  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
06:48:29.0524 0x0c48  dmserver - ok
06:48:29.0564 0x0c48  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
06:48:29.0594 0x0c48  DMusic - ok
06:48:29.0694 0x0c48  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
06:48:29.0704 0x0c48  Dnscache - ok
06:48:29.0814 0x0c48  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
06:48:29.0885 0x0c48  Dot3svc - ok
06:48:30.0816 0x0c48  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:48:30.0846 0x0c48  dpti2o - ok
06:48:30.0896 0x0c48  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
06:48:30.0896 0x0c48  drmkaud - ok
06:48:30.0966 0x0c48  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
06:48:30.0986 0x0c48  EapHost - ok
06:48:31.0036 0x0c48  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
06:48:31.0056 0x0c48  ERSvc - ok
06:48:31.0146 0x0c48  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
06:48:31.0176 0x0c48  Eventlog - ok
06:48:31.0327 0x0c48  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
06:48:31.0417 0x0c48  EventSystem - ok
06:48:31.0497 0x0c48  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
06:48:31.0657 0x0c48  Fastfat - ok
06:48:31.0877 0x0c48  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
06:48:31.0947 0x0c48  FastUserSwitchingCompatibility - ok
06:48:32.0959 0x0c48  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
06:48:32.0989 0x0c48  Fdc - ok
06:48:33.0029 0x0c48  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
06:48:33.0049 0x0c48  Fips - ok
06:48:33.0089 0x0c48  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:48:33.0109 0x0c48  Flpydisk - ok
06:48:33.0189 0x0c48  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
06:48:33.0219 0x0c48  FltMgr - ok
06:48:33.0319 0x0c48  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:48:33.0410 0x0c48  FontCache3.0.0.0 - ok
06:48:33.0450 0x0c48  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:48:33.0460 0x0c48  Fs_Rec - ok
06:48:33.0530 0x0c48  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:48:33.0550 0x0c48  Ftdisk - ok
06:48:33.0600 0x0c48  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:48:33.0940 0x0c48  GEARAspiWDM - ok
06:48:34.0000 0x0c48  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:48:34.0020 0x0c48  Gpc - ok
06:48:34.0121 0x0c48  [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
06:48:34.0181 0x0c48  HdAudAddService - ok
06:48:34.0271 0x0c48  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:48:34.0321 0x0c48  HDAudBus - ok
06:48:34.0431 0x0c48  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:48:34.0461 0x0c48  helpsvc - ok
06:48:34.0481 0x0c48  HidServ - ok
06:48:36.0494 0x0c48  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:48:36.0514 0x0c48  HidUsb - ok
06:48:36.0574 0x0c48  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
06:48:36.0614 0x0c48  hkmsvc - ok
06:48:36.0664 0x0c48  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
06:48:36.0885 0x0c48  hpn - ok
06:48:37.0355 0x0c48  [ B6B0721A86E51D141EC55C3CC1CA5686 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
06:48:37.0606 0x0c48  HSFHWBS2 - ok
06:48:38.0076 0x0c48  [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
06:48:38.0737 0x0c48  HSF_DPV - ok
06:48:38.0887 0x0c48  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
06:48:38.0988 0x0c48  HTTP - ok
06:48:39.0038 0x0c48  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
06:48:39.0078 0x0c48  HTTPFilter - ok
06:48:39.0969 0x0c48  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
06:48:39.0989 0x0c48  i2omgmt - ok
06:48:40.0029 0x0c48  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:48:40.0039 0x0c48  i2omp - ok
06:48:40.0099 0x0c48  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:48:40.0129 0x0c48  i8042prt - ok
06:48:40.0580 0x0c48  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:48:41.0271 0x0c48  idsvc - ok
06:48:41.0321 0x0c48  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
06:48:41.0351 0x0c48  Imapi - ok
06:48:41.0481 0x0c48  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
06:48:41.0561 0x0c48  ImapiService - ok
06:48:41.0621 0x0c48  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:48:42.0332 0x0c48  ini910u - ok
06:48:44.0255 0x0c48  [ A30685283F90AE02F1CD50972C6065E3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:48:46.0108 0x0c48  IntcAzAudAddService - ok
06:48:46.0138 0x0c48  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
06:48:46.0148 0x0c48  IntelIde - ok
06:48:47.0099 0x0c48  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
06:48:47.0129 0x0c48  Ip6Fw - ok
06:48:47.0179 0x0c48  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:48:47.0199 0x0c48  IpFilterDriver - ok
06:48:47.0229 0x0c48  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:48:47.0290 0x0c48  IpInIp - ok
