Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Bundled.Toolbar.Ask.B application


  • Please log in to reply
17 replies to this topic

#1 angelfire4xx

angelfire4xx

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:United Kingdom
  • Local time:09:40 AM

Posted 27 January 2014 - 08:59 PM

Hi, I'd appreciate help with removal. I've had problems shutting down my PC, connecting to wifi and opening pdf files. I ran a MBAM Pro quick scan which found PUP.optional.OpenCandy. Removed this then I did some googling and decided to download and run an eset scan following instructions I found on this forum. It found Win32/Bundled.Toolbar.Ask.B application in two places and Win32/Bundled.Toolbar.Google.D application. I did not allow eset to remove these. I have saved the log.

 

I don't know how to get rid of these threats, am very worried and would appreciate your help.

Thanks



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 27 January 2014 - 09:45 PM

Hello, I moved you to the Am I Infected forum.

Did you run the Online scan?

You can allow ESET to remove it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 angelfire4xx

angelfire4xx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:United Kingdom
  • Local time:09:40 AM

Posted 28 January 2014 - 10:59 AM

Hi Boopme, I ran the ESET online scan again and allowed the 3 infected files to be deleted but a new one was flagged up as an infection, this was a Ccleaner setup file which I downloaded last night. (I have not run it yet.) Does deleting the infected files actually get rid of the virus or just files that the virus has infected?



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 28 January 2014 - 11:47 AM

It actually kills the virus.

Let's run these, they are not long, just to be sure.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 angelfire4xx

angelfire4xx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:United Kingdom
  • Local time:09:40 AM

Posted 28 January 2014 - 08:08 PM

Hi Boopme, finally got it done. JRT first time stalled halfway through. After 5 hours running I thought it must have stalled, so I ran it again but had to reboot a couple of times first as PC was unresponsive. Here are the 3 results

 