06:48:47.0390 0x0c48  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:48:47.0450 0x0c48  IpNat - ok
06:48:48.0191 0x0c48  [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
06:48:48.0672 0x0c48  iPod Service - ok
06:48:48.0822 0x0c48  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:48:48.0872 0x0c48  IPSec - ok
06:48:48.0922 0x0c48  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
06:48:48.0922 0x0c48  IRENUM - ok
06:48:48.0962 0x0c48  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:48:48.0972 0x0c48  isapnp - ok
06:48:49.0202 0x0c48  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
06:48:49.0423 0x0c48  JavaQuickStarterService - ok
06:48:49.0473 0x0c48  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:48:49.0483 0x0c48  Kbdclass - ok
06:48:49.0593 0x0c48  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
06:48:49.0663 0x0c48  kmixer - ok
06:48:49.0783 0x0c48  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
06:48:49.0813 0x0c48  KSecDD - ok
06:48:49.0853 0x0c48  [ 0C6E346CDE730CF1356DD69AD6E9BC42 ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
06:48:50.0124 0x0c48  L8042Kbd - ok
06:48:50.0204 0x0c48  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
06:48:50.0244 0x0c48  lanmanserver - ok
06:48:50.0324 0x0c48  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
06:48:50.0374 0x0c48  lanmanworkstation - ok
06:48:50.0394 0x0c48  lbrtfdc - ok
06:48:50.0494 0x0c48  [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ         C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
06:48:50.0775 0x0c48  LBTServ - ok
06:48:53.0769 0x0c48  [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
06:48:57.0985 0x0c48  LeapFrog Connect Device Service - ok
06:48:58.0325 0x0c48  [ 5CFFDA921FE0C9E9EBDE3150D3C81594 ] Leapfrog-USBLAN C:\WINDOWS\system32\DRIVERS\btblan.sys
06:48:58.0696 0x0c48  Leapfrog-USBLAN - ok
06:48:58.0796 0x0c48  [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
06:48:58.0966 0x0c48  LHidFilt - ok
06:48:59.0036 0x0c48  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
06:48:59.0066 0x0c48  LmHosts - ok
06:48:59.0127 0x0c48  [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
06:48:59.0297 0x0c48  LMouFilt - ok
06:48:59.0327 0x0c48  [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt        C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
06:48:59.0547 0x0c48  LUsbFilt - ok
06:48:59.0707 0x0c48  [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
06:49:00.0018 0x0c48  mcmscsvc - ok
06:49:00.0098 0x0c48  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
06:49:00.0098 0x0c48  McNaiAnn - ok
06:49:00.0178 0x0c48  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
06:49:00.0178 0x0c48  McNASvc - ok
06:49:00.0368 0x0c48  [ E352CC1723B3B69A7BB1E81DBC9D9D78 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
06:49:00.0468 0x0c48  McODS - ok
06:49:00.0589 0x0c48  [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy         C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
06:49:00.0599 0x0c48  McProxy - ok
06:49:00.0799 0x0c48  [ 6FE0532CB16300C09D098F808EAAEE9D ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
06:49:01.0079 0x0c48  McShield - ok
06:49:01.0139 0x0c48  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:49:01.0470 0x0c48  mdmxsdk - ok
06:49:01.0520 0x0c48  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
06:49:01.0540 0x0c48  Messenger - ok
06:49:01.0670 0x0c48  [ 6708AD7D9ABDD6FDE1EB9B54FFE426B0 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
06:49:01.0961 0x0c48  mfeapfk - ok
06:49:02.0081 0x0c48  [ 375DE90B68533D9D0D7766D4CCB4CA32 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
06:49:02.0331 0x0c48  mfeavfk - ok
06:49:02.0351 0x0c48  mfeavfk01 - ok
06:49:02.0411 0x0c48  [ 5ED806D4DF27AC11236BD9AD2CC10B7E ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
06:49:02.0632 0x0c48  mfebopk - ok
06:49:02.0742 0x0c48  [ 1A427BB508ACBEE09A88F08D1CA38E2F ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
06:49:02.0952 0x0c48  mfefire - ok
06:49:03.0122 0x0c48  [ 16BF9475BFCFAA420A8CB29E40284457 ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
06:49:03.0403 0x0c48  mfefirek - ok
06:49:03.0703 0x0c48  [ 875452ECDF4AEBE12B8C2EFD8599A36F ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
06:49:03.0954 0x0c48  mfehidk - ok
06:49:04.0024 0x0c48  [ 3004E3FE086E76D7D6DFB9A851ED6F10 ] mfendisk        C:\WINDOWS\system32\DRIVERS\mfendisk.sys
06:49:04.0214 0x0c48  mfendisk - ok
06:49:04.0264 0x0c48  [ 3004E3FE086E76D7D6DFB9A851ED6F10 ] mfendiskmp      C:\WINDOWS\system32\DRIVERS\mfendisk.sys
06:49:04.0264 0x0c48  mfendiskmp - ok
06:49:04.0354 0x0c48  [ D669ACBE7672819109706C3CFF6BD1DB ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
06:49:04.0564 0x0c48  mferkdet - ok
06:49:04.0645 0x0c48  [ 1328C929A2F801BB93DBDFCDC25E0E7A ] mfetdi2k        C:\WINDOWS\system32\drivers\mfetdi2k.sys
06:49:04.0965 0x0c48  mfetdi2k - ok
06:49:05.0075 0x0c48  [ D66A1A16166897A5F7D04961F582F03B ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
06:49:05.0245 0x0c48  mfevtp - ok
06:49:05.0295 0x0c48  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
06:49:05.0305 0x0c48  mnmdd - ok
06:49:05.0536 0x0c48  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
06:49:05.0566 0x0c48  mnmsrvc - ok
06:49:05.0616 0x0c48  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
06:49:05.0626 0x0c48  Modem - ok
06:49:05.0706 0x0c48  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:49:05.0766 0x0c48  Mouclass - ok
06:49:05.0826 0x0c48  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:49:05.0846 0x0c48  mouhid - ok
06:49:05.0896 0x0c48  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
06:49:05.0896 0x0c48  MountMgr - ok
06:49:05.0946 0x0c48  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:49:06.0117 0x0c48  mraid35x - ok
06:49:06.0207 0x0c48  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:49:06.0277 0x0c48  MRxDAV - ok
06:49:06.0487 0x0c48  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:49:06.0647 0x0c48  MRxSmb - ok
06:49:06.0697 0x0c48  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
06:49:06.0717 0x0c48  MSDTC - ok
06:49:07.0008 0x0c48  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
06:49:07.0008 0x0c48  Msfs - ok
06:49:07.0028 0x0c48  MSIServer - ok
06:49:07.0058 0x0c48  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:49:07.0088 0x0c48  MSKSSRV - ok
06:49:07.0108 0x0c48  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:49:07.0128 0x0c48  MSPCLOCK - ok
06:49:07.0158 0x0c48  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
06:49:07.0168 0x0c48  MSPQM - ok
06:49:07.0218 0x0c48  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:49:07.0228 0x0c48  mssmbios - ok
06:49:07.0308 0x0c48  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
06:49:07.0328 0x0c48  Mup - ok
06:49:07.0378 0x0c48  [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
06:49:07.0529 0x0c48  mxnic - ok
06:49:07.0679 0x0c48  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
06:49:07.0909 0x0c48  napagent - ok
06:49:08.0019 0x0c48  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
06:49:08.0059 0x0c48  NDIS - ok
06:49:08.0109 0x0c48  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:49:08.0109 0x0c48  NdisTapi - ok
06:49:08.0140 0x0c48  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:49:08.0150 0x0c48  Ndisuio - ok
06:49:08.0200 0x0c48  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:49:08.0240 0x0c48  NdisWan - ok
06:49:08.0300 0x0c48  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
06:49:08.0320 0x0c48  NDProxy - ok
06:49:08.0360 0x0c48  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
06:49:08.0360 0x0c48  NetBIOS - ok
06:49:08.0470 0x0c48  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
06:49:08.0540 0x0c48  NetBT - ok
06:49:08.0620 0x0c48  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
06:49:08.0660 0x0c48  NetDDE - ok
06:49:08.0710 0x0c48  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
06:49:08.0710 0x0c48  NetDDEdsdm - ok
06:49:08.0760 0x0c48  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
06:49:08.0760 0x0c48  Netlogon - ok
06:49:08.0871 0x0c48  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
06:49:08.0881 0x0c48  Netman - ok
06:49:09.0011 0x0c48  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
06:49:09.0311 0x0c48  NetTcpPortSharing - ok
06:49:09.0421 0x0c48  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
06:49:09.0512 0x0c48  Nla - ok
06:49:09.0552 0x0c48  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
06:49:09.0552 0x0c48  Npfs - ok
06:49:09.0812 0x0c48  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
06:49:10.0072 0x0c48  Ntfs - ok
06:49:10.0112 0x0c48  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
06:49:10.0112 0x0c48  NtLmSsp - ok
06:49:10.0313 0x0c48  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
06:49:10.0473 0x0c48  NtmsSvc - ok
06:49:11.0835 0x0c48  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
06:49:11.0945 0x0c48  Null - ok
06:49:17.0393 0x0c48  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:49:25.0545 0x0c48  nv - ok
06:49:34.0217 0x0c48  [ 11D1AD7E946538E02F9EF6A6E1792061 ] nvata           C:\WINDOWS\system32\DRIVERS\nvata.sys
06:49:34.0237 0x0c48  nvata - ok
06:49:37.0612 0x0c48  [ C61927D27B75ED56723F2508F1A6B1BE ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
06:49:38.0453 0x0c48  NVENETFD - ok
06:49:38.0493 0x0c48  [ C529B614EF88BE0F62B886C67B516550 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
06:49:38.0874 0x0c48  nvnetbus - ok
06:49:38.0974 0x0c48  [ 5150B108EA88831E1C599603D8B89621 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