17:49:44.0109 0x1414  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
17:49:52.0437 0x1414  ============================================================
17:49:52.0437 0x1414  Current date / time: 2014/01/28 17:49:52.0437
17:49:52.0437 0x1414  SystemInfo:
17:49:52.0437 0x1414  
17:49:52.0437 0x1414  OS Version: 5.1.2600 ServicePack: 3.0
17:49:52.0437 0x1414  Product type: Workstation
17:49:52.0437 0x1414  ComputerName: GRACE-E72544E1D
17:49:52.0437 0x1414  UserName: Linda
17:49:52.0437 0x1414  Windows directory: C:\WINDOWS
17:49:52.0437 0x1414  System windows directory: C:\WINDOWS
17:49:52.0437 0x1414  Processor architecture: Intel x86
17:49:52.0437 0x1414  Number of processors: 2
17:49:52.0437 0x1414  Page size: 0x1000
17:49:52.0437 0x1414  Boot type: Normal boot
17:49:52.0437 0x1414  ============================================================
17:49:55.0234 0x1414  KLMD registered as C:\WINDOWS\system32\drivers\56872143.sys
17:49:55.0687 0x1414  System UUID: {493CE7EC-B7C8-6776-2133-B569A5773785}
17:49:57.0000 0x1414  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:49:57.0031 0x1414  ============================================================
17:49:57.0031 0x1414  \Device\Harddisk0\DR0:
17:49:57.0031 0x1414  MBR partitions:
17:49:57.0031 0x1414  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A351C35
17:49:57.0046 0x1414  ============================================================
17:49:57.0078 0x1414  C: <-> \Device\Harddisk0\DR0\Partition1
17:49:57.0078 0x1414  ============================================================
17:49:57.0078 0x1414  Initialize success
17:49:57.0078 0x1414  ============================================================
17:50:08.0937 0x159c  ============================================================
17:50:08.0937 0x159c  Scan started
17:50:08.0937 0x159c  Mode: Manual;
17:50:08.0937 0x159c  ============================================================
17:50:08.0937 0x159c  KSN ping started
17:50:11.0375 0x159c  KSN ping finished: true
17:50:12.0125 0x159c  ================ Scan system memory ========================
17:50:12.0125 0x159c  System memory - ok
17:50:12.0125 0x159c  ================ Scan services =============================
17:50:12.0203 0x159c  Abiosdsk - ok
17:50:12.0218 0x159c  abp480n5 - ok
17:50:12.0265 0x159c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:50:12.0281 0x159c  ACPI - ok
17:50:12.0437 0x159c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:50:12.0437 0x159c  ACPIEC - ok
17:50:12.0515 0x159c  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:50:12.0515 0x159c  AdobeFlashPlayerUpdateSvc - ok
17:50:12.0531 0x159c  adpu160m - ok
17:50:12.0578 0x159c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:50:12.0578 0x159c  aec - ok
17:50:12.0625 0x159c  [ 30BB1BDE595CA65FD5549462080D94E5, 04BAFCC9445F82A2CAA9852F1B35ECBD18CDD6333E73F6861704E96D740A7C79 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:50:12.0625 0x159c  AegisP - ok
17:50:12.0671 0x159c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:50:12.0671 0x159c  AFD - ok
17:50:12.0671 0x159c  Aha154x - ok
17:50:12.0687 0x159c  aic78u2 - ok
17:50:12.0703 0x159c  aic78xx - ok
17:50:12.0734 0x159c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:50:12.0734 0x159c  Alerter - ok
17:50:12.0750 0x159c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
17:50:12.0750 0x159c  ALG - ok
17:50:12.0765 0x159c  AliIde - ok
17:50:12.0859 0x159c  [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
17:50:12.0906 0x159c  Ambfilt - ok
17:50:12.0921 0x159c  amsint - ok
17:50:12.0921 0x159c  AppMgmt - ok
17:50:12.0968 0x159c  [ 5AF581BB431FB7A952216AD01795EF4E, E01D2DA82FE6C28996AE2C19362F3FCFCD1D06EEEA8D5C7C3CCAD7DE9AE0593B ] AR5523          C:\WINDOWS\system32\DRIVERS\ar5523.sys
17:50:12.0984 0x159c  AR5523 - ok
17:50:12.0984 0x159c  asc - ok
17:50:13.0000 0x159c  asc3350p - ok
17:50:13.0000 0x159c  asc3550 - ok
17:50:13.0093 0x159c  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:50:13.0093 0x159c  aspnet_state - ok
17:50:13.0125 0x159c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:50:13.0125 0x159c  AsyncMac - ok
17:50:13.0156 0x159c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:50:13.0156 0x159c  atapi - ok
17:50:13.0203 0x159c  [ CBA10ED5A5981FE6122B6E7460DF939B, 54FB778B036A97B88184FF789C9FF9773DFAB921BC8BCD8D024F49CA8590D388 ] AtcL002         C:\WINDOWS\system32\DRIVERS\l251x86.sys
17:50:13.0203 0x159c  AtcL002 - ok
17:50:13.0203 0x159c  Atdisk - ok
17:50:13.0234 0x159c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:50:13.0234 0x159c  Atmarpc - ok
17:50:13.0281 0x159c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:50:13.0281 0x159c  AudioSrv - ok
17:50:13.0312 0x159c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:50:13.0312 0x159c  audstub - ok
17:50:13.0375 0x159c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:50:13.0375 0x159c  Beep - ok
17:50:13.0437 0x159c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\System32\qmgr.dll
17:50:13.0453 0x159c  BITS - ok
17:50:13.0484 0x159c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
17:50:13.0531 0x159c  Browser - ok
17:50:13.0578 0x159c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:50:13.0578 0x159c  cbidf2k - ok
17:50:13.0578 0x159c  cd20xrnt - ok
17:50:13.0593 0x159c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:50:13.0593 0x159c  Cdaudio - ok
17:50:13.0625 0x159c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:50:13.0625 0x159c  Cdfs - ok
17:50:13.0656 0x159c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:50:13.0656 0x159c  Cdrom - ok
17:50:13.0656 0x159c  Changer - ok
17:50:13.0703 0x159c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:50:13.0703 0x159c  CiSvc - ok
17:50:13.0703 0x159c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:50:13.0703 0x159c  ClipSrv - ok
17:50:13.0750 0x159c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:50:13.0750 0x159c  clr_optimization_v2.0.50727_32 - ok
17:50:13.0828 0x159c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:50:13.0828 0x159c  clr_optimization_v4.0.30319_32 - ok
17:50:13.0843 0x159c  CmdIde - ok
17:50:13.0843 0x159c  COMSysApp - ok
17:50:13.0875 0x159c  Cpqarray - ok
17:50:13.0921 0x159c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:50:13.0921 0x159c  CryptSvc - ok