06:49:39.0475 0x0c48  NVSvc - ok
06:49:40.0065 0x0c48  [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
06:49:41.0067 0x0c48  nvUpdatusService - ok
06:49:41.0107 0x0c48  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:49:41.0117 0x0c48  NwlnkFlt - ok
06:49:41.0147 0x0c48  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:49:41.0167 0x0c48  NwlnkFwd - ok
06:49:41.0207 0x0c48  [ C90018BAFDC7098619A4A95B046B30F3 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
06:49:41.0227 0x0c48  P3 - ok
06:49:41.0277 0x0c48  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
06:49:41.0317 0x0c48  Parport - ok
06:49:41.0528 0x0c48  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
06:49:41.0528 0x0c48  PartMgr - ok
06:49:41.0578 0x0c48  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
06:49:41.0588 0x0c48  ParVdm - ok
06:49:41.0618 0x0c48  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
06:49:41.0628 0x0c48  PCI - ok
06:49:41.0638 0x0c48  PCIDump - ok
06:49:41.0658 0x0c48  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
06:49:41.0658 0x0c48  PCIIde - ok
06:49:41.0728 0x0c48  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
06:49:41.0818 0x0c48  Pcmcia - ok
06:49:41.0828 0x0c48  PDCOMP - ok
06:49:41.0848 0x0c48  PDFRAME - ok
06:49:41.0858 0x0c48  PDRELI - ok
06:49:41.0878 0x0c48  PDRFRAME - ok
06:49:41.0928 0x0c48  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
06:49:42.0118 0x0c48  perc2 - ok
06:49:42.0148 0x0c48  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:49:42.0158 0x0c48  perc2hib - ok
06:49:42.0239 0x0c48  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
06:49:42.0249 0x0c48  PlugPlay - ok
06:49:42.0269 0x0c48  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
06:49:42.0269 0x0c48  PolicyAgent - ok
06:49:42.0339 0x0c48  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:49:42.0519 0x0c48  PptpMiniport - ok
06:49:42.0569 0x0c48  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
06:49:42.0589 0x0c48  Processor - ok
06:49:42.0609 0x0c48  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
06:49:42.0609 0x0c48  ProtectedStorage - ok
06:49:42.0649 0x0c48  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
06:49:42.0689 0x0c48  PSched - ok
06:49:42.0739 0x0c48  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:49:42.0749 0x0c48  Ptilink - ok
06:49:42.0819 0x0c48  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:49:42.0849 0x0c48  ql1080 - ok
06:49:42.0879 0x0c48  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:49:42.0910 0x0c48  Ql10wnt - ok
06:49:42.0940 0x0c48  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:49:42.0970 0x0c48  ql12160 - ok
06:49:43.0020 0x0c48  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:49:43.0040 0x0c48  ql1240 - ok
06:49:43.0070 0x0c48  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:49:43.0100 0x0c48  ql1280 - ok
06:49:43.0140 0x0c48  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:49:43.0150 0x0c48  RasAcd - ok
06:49:43.0220 0x0c48  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
06:49:43.0260 0x0c48  RasAuto - ok
06:49:43.0320 0x0c48  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:49:43.0340 0x0c48  Rasl2tp - ok
06:49:43.0450 0x0c48  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
06:49:43.0570 0x0c48  RasMan - ok
06:49:43.0601 0x0c48  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:49:43.0631 0x0c48  RasPppoe - ok
06:49:43.0681 0x0c48  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
06:49:43.0691 0x0c48  Raspti - ok
06:49:43.0771 0x0c48  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:49:43.0861 0x0c48  Rdbss - ok
06:49:43.0921 0x0c48  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:49:43.0931 0x0c48  RDPCDD - ok
06:49:44.0031 0x0c48  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:49:44.0111 0x0c48  rdpdr - ok
06:49:44.0211 0x0c48  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
06:49:44.0261 0x0c48  RDPWD - ok
06:49:44.0362 0x0c48  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
06:49:44.0422 0x0c48  RDSessMgr - ok
06:49:44.0592 0x0c48  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
06:49:44.0622 0x0c48  redbook - ok
06:49:44.0682 0x0c48  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
06:49:44.0712 0x0c48  RemoteAccess - ok
06:49:44.0752 0x0c48  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
06:49:44.0782 0x0c48  RpcLocator - ok
06:49:45.0003 0x0c48  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
06:49:45.0003 0x0c48  RpcSs - ok
06:49:45.0093 0x0c48  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
06:49:45.0143 0x0c48  RSVP - ok
06:49:45.0173 0x0c48  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
06:49:45.0183 0x0c48  SamSs - ok
06:49:45.0263 0x0c48  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