17:50:13.0921 0x159c  dac2w2k - ok
17:50:13.0937 0x159c  dac960nt - ok
17:50:14.0031 0x159c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:50:14.0046 0x159c  DcomLaunch - ok
17:50:14.0093 0x159c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:50:14.0109 0x159c  Dhcp - ok
17:50:14.0125 0x159c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:50:14.0125 0x159c  Disk - ok
17:50:14.0125 0x159c  dmadmin - ok
17:50:14.0218 0x159c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:50:14.0250 0x159c  dmboot - ok
17:50:14.0281 0x159c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:50:14.0281 0x159c  dmio - ok
17:50:14.0312 0x159c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:50:14.0312 0x159c  dmload - ok
17:50:14.0343 0x159c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:50:14.0390 0x159c  dmserver - ok
17:50:14.0453 0x159c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:50:14.0453 0x159c  DMusic - ok
17:50:14.0500 0x159c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:50:14.0515 0x159c  Dnscache - ok
17:50:14.0546 0x159c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:50:14.0546 0x159c  Dot3svc - ok
17:50:14.0593 0x159c  [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:50:14.0593 0x159c  dot4 - ok
17:50:14.0609 0x159c  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
17:50:14.0625 0x159c  Dot4Print - ok
17:50:14.0625 0x159c  [ 6EC3AF6BB5B30E488A0C559921F012E1, 2BB92048A3FB4AEE6B852B9E2F2B2743A8EB73FEBD62273FDB40EF5C90CD5962 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
17:50:14.0625 0x159c  dot4usb - ok
17:50:14.0640 0x159c  dpti2o - ok
17:50:14.0656 0x159c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:50:14.0656 0x159c  drmkaud - ok
17:50:14.0703 0x159c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:50:14.0703 0x159c  EapHost - ok
17:50:14.0734 0x159c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:50:14.0734 0x159c  ERSvc - ok
17:50:14.0750 0x159c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
17:50:14.0750 0x159c  Eventlog - ok
17:50:14.0781 0x159c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
17:50:14.0796 0x159c  EventSystem - ok
17:50:14.0828 0x159c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:50:14.0843 0x159c  Fastfat - ok
17:50:14.0875 0x159c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:50:14.0890 0x159c  FastUserSwitchingCompatibility - ok
17:50:14.0906 0x159c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:50:14.0906 0x159c  Fdc - ok
17:50:14.0906 0x159c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:50:14.0921 0x159c  Fips - ok
17:50:14.0921 0x159c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:50:14.0921 0x159c  Flpydisk - ok
17:50:14.0953 0x159c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:50:14.0953 0x159c  FltMgr - ok
17:50:15.0031 0x159c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:50:15.0031 0x159c  FontCache3.0.0.0 - ok
17:50:15.0031 0x159c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:50:15.0031 0x159c  Fs_Rec - ok
17:50:15.0046 0x159c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:50:15.0046 0x159c  Ftdisk - ok
17:50:15.0078 0x159c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:50:15.0078 0x159c  Gpc - ok
17:50:15.0187 0x159c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:15.0187 0x159c  gupdate - ok
17:50:15.0203 0x159c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:15.0203 0x159c  gupdatem - ok
17:50:15.0281 0x159c  [ 4236E014632F4163F53EBB717F41594C, 0C29E1A6C036EC81E50D66503BCA4081706245E06EED5C4A92B13C23FDECB6DB ] HCF_MSFT        C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
17:50:15.0312 0x159c  HCF_MSFT - ok
17:50:15.0328 0x159c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:50:15.0328 0x159c  HDAudBus - ok
17:50:15.0484 0x159c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:50:15.0484 0x159c  helpsvc - ok
17:50:15.0531 0x159c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:50:15.0531 0x159c  HidServ - ok
17:50:15.0578 0x159c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:50:15.0578 0x159c  hidusb - ok
17:50:15.0609 0x159c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:50:15.0609 0x159c  hkmsvc - ok
17:50:15.0625 0x159c  hpn - ok
17:50:15.0687 0x159c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:50:15.0703 0x159c  HTTP - ok
17:50:15.0718 0x159c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:50:15.0734 0x159c  HTTPFilter - ok
17:50:15.0750 0x159c  [ 53F1160666435151B6FCF89D015FE620, C0EC02C879E3C2C32EB2724C9DFCD369A048492D9861CC7840A03D85B022E341 ] hwdatacard      C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
17:50:15.0750 0x159c  hwdatacard - ok
17:50:15.0765 0x159c  i2omgmt - ok
17:50:15.0765 0x159c  i2omp - ok
17:50:15.0812 0x159c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:50:15.0812 0x159c  i8042prt - ok
17:50:16.0125 0x159c  [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:50:16.0312 0x159c  ialm - ok
17:50:16.0421 0x159c  [ AF26267F1FFE1A4E06FA8DA172DEC65C, F013A3296CA0B0314E254E1BF9B31EA4B0865B9261F1D44F19D629058F9376EC ] IDriveE Service C:\Program Files\IDrive\IDriveE Service.exe
17:50:16.0421 0x159c  IDriveE Service - ok
17:50:16.0609 0x159c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:50:16.0656 0x159c  idsvc - ok
17:50:16.0687 0x159c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:50:16.0687 0x159c  Imapi - ok
17:50:16.0750 0x159c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:50:16.0750 0x159c  ImapiService - ok
17:50:16.0765 0x159c  ini910u - ok
17:50:17.0046 0x159c  [ BC18E3C3CCFF1704678C057B1D032A4B, 7C6C0E4343C20003643E427A23198159670F2B413941AEF800F14546DA776C20 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:50:17.0218 0x159c  IntcAzAudAddService - ok
17:50:17.0250 0x159c  IntelIde - ok
17:50:17.0296 0x159c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:50:17.0296 0x159c  intelppm - ok
17:50:17.0312 0x159c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:50:17.0312 0x159c  Ip6Fw - ok
17:50:17.0359 0x159c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:50:17.0359 0x159c  IpFilterDriver - ok
17:50:17.0390 0x159c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:50:17.0390 0x159c  IpInIp - ok
17:50:17.0453 0x159c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:50:17.0453 0x159c  IpNat - ok
17:50:17.0515 0x159c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:50:17.0515 0x159c  IPSec - ok
17:50:17.0531 0x159c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:50:17.0531 0x159c  IRENUM - ok
17:50:17.0562 0x159c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:50:17.0562 0x159c  isapnp - ok
17:50:17.0578 0x159c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:50:17.0593 0x159c  Kbdclass - ok
17:50:17.0593 0x159c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:50:17.0593 0x159c  kbdhid - ok
17:50:17.0625 0x159c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:50:17.0625 0x159c  kmixer - ok
17:50:17.0656 0x159c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:50:17.0656 0x159c  KSecDD - ok
17:50:17.0687 0x159c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:50:17.0687 0x159c  lanmanserver - ok
17:50:17.0734 0x159c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:50:17.0734 0x159c  lanmanworkstation - ok
17:50:17.0734 0x159c  lbrtfdc - ok
17:50:17.0796 0x159c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:50:17.0796 0x159c  LmHosts - ok
17:50:17.0812 0x159c  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
17:50:17.0828 0x159c  MBAMProtector - ok
17:50:17.0906 0x159c  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:50:17.0921 0x159c  MBAMScheduler - ok
17:50:17.0968 0x159c  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:50:17.0984 0x159c  MBAMService - ok
17:50:18.0015 0x159c  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:50:18.0015 0x159c  MBAMSwissArmy - ok
17:50:18.0031 0x159c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:50:18.0046 0x159c  Messenger - ok
17:50:18.0078 0x159c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:50:18.0078 0x159c  mnmdd - ok
17:50:18.0109 0x159c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:50:18.0109 0x159c  mnmsrvc - ok
17:50:18.0156 0x159c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:50:18.0156 0x159c  Modem - ok
17:50:18.0250 0x159c  [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
17:50:18.0281 0x159c  Monfilt - ok
17:50:18.0312 0x159c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:50:18.0312 0x159c  Mouclass - ok
17:50:18.0375 0x159c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:50:18.0375 0x159c  mouhid - ok
17:50:18.0406 0x159c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:50:18.0406 0x159c  MountMgr - ok
17:50:18.0515 0x159c  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:50:18.0562 0x159c  MozillaMaintenance - ok
17:50:18.0609 0x159c  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:50:18.0609 0x159c  MpFilter - ok
17:50:18.0734 0x159c  [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl9268a9ab   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FCEDF358-CC3E-43D2-9BA2-53B8CCFEEF32}\MpKsl9268a9ab.sys
17:50:18.0734 0x159c  MpKsl9268a9ab - ok
17:50:18.0750 0x159c  mraid35x - ok
17:50:18.0765 0x159c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:50:18.0765 0x159c  MRxDAV - ok
17:50:18.0812 0x159c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:50:18.0828 0x159c  MRxSmb - ok
17:50:18.0859 0x159c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:50:18.0859 0x159c  MSDTC - ok
17:50:18.0875 0x159c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:50:18.0875 0x159c  Msfs - ok
17:50:18.0890 0x159c  MSIServer - ok
17:50:18.0921 0x159c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:50:18.0937 0x159c  MSKSSRV - ok
17:50:18.0953 0x159c  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:50:18.0953 0x159c  MsMpSvc - ok
17:50:19.0000 0x159c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:50:19.0000 0x159c  MSPCLOCK - ok
17:50:19.0015 0x159c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:50:19.0015 0x159c  MSPQM - ok
17:50:19.0062 0x159c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:50:19.0062 0x159c  mssmbios - ok
17:50:19.0078 0x159c  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:50:19.0078 0x159c  MTsensor - ok
17:50:19.0093 0x159c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:50:19.0109 0x159c  Mup - ok
17:50:19.0140 0x159c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:50:19.0140 0x159c  napagent - ok
17:50:19.0187 0x159c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:50:19.0187 0x159c  NDIS - ok
17:50:19.0234 0x159c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:50:19.0234 0x159c  NdisTapi - ok
17:50:19.0250 0x159c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:50:19.0250 0x159c  Ndisuio - ok
17:50:19.0265 0x159c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:50:19.0265 0x159c  NdisWan - ok
17:50:19.0296 0x159c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:50:19.0296 0x159c  NDProxy - ok
17:50:19.0312 0x159c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:50:19.0312 0x159c  NetBIOS - ok
17:50:19.0359 0x159c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:50:19.0359 0x159c  NetBT - ok
17:50:19.0468 0x159c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:50:19.0468 0x159c  NetDDE - ok
17:50:19.0484 0x159c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:50:19.0484 0x159c  NetDDEdsdm - ok
17:50:19.0515 0x159c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:50:19.0515 0x159c  Netlogon - ok
17:50:19.0609 0x159c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
17:50:19.0609 0x159c  Netman - ok
17:50:19.0671 0x159c  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:50:19.0671 0x159c  NetTcpPortSharing - ok
17:50:19.0718 0x159c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:50:19.0734 0x159c  Nla - ok
17:50:19.0734 0x159c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:50:19.0750 0x159c  Npfs - ok
17:50:19.0796 0x159c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:50:19.0812 0x159c  Ntfs - ok
17:50:19.0812 0x159c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:50:19.0828 0x159c  NtLmSsp - ok
17:50:19.0890 0x159c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:50:19.0906 0x159c  NtmsSvc - ok
17:50:19.0937 0x159c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:50:19.0937 0x159c  Null - ok
17:50:19.0968 0x159c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:50:19.0968 0x159c  NwlnkFlt - ok
17:50:19.0984 0x159c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:50:19.0984 0x159c  NwlnkFwd - ok