06:49:45.0303 0x0c48  SCardSvr - ok
06:49:45.0413 0x0c48  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
06:49:45.0593 0x0c48  Schedule - ok
06:49:45.0643 0x0c48  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:49:45.0663 0x0c48  Secdrv - ok
06:49:45.0714 0x0c48  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
06:49:45.0724 0x0c48  seclogon - ok
06:49:45.0764 0x0c48  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
06:49:45.0784 0x0c48  SENS - ok
06:49:45.0834 0x0c48  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
06:49:45.0844 0x0c48  serenum - ok
06:49:45.0924 0x0c48  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
06:49:45.0994 0x0c48  Serial - ok
06:49:46.0054 0x0c48  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
06:49:46.0074 0x0c48  Sfloppy - ok
06:49:46.0234 0x0c48  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
06:49:46.0375 0x0c48  SharedAccess - ok
06:49:52.0864 0x0c48  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
06:49:52.0864 0x0c48  ShellHWDetection - ok
06:49:52.0884 0x0c48  Simbad - ok
06:49:52.0944 0x0c48  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:49:52.0964 0x0c48  sisagp - ok
06:49:53.0034 0x0c48  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:49:53.0054 0x0c48  Sparrow - ok
06:49:53.0094 0x0c48  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
06:49:53.0134 0x0c48  splitter - ok
06:49:53.0194 0x0c48  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
06:49:53.0214 0x0c48  Spooler - ok
06:49:53.0264 0x0c48  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
06:49:53.0314 0x0c48  sr - ok
06:49:53.0425 0x0c48  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
06:49:53.0495 0x0c48  srservice - ok
06:49:53.0765 0x0c48  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
06:49:53.0875 0x0c48  Srv - ok
06:49:53.0925 0x0c48  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
06:49:53.0965 0x0c48  SSDPSRV - ok
06:49:54.0005 0x0c48  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
06:49:54.0186 0x0c48  StillCam - ok
06:49:54.0396 0x0c48  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
06:49:54.0636 0x0c48  stisvc - ok
06:49:54.0686 0x0c48  [ 13CBFE7E0FCEC33B0B79ACF9D0ABFD2A ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
06:49:54.0997 0x0c48  SWDUMon - ok
06:49:55.0047 0x0c48  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
06:49:55.0057 0x0c48  swenum - ok
06:49:55.0097 0x0c48  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
06:49:55.0127 0x0c48  swmidi - ok
06:49:55.0147 0x0c48  SwPrv - ok
06:49:55.0207 0x0c48  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
06:49:55.0377 0x0c48  symc810 - ok
06:49:55.0428 0x0c48  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:49:55.0758 0x0c48  symc8xx - ok
06:49:55.0798 0x0c48  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:49:55.0838 0x0c48  sym_hi - ok
06:49:55.0858 0x0c48  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:49:56.0068 0x0c48  sym_u3 - ok
06:49:56.0129 0x0c48  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
06:49:56.0149 0x0c48  sysaudio - ok
06:49:56.0229 0x0c48  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
06:49:56.0269 0x0c48  SysmonLog - ok
06:49:56.0419 0x0c48  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
06:49:56.0639 0x0c48  TapiSrv - ok
06:49:56.0820 0x0c48  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:49:56.0950 0x0c48  Tcpip - ok
06:49:56.0990 0x0c48  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
06:49:57.0000 0x0c48  TDPIPE - ok
06:49:57.0030 0x0c48  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
06:49:57.0040 0x0c48  TDTCP - ok
06:49:57.0090 0x0c48  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
06:49:57.0110 0x0c48  TermDD - ok
06:49:57.0270 0x0c48  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
06:49:57.0380 0x0c48  TermService - ok
06:49:57.0460 0x0c48  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
06:49:57.0460 0x0c48  Themes - ok
06:49:57.0511 0x0c48  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
06:49:57.0531 0x0c48  TosIde - ok
06:49:57.0671 0x0c48  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
06:49:57.0711 0x0c48  TrkWks - ok
06:49:57.0761 0x0c48  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
06:49:57.0791 0x0c48  Udfs - ok
06:49:57.0821 0x0c48  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
06:49:58.0031 0x0c48  ultra - ok
06:49:58.0382 0x0c48  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
06:49:58.0742 0x0c48  Update - ok
06:50:00.0094 0x0c48  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
06:50:00.0164 0x0c48  upnphost - ok
06:50:04.0180 0x0c48  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
06:50:04.0220 0x0c48  UPS - ok
06:50:04.0280 0x0c48  [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
06:50:04.0711 0x0c48  USBAAPL - ok