17:50:20.0062 0x159c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:50:20.0062 0x159c  ose - ok
17:50:20.0093 0x159c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:50:20.0109 0x159c  Parport - ok
17:50:20.0125 0x159c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:50:20.0125 0x159c  PartMgr - ok
17:50:20.0156 0x159c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:50:20.0156 0x159c  ParVdm - ok
17:50:20.0171 0x159c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:50:20.0171 0x159c  PCI - ok
17:50:20.0187 0x159c  PCIDump - ok
17:50:20.0203 0x159c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:50:20.0203 0x159c  PCIIde - ok
17:50:20.0234 0x159c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:50:20.0250 0x159c  Pcmcia - ok
17:50:20.0250 0x159c  PDCOMP - ok
17:50:20.0265 0x159c  PDFRAME - ok
17:50:20.0265 0x159c  PDRELI - ok
17:50:20.0281 0x159c  PDRFRAME - ok
17:50:20.0296 0x159c  perc2 - ok
17:50:20.0296 0x159c  perc2hib - ok
17:50:20.0375 0x159c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
17:50:20.0375 0x159c  PlugPlay - ok
17:50:20.0421 0x159c  [ 364E30F27BE1E6DED83E81C4DE93E808, 4C66D8B0654E87306291249CC95876F930AC490C77365B0A7FBACD1D6376A514 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:50:20.0468 0x159c  Pml Driver HPZ12 - ok
17:50:20.0484 0x159c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:50:20.0484 0x159c  PolicyAgent - ok
17:50:20.0531 0x159c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:50:20.0531 0x159c  PptpMiniport - ok
17:50:20.0531 0x159c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:50:20.0531 0x159c  ProtectedStorage - ok
17:50:20.0546 0x159c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:50:20.0546 0x159c  PSched - ok
17:50:20.0562 0x159c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:50:20.0562 0x159c  Ptilink - ok
17:50:20.0562 0x159c  ql1080 - ok
17:50:20.0578 0x159c  Ql10wnt - ok
17:50:20.0578 0x159c  ql12160 - ok
17:50:20.0593 0x159c  ql1240 - ok
17:50:20.0609 0x159c  ql1280 - ok
17:50:20.0625 0x159c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:50:20.0656 0x159c  RasAcd - ok
17:50:20.0703 0x159c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:50:20.0703 0x159c  RasAuto - ok
17:50:20.0718 0x159c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:50:20.0718 0x159c  Rasl2tp - ok
17:50:20.0765 0x159c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:50:20.0765 0x159c  RasMan - ok
17:50:20.0781 0x159c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:50:20.0781 0x159c  RasPppoe - ok
17:50:20.0781 0x159c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:50:20.0796 0x159c  Raspti - ok
17:50:20.0828 0x159c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:50:20.0828 0x159c  Rdbss - ok
17:50:20.0843 0x159c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:50:20.0843 0x159c  RDPCDD - ok
17:50:20.0890 0x159c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:50:20.0906 0x159c  RDPWD - ok
17:50:20.0921 0x159c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:50:20.0937 0x159c  RDSessMgr - ok
17:50:21.0015 0x159c  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:50:21.0015 0x159c  RealNetworks Downloader Resolver Service - ok
17:50:21.0046 0x159c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:50:21.0046 0x159c  redbook - ok
17:50:21.0078 0x159c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:50:21.0078 0x159c  RemoteAccess - ok
17:50:21.0093 0x159c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:50:21.0093 0x159c  RpcLocator - ok
17:50:21.0140 0x159c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:50:21.0156 0x159c  RpcSs - ok
17:50:21.0187 0x159c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:50:21.0187 0x159c  RSVP - ok
17:50:21.0218 0x159c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:50:21.0218 0x159c  SamSs - ok
17:50:21.0218 0x159c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:50:21.0234 0x159c  SCardSvr - ok
17:50:21.0281 0x159c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:50:21.0281 0x159c  Schedule - ok
17:50:21.0343 0x159c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:50:21.0390 0x159c  Secdrv - ok
17:50:21.0468 0x159c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:50:21.0500 0x159c  seclogon - ok
17:50:21.0609 0x159c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
17:50:21.0640 0x159c  SENS - ok
17:50:21.0703 0x159c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:50:21.0703 0x159c  serenum - ok
17:50:21.0781 0x159c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:50:21.0812 0x159c  Serial - ok
17:50:21.0921 0x159c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:50:21.0953 0x159c  Sfloppy - ok
17:50:22.0000 0x159c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:50:22.0015 0x159c  SharedAccess - ok
17:50:22.0031 0x159c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:50:22.0031 0x159c  ShellHWDetection - ok
17:50:22.0046 0x159c  Simbad - ok
17:50:22.0062 0x159c  Sparrow - ok
17:50:22.0109 0x159c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:50:22.0109 0x159c  splitter - ok
17:50:22.0156 0x159c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:50:22.0156 0x159c  Spooler - ok
17:50:22.0171 0x159c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:50:22.0171 0x159c  sr - ok
17:50:22.0218 0x159c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:50:22.0218 0x159c  srservice - ok
17:50:22.0265 0x159c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:50:22.0265 0x159c  Srv - ok
17:50:22.0312 0x159c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:50:22.0312 0x159c  SSDPSRV - ok
17:50:22.0328 0x159c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:50:22.0343 0x159c  stisvc - ok
17:50:22.0406 0x159c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:50:22.0406 0x159c  swenum - ok
17:50:22.0406 0x159c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:50:22.0406 0x159c  swmidi - ok
17:50:22.0421 0x159c  SwPrv - ok
17:50:22.0437 0x159c  symc810 - ok
17:50:22.0453 0x159c  symc8xx - ok
17:50:22.0453 0x159c  sym_hi - ok
17:50:22.0468 0x159c  sym_u3 - ok
17:50:22.0500 0x159c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:50:22.0500 0x159c  sysaudio - ok
17:50:22.0531 0x159c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:50:22.0531 0x159c  SysmonLog - ok
17:50:22.0562 0x159c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:50:22.0562 0x159c  TapiSrv - ok
17:50:22.0625 0x159c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:50:22.0640 0x159c  Tcpip - ok
17:50:22.0671 0x159c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:50:22.0671 0x159c  TDPIPE - ok
17:50:22.0687 0x159c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:50:22.0687 0x159c  TDTCP - ok
17:50:22.0703 0x159c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:50:22.0703 0x159c  TermDD - ok
17:50:22.0734 0x159c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:50:22.0734 0x159c  TermService - ok
17:50:22.0750 0x159c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:50:22.0765 0x159c  Themes - ok
17:50:22.0765 0x159c  TosIde - ok
17:50:22.0812 0x159c  [ 0002A2537E6122F971C4EA58D1588731, BAC935C4F9F5370D691F47DCC939FC17809B55089DB68A8014C9DC82EF911C96 ] TotRec8         C:\WINDOWS\system32\drivers\TotRec8.sys
17:50:22.0812 0x159c  TotRec8 - ok
17:50:22.0859 0x159c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:50:22.0859 0x159c  TrkWks - ok
17:50:22.0890 0x159c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:50:22.0890 0x159c  Udfs - ok
17:50:22.0906 0x159c  ultra - ok
17:50:22.0953 0x159c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:50:22.0968 0x159c  Update - ok
17:50:23.0015 0x159c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:50:23.0015 0x159c  upnphost - ok
17:50:23.0046 0x159c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
17:50:23.0046 0x159c  UPS - ok
17:50:23.0078 0x159c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:50:23.0078 0x159c  usbccgp - ok
17:50:23.0093 0x159c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:50:23.0093 0x159c  usbehci - ok
17:50:23.0140 0x159c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:50:23.0140 0x159c  usbhub - ok
17:50:23.0187 0x159c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:50:23.0187 0x159c  usbprint - ok
17:50:23.0234 0x159c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:50:23.0234 0x159c  usbscan - ok
17:50:23.0234 0x159c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:50:23.0250 0x159c  USBSTOR - ok
17:50:23.0250 0x159c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:50:23.0250 0x159c  usbuhci - ok
17:50:23.0265 0x159c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:50:23.0265 0x159c  VgaSave - ok
17:50:23.0265 0x159c  ViaIde - ok
17:50:23.0359 0x159c  [ 8175F48E6AED78829A1323E3103E4332, AA2F84FBEB768712569A7A47D8F627CA1F723A16910E6C6765D3395E99027D18 ] VMCService      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
17:50:23.0359 0x159c  VMCService - ok
17:50:23.0390 0x159c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:50:23.0390 0x159c  VolSnap - ok
17:50:23.0531 0x159c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:50:23.0546 0x159c  VSS - ok
17:50:23.0593 0x159c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:50:23.0609 0x159c  W32Time - ok
17:50:23.0625 0x159c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:50:23.0640 0x159c  Wanarp - ok
17:50:23.0640 0x159c  WDICA - ok
17:50:23.0671 0x159c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:50:23.0671 0x159c  wdmaud - ok
17:50:23.0687 0x159c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:50:23.0703 0x159c  WebClient - ok
17:50:23.0781 0x159c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:50:23.0781 0x159c  winmgmt - ok
17:50:23.0859 0x159c  [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
17:50:23.0906 0x159c  WinRM - ok
17:50:23.0953 0x159c  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:50:23.0953 0x159c  WmdmPmSN - ok
17:50:24.0015 0x159c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:50:24.0015 0x159c  WmiApSrv - ok
17:50:24.0109 0x159c  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
17:50:24.0140 0x159c  WMPNetworkSvc - ok
17:50:24.0234 0x159c  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:50:24.0265 0x159c  WPFFontCache_v0400 - ok
17:50:24.0312 0x159c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:50:24.0328 0x159c  wscsvc - ok
17:50:24.0343 0x159c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:50:24.0343 0x159c  wuauserv - ok
17:50:24.0406 0x159c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:50:24.0421 0x159c  WudfPf - ok
17:50:24.0468 0x159c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:50:24.0468 0x159c  WudfRd - ok
17:50:24.0500 0x159c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:50:24.0500 0x159c  WudfSvc - ok
17:50:24.0546 0x159c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:50:24.0562 0x159c  WZCSVC - ok
17:50:24.0609 0x159c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:50:24.0609 0x159c  xmlprov - ok
17:50:24.0625 0x159c  ================ Scan global ===============================
17:50:24.0656 0x159c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
17:50:24.0687 0x159c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
17:50:24.0703 0x159c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
17:50:24.0734 0x159c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
17:50:24.0734 0x159c  [ Global ] - ok
17:50:24.0750 0x159c  ================ Scan MBR ==================================
17:50:24.0765 0x159c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:50:24.0906 0x159c  \Device\Harddisk0\DR0 - ok
17:50:24.0906 0x159c  ================ Scan VBR ==================================
17:50:24.0906 0x159c  [ 0EF3833A576706F6941FD1591D82500F ] \Device\Harddisk0\DR0\Partition1
17:50:24.0906 0x159c  \Device\Harddisk0\DR0\Partition1 - ok
17:50:24.0906 0x159c  Waiting for KSN requests completion. In queue: 172
17:50:25.0906 0x159c  Waiting for KSN requests completion. In queue: 172
17:50:26.0906 0x159c  Waiting for KSN requests completion. In queue: 172
17:50:27.0953 0x159c  AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated
17:50:27.0953 0x159c  Win FW state via NFM: enabled
17:50:30.0359 0x159c  ============================================================
17:50:30.0359 0x159c  Scan finished
17:50:30.0359 0x159c  ============================================================
17:50:30.0375 0x0ac4  Detected object count: 0
17:50:30.0375 0x0ac4  Actual detected object count: 0
17:53:47.0562 0x1014  Deinitialize success
 