06:50:04.0771 0x0c48  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:50:04.0781 0x0c48  usbccgp - ok
06:50:04.0811 0x0c48  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:50:04.0831 0x0c48  usbehci - ok
06:50:04.0911 0x0c48  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:50:04.0941 0x0c48  usbhub - ok
06:50:04.0971 0x0c48  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
06:50:05.0021 0x0c48  usbohci - ok
06:50:05.0071 0x0c48  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:50:05.0091 0x0c48  usbprint - ok
06:50:05.0141 0x0c48  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:50:05.0162 0x0c48  usbscan - ok
06:50:05.0212 0x0c48  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:50:05.0232 0x0c48  USBSTOR - ok
06:50:05.0492 0x0c48  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:50:05.0502 0x0c48  usbuhci - ok
06:50:05.0552 0x0c48  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
06:50:05.0662 0x0c48  VgaSave - ok
06:50:05.0732 0x0c48  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:50:05.0752 0x0c48  viaagp - ok
06:50:05.0772 0x0c48  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
06:50:05.0782 0x0c48  ViaIde - ok
06:50:05.0853 0x0c48  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
06:50:05.0853 0x0c48  VolSnap - ok
06:50:06.0013 0x0c48  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
06:50:06.0193 0x0c48  VSS - ok
06:50:06.0273 0x0c48  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
06:50:06.0353 0x0c48  W32Time - ok
06:50:06.0393 0x0c48  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:50:06.0413 0x0c48  Wanarp - ok
06:50:06.0754 0x0c48  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
06:50:07.0164 0x0c48  Wdf01000 - ok
06:50:07.0174 0x0c48  WDICA - ok
06:50:07.0235 0x0c48  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
06:50:07.0265 0x0c48  wdmaud - ok
06:50:07.0345 0x0c48  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
06:50:07.0375 0x0c48  WebClient - ok
06:50:07.0715 0x0c48  [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
06:50:08.0206 0x0c48  winachsf - ok
06:50:08.0356 0x0c48  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
06:50:08.0416 0x0c48  winmgmt - ok
06:50:09.0047 0x0c48  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
06:50:09.0758 0x0c48  WinRM - ok
06:50:09.0838 0x0c48  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
06:50:09.0858 0x0c48  WmdmPmSN - ok
06:50:12.0803 0x0c48  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:50:12.0873 0x0c48  WmiApSrv - ok
06:50:13.0313 0x0c48  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
06:50:13.0784 0x0c48  WMPNetworkSvc - ok
06:50:14.0154 0x0c48  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:50:14.0485 0x0c48  WPFFontCache_v0400 - ok
06:50:14.0535 0x0c48  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:50:14.0545 0x0c48  WS2IFSL - ok
06:50:14.0956 0x0c48  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
06:50:14.0996 0x0c48  wscsvc - ok
06:50:15.0016 0x0c48  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
06:50:15.0046 0x0c48  wuauserv - ok
06:50:15.0216 0x0c48  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:50:15.0246 0x0c48  WudfPf - ok
06:50:15.0306 0x0c48  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:50:15.0346 0x0c48  WudfRd - ok
06:50:15.0396 0x0c48  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
06:50:15.0466 0x0c48  WudfSvc - ok
06:50:15.0767 0x0c48  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
06:50:15.0777 0x0c48  WZCSVC - ok
06:50:15.0857 0x0c48  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
06:50:15.0907 0x0c48  xmlprov - ok
06:50:15.0947 0x0c48  ================ Scan global ===============================
06:50:15.0987 0x0c48  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
06:50:16.0187 0x0c48  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
06:50:16.0408 0x0c48  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
06:50:16.0508 0x0c48  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
06:50:16.0508 0x0c48  [Global] - ok
06:50:16.0508 0x0c48  ================ Scan MBR ==================================
06:50:16.0538 0x0c48  [ E9B468D3DCCBC07254F1F04D03465DF2 ] \Device\Harddisk0\DR0
06:50:17.0019 0x0c48  \Device\Harddisk0\DR0 - ok
06:50:17.0029 0x0c48  ================ Scan VBR ==================================
06:50:17.0039 0x0c48  [ 5C5602BBF18DE7A3D41F5BA1B04717A4 ] \Device\Harddisk0\DR0\Partition1
06:50:17.0039 0x0c48  \Device\Harddisk0\DR0\Partition1 - ok
06:50:17.0049 0x0c48  ============================================================
06:50:17.0049 0x0c48  Scan finished
06:50:17.0049 0x0c48  ============================================================
06:50:17.0059 0x069c  Detected object count: 0
06:50:17.0059 0x069c  Actual detected object count: 0
 