---

 

# AdwCleaner v3.018 - Report created 28/01/2014 at 18:00:22
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Linda - GRACE-E72544E1D
# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\s8949s0g.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [894 octets] - [28/01/2014 17:57:30]
AdwCleaner[S0].txt - [818 octets] - [28/01/2014 18:00:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [877 octets] ##########
 

---

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by Linda on 29/01/2014 at  0:35:51.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/01/2014 at  0:53:21.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 28 January 2014 - 08:47 PM

Looks good..
Did you download from NET?

This is quick

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 angelfire4xx

angelfire4xx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:United Kingdom
  • Local time:09:40 AM

Posted 29 January 2014 - 07:26 AM

Hi Boopme, I downloaded from the links you gave me, though AdwCleaner sent me to author site for latest version.

Here is the scan result.

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Linda (administrator) on 29-01-2014 at 12:20:06
Running from "C:\Documents and Settings\Linda\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration


Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

TP-LINK TL-WN620G 11G Wireless Adapter = Wireless Network Connection (Connected)
Atheros L2 Fast Ethernet 10/100 Base-T Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration


        Host Name . . . . . . . . . . . . : grace-e72544e1d

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Mixed

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Local Area Connection:


        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Atheros L2 Fast Ethernet 10/100 Base-T Controller

        Physical Address. . . . . . . . . : 00-1E-8C-19-C9-64


Ethernet adapter Wireless Network Connection:


        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : TP-LINK TL-WN620G 11G Wireless Adapter

        Physical Address. . . . . . . . . : 00-1D-0F-B8-CE-D5

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.3

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 208.67.222.222

                                            208.67.220.220

        Lease Obtained. . . . . . . . . . : 29 January 2014 12:13:57

        Lease Expires . . . . . . . . . . : 30 January 2014 12:13:57

Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    google.com
Addresses:  173.194.34.134, 173.194.34.133, 173.194.34.131, 173.194.34.135
      173.194.34.132, 173.194.34.128, 173.194.34.142, 173.194.34.136, 173.194.34.130
      173.194.34.137, 173.194.34.129


Pinging google.com [173.194.34.137] with 32 bytes of data:


Reply from 173.194.34.137: bytes=32 time=18ms TTL=56

Reply from 173.194.34.137: bytes=32 time=17ms TTL=56


Ping statistics for 173.194.34.137:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 17ms, Maximum = 18ms, Average = 17ms

Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:


Reply from 206.190.36.45: bytes=32 time=196ms TTL=39

Reply from 206.190.36.45: bytes=32 time=167ms TTL=39


Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 167ms, Maximum = 196ms, Average = 181ms


Pinging 127.0.0.1 with 32 bytes of data:


Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128


Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 8c 19 c9 64 ...... Atheros L2 Fast Ethernet 10/100 Base-T Controller - Packet Scheduler Miniport
0x10004 ...00 1d 0f b8 ce d5 ...... TP-LINK TL-WN620G 11G Wireless Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.3      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.255.0      192.168.0.3     192.168.0.3      25
      192.168.0.3  255.255.255.255        127.0.0.1       127.0.0.1      25
    192.168.0.255  255.255.255.255      192.168.0.3     192.168.0.3      25
        224.0.0.0        240.0.0.0      192.168.0.3     192.168.0.3      25
  255.255.255.255  255.255.255.255      192.168.0.3               2      1
  255.255.255.255  255.255.255.255      192.168.0.3     192.168.0.3      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/29/2014 11:32:41 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/29/2014 00:27:47 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/29/2014 00:26:05 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/29/2014 00:19:20 AM) (Source: Application Hang) (User: )
Description: Hanging application IDriveETray.exe, version 3.4.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/29/2014 00:19:11 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/28/2014 06:02:33 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/28/2014 11:46:33 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/28/2014 01:03:49 AM) (Source: Application Hang) (User: )
Description: Hanging application IDriveETray.exe, version 3.4.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/27/2014 05:52:17 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/27/2014 05:49:04 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (01/27/2014 05:52:35 PM) (Source: 0) (User: )
Description: TP-LINK TL-WN620G 11G Wireless Adapter

Error: (01/27/2014 03:11:50 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.2625.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/27/2014 00:09:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.2625.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/26/2014 00:09:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.2625.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/26/2014 02:08:28 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.2625.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/23/2014 10:47:21 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.6 for the Network Card with network address 001D0FB8CED5 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/18/2014 04:54:28 PM) (Source: 0) (User: )
Description: TP-LINK TL-WN620G 11G Wireless Adapter

Error: (01/09/2014 01:03:02 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.4 for the Network Card with network address 001D0FB8CED5 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/08/2014 02:02:01 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.5 for the Network Card with network address 001D0FB8CED5 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/07/2014 02:19:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.1220.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (01/29/2014 11:32:41 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/29/2014 00:27:47 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/29/2014 00:26:05 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/29/2014 00:19:20 AM) (Source: Application Hang)(User: )
Description: IDriveETray.exe3.4.0.1hungapp0.0.0.000000000

Error: (01/29/2014 00:19:11 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (01/28/2014 06:02:33 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/28/2014 11:46:33 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/28/2014 01:03:49 AM) (Source: Application Hang)(User: )
Description: IDriveETray.exe3.4.0.1hungapp0.0.0.000000000