#7 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2013 - 06:08 AM

AdwCleaner Log:

 

# AdwCleaner v3.001 - Report created 27/08/2013 at 06:56:36
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Family - FAMILYROOM
# Running from : C:\Documents and Settings\Family\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\alotserviceruntime.log
File Found : C:\END
Folder Found C:\Documents and Settings\Administrator\Application Data\DriverCure
Folder Found C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
Folder Found C:\Documents and Settings\Family\Application Data\DefaultTab
Folder Found C:\Documents and Settings\Family\Application Data\digitalsite
Folder Found C:\Documents and Settings\Family\Application Data\DriverCure
Folder Found C:\Documents and Settings\Family\Application Data\DSite
Folder Found C:\Documents and Settings\Family\Application Data\file scout
Folder Found C:\Documents and Settings\Family\Application Data\PerformerSoft
Folder Found C:\Documents and Settings\Family\Application Data\SearchProtect
Folder Found C:\Documents and Settings\Family\Application Data\SpeedMaxPc
Folder Found C:\Documents and Settings\Family\Application Data\SwvUpdater
Folder Found C:\Documents and Settings\Family\IECompatCache
Folder Found C:\Documents and Settings\Family\Local Settings\Application Data\Coupon Companion
Folder Found C:\Program Files\Coupon Companion
Folder Found C:\Program Files\DomaIQ Uninstaller
Folder Found C:\Program Files\file scout

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\SpeedMaxPC
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DomaIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKLM\Software\SpeedMaxPC
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\xanh4hh0.default-1377022366434\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i265hjgz.default\prefs.js ]

Line Found : user_pref("extensions.crossrider.bic", "13d6a83816140627ac4ac4f314d4f684");
Line Found : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1363291636);
Line Found : user_pref("extensions.crossriderapp4493.4493.active", true);
Line Found : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Line Found : user_pref("extensions.crossriderapp4493.4493.backgroundver", 43);
Line Found : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1363291636");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1363291636");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Tue Aug 27 2013 08:19:50 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1377002444");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221372100176%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_delay.value", "24");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_disclosure.value", "1371561620");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_list.expiration", "Tue Aug 20 2013 14:20:24 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A%2[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221362694016%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1363291670134");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22157271%22");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1363291646419");
Line Found : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Line Found : user_pref("extensions.crossriderapp4493.4493.domain", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "94");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Tue Aug 20 2013 14:19:50 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"couponcp-a.akamaihd.net\"[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Line Found : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 6);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(B){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 16);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(B){console.log(B)},factor:1[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 39);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 3);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 8);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 9);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 4);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 4);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(B){this.queue.push(B);}};appAPI.ready=function(c,B){a.when.apply(nul[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 4);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 3);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 4);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 3);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 2);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not supp[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 3);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 3);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.name", "omniCommands");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.ver", 2);
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Found : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4493/plugins/091/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 70);
Line Found : user_pref("extensions.crossriderapp4493.4493.publisher", "Innovative Apps");
Line Found : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Line Found : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp4493.4493.ver", 94);
Line Found : user_pref("extensions.crossriderapp4493.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp4493.apps", "4493");
Line Found : user_pref("extensions.crossriderapp4493.bic", "13d6a83816140627ac4ac4f314d4f684");
Line Found : user_pref("extensions.crossriderapp4493.cid", 4493);
Line Found : user_pref("extensions.crossriderapp4493.firstrun", false);
Line Found : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp4493.installationdate", 1363291636);
Line Found : user_pref("extensions.crossriderapp4493.lastcheck", 22950020);
Line Found : user_pref("extensions.crossriderapp4493.lastcheckitem", 22950041);
Line Found : user_pref("extensions.crossriderapp4493.modetype", "production");
Line Found : user_pref("extensions.crossriderapp4493.reportInstall", true);
Line Found : user_pref("extensions.crossriderapp4493.statsDailyCounter", 7);
Line Found : user_pref("extensions.enabledAddons", "crossriderapp4493%40crossrider.com:0.91.91,%7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:15.1.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]

*************************

AdwCleaner[R0].txt - [20828 octets] - [27/08/2013 06:56:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20889 octets] ##########
 



#8 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2013 - 06:48 AM

In case you pop in running ESET now.....been @ 43% for a while but is running been 27 mins so far

NOTE: I DID NOT run any removal process on Adwcleaner as i did not see that you instructed to do so.

Thanks will  post ESET when done


Edited by On the Right, 27 August 2013 - 06:52 AM.


#9 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2013 - 09:43 AM

ESET Result:

 

C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe    probably a variant of MSIL/DomaIQ.A application    cleaned by deleting - quarantined



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:29 AM

Posted 27 August 2013 - 11:14 AM

Ok, Yes correct we'll clean now as it looks like a hit.
 
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2013 - 12:19 PM

# AdwCleaner v3.001 - Report created 27/08/2013 at 13:10:21
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Family - FAMILYROOM
# Running from : C:\Documents and Settings\Family\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
Folder Deleted : C:\Program Files\Coupon Companion
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Documents and Settings\Family\IECompatCache
Folder Deleted : C:\Documents and Settings\Family\Local Settings\Application Data\Coupon Companion
Folder Deleted : C:\Documents and Settings\Family\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Family\Application Data\digitalsite
Folder Deleted : C:\Documents and Settings\Family\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Family\Application Data\DSite
Folder Deleted : C:\Documents and Settings\Family\Application Data\file scout
Folder Deleted : C:\Documents and Settings\Family\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\Family\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Family\Application Data\SpeedMaxPc
Folder Deleted : C:\Documents and Settings\Family\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DriverCure
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\xanh4hh0.default-1377022366434\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i265hjgz.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "13d6a83816140627ac4ac4f314d4f684");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1363291636);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 43);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1363291636");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1363291636");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Tue Aug 27 2013 08:19:50 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1377002444");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221372100176%22");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_delay.value", "24");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_disclosure.value", "1371561620");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_list.expiration", "Tue Aug 20 2013 14:20:24 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A%2[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221362694016%22");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1363291670134");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22157271%22");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1363291646419");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "94");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Tue Aug 20 2013 14:19:50 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"couponcp-a.akamaihd.net\"[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function( B){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 16);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function( B){console.log( B)},factor:1[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 39);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 8);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function( B){this.queue.push( B);}};appAPI.ready=function(c, B){a.when.apply(nul[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not supp[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4493/plugins/091/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 70);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 94);
Line Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Line Deleted : user_pref("extensions.crossriderapp4493.bic", "13d6a83816140627ac4ac4f314d4f684");
Line Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Line Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1363291636);
Line Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22950020);
Line Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22950041);
Line Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp4493.statsDailyCounter", 7);
Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp4493%40crossrider.com:0.91.91,%7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:15.1.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...]

*************************

AdwCleaner[R0].txt - [20970 octets] - [27/08/2013 06:56:36]
AdwCleaner[R1].txt - [21031 octets] - [27/08/2013 13:07:43]
AdwCleaner[S0].txt - [21351 octets] - [27/08/2013 13:10:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21412 octets] ##########

 

 

 

Ok done with that....how bad is it?
 


Edited by On the Right, 27 August 2013 - 12:23 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:29 AM

Posted 27 August 2013 - 12:52 PM

That looks like it got it all. Reboot the machine. How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2013 - 01:24 PM

Seems better some programs a little slow, reset firefox to original setting, Thungerbird, Open Office still slow, other than that seems much better. Now couple of questions:

1.What can I do not to get this again? had it 4 times. Is PuP.optional xxxxxxx.a new trojan?

2.Should I uninstall programs we used?

3. Would you advise running CCleaner after doing all this?

 

Thanks Boopme you've ben great many Kudos

 

oh did u see my message about a guest being on this thread for a long time?

 

rick


Edited by On the Right, 27 August 2013 - 01:24 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:29 AM

Posted 27 August 2013 - 07:47 PM

Ok, this is good. run these 2 quick ones and then you can remove.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
You can use CCLeaner to do tis if you want. I do not recommend using it's Reg Cleaning side.

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
I would say the next time you install an App. use the Advanced install and not the recommended.
Many times you will see they want to install other items along with the App. Such as toolbars.

Avoid reg cleaners and boosters, if you start to get slow post here and clean it out.
Run tools like ADWCleaner,ccleaner's Temp file cleaner every 2 -4 weeks. Depending on how much yu do on the Web.

One step after this/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 On the Right

On the Right
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2013 - 08:50 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Family on Tue 08/27/2013 at 21:39:24.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1738888420-2581391909-1829914128-1006\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287804
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3291325
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298570
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5476EBDD-B4C7-4CC3-B9E9-2D0E0C647A03}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BBAA74F8-4690-4813-88FB-FD59FAC8DD61}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\Family\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Family\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Family\Application Data\mozilla\firefox\profiles\5wct3iio.default-1377627328737\searchplugins\conduit.xml
Successfully deleted the following from C:\Documents and Settings\Family\Application Data\mozilla\firefox\profiles\5wct3iio.default-1377627328737\prefs.js

user_pref("CT3291325.smartbar.homepage", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=61&CUI=UN29344544131199810&UM=2&UP=SPF7A987D2-86C3-48C4-94E5
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultthis.engineName", "KeyBar 1.12 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&CUI=UN29344544131199810&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=61&CUI=UN29344544131199810&UM=2&UP=SPF7A987D2-86C3-48C4-94E5-254B
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN29344544131199810&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3291325");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3291325&CUI=UN29344544131199810&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3291325&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN29344544131199810&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3291325");
user_pref("smartbar.homePageOwnerCTID", "CT3291325");
user_pref("smartbar.machineId", "B2VHB5FEJ7VHS/WHD9MODUJPYQMWZL2FPO+CHDFHNG1F1EXQIODFKSKF5MTEM0NQVWXHESRFHZV8PURGNW6RWA");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/27/2013 at 21:43:39.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users