Error: (01/27/2014 05:52:17 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/27/2014 05:49:04 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Agent Ransack 2010
Artisteer 3 (Version: 3.0)
Atheros Communications Inc.® L2 Fast Ethernet Driver (Version: 2.5.7.16)
Audacity 2.0.5 (Version: 2.0.5)
BackUp Maker (Version: 6.5.0.5)
calibre (Version: 1.14.0)
CloudReading (Version: 1.0.27.1025)
dBpowerAMP Music Converter
Directory Lister v0.8.1
Dropbox (Version: 2.4.11)
DzSoft Paste & Save 2003 (Version: 2003)
EPSON Copy Utility 3 (Version: 3.2.0.0)
EPSON Easy Photo Print (Version: 1.4.2.0)
EPSON Printer Software
EPSON Scan
EPSON Web-To-Page
ESDX6000_CX5900 User's Guide
ESET Online Scanner v3
FileZilla Client 3.7.3 (Version: 3.7.3)
Foxit Reader (Version: 6.1.1.1031)
GIMP 2.8.6 (Version: 2.8.6)
Google Drive (Version: 1.13.5782.599)
Google Update Helper (Version: 1.3.22.3)
GPL Ghostscript 8.56
GPL Ghostscript Fonts
GSview 4.9
hp LaserJet 1010 Series (Version: 3.00.0000)
IDrive version 3.4.4 Oct 30, 2013 (Version: 3.4.4)
Intel® Graphics Media Accelerator Driver
Jasc Paint Shop Pro 8 (Version: 8.10.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2000 SR-1 Professional (Version: 9.00.3821)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Publisher 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MidiIllustrator v1.02
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MuseScore 1.2 MuseScore score typesetter (Version: 1.2.0)
MWSnap 3 (Version: 3.0.0.74)
Neuratron PhotoScore Ultimate (Version: 6.1.0)
OpenOffice 4.0.1 (Version: 4.01.9714)
Pdf995
Quicken 2002 Deluxe
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
Realtek High Definition Audio Driver (Version: 5.10.0.7071)
RealUpgrade 1.1 (Version: 1.1.0)
RenameWiz Version 3.4.2
Revo Uninstaller 1.95 (Version: 1.95)
Smart Ad-Wrapper 1.1.1
Spotify (Version: 0.4.3)
TaxCalc (Version: 2)
TaxCalc 2012
Total Recorder 8.5 Standard Edition
TweetAdder4 (Version: 4.0.130805)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Vodafone Mobile Connect Lite (Version: 9.3.5.11690)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 2039.17 MB
Available physical RAM: 1212.05 MB
Total Pagefile: 3932.23 MB
Available Pagefile: 3273.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.15 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.66 GB) (Free:336.29 GB) NTFS

========================= Users: ========================================

User accounts for \\GRACE-E72544E1D

Administrator            ASPNET                   Guest                    
HelpAssistant            Linda                    SUPPORT_388945a0         


**** End of log ****
 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 30 January 2014 - 12:10 PM

OK, how are things here now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 angelfire4xx

angelfire4xx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:United Kingdom
  • Local time:09:40 AM

Posted 31 January 2014 - 09:40 AM

Hi Boopme, I've tested everything and it is working fine now. Thanks so much for your help. Just wondered if it's ok to delete the folder where the infected files were located, or will this interfere with the ESET quarantine?

 

I will for sure send a donation. I wish I'd thought of a virus before when my PC was just running slow. Everyone told me I should reinstall windows XP so I did but it was a huge hassle and I had to pay professionals. I know I'll have to upgrade to Windows 7 soon - great shame as some of my most beloved old software won't run on it.

 

Huge thanks again.

Linda



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 31 January 2014 - 02:20 PM

Hi Linda, yes delete it, it's safe.

We have a long running topic on End Of Support For Windows XP SP3 is April 8, 2014 you may want to look thru.
 
 
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 angelfire4xx

angelfire4xx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:United Kingdom
  • Local time:09:40 AM

Posted 01 February 2014 - 12:51 PM

Hi Boopme, new Restore point created and old ones deleted. PC working fine.

 

Huge thanks

Linda



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 01 February 2014 - 06:08 PM

You're welcome Linda and thanks for coming by!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 angelfire4xx

angelfire4xx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:United Kingdom
  • Local time:09:40 AM

Posted 04 February 2014 - 05:36 PM

Hi Boopme, I think there is still something wrong, or a reinfection. I plugged in an external disk drive to get something off it today and didn't think it would reinfect me but maybe it did. Also I had the iDrive online backup service and the backed up files on that may have been infectious. (NB I also have Google Drive and Dropbox folders.) I tried to go back to the clean restore point created with your help but Windows would not allow it.

Problems are similar to before: PC not shutting down properly, freezing, not connecting to the internet. I can only connect if I shut it down completely before rebooting.

Steps taken so far

Ran ESET online scanner again - no malware detected.

Ran TDSS killer. As recommended, I changed the filename before running it. When it finished it said no malware detected but the PC was frozen and internet connection had shut down.

 

Later edit

Decided to run Adware cleaner, JRT and mini toolbox again as before. Only detection was by Adware cleaner which didn't like

C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\s8949s0g.default\prefs.js

I have removed that and rebooted. Unless you want to see the new logs or to recommend any other detection processes, I will try waiting a while to see if anything weird happens again. I'll also try again to see if Windows will now accept the restore point we created a few days ago.

 

Windows 7 new computer has been ordered and will arrive soon. I just hope it won't get infected when I transfer data!

 

Just tried the system restore again and thought this time it worked, but unfortunately it ended up with another message that the computer could not be restored to that point.


Edited by angelfire4xx, 04 February 2014 - 06:52 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 04 February 2014 - 07:10 PM

Hello Linda, I don't believe its malware now.

Are you connected thru a router?
Do you use Vodaphone?

Un and reinstall MSE
http://www.microsoft.com/en-us/download/details.aspx?id=5201

Clean your Flash Drive

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


>>>>

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 angelfire4xx

angelfire4xx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:United Kingdom
  • Local time:09:40 AM

Posted 05 February 2014 - 07:05 PM

Thanks Boopme. I've been away most of today but have been monitoring the PC and since removing the .js file there have been no more internet connection problems or freezing.

 

Yes, I do have a router, with TP Link USB adapter. When I was getting the connection problem / freezing the adapter's program would shut down and not restart on reboot. Only started back up if I was able to exit Windows and actually switch off the PC before rebooting. It's ok now.
Yes, Vodaphone software is installed but I don't run it much and have never allowed it to cause a conflict.

 

I will carry out your suggestions tomorrow and let you have the results. Many thanks!

Linda






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users