Computer Hope
Software => Computer viruses and spyware => Topic started by: tealily12 on May 13, 2013, 06:19:13 PM
-
Foolishly downloaded a program on my personal laptop - ignored the ESET "are you sure you wish to let this program make changes to your computer?" - now have ad.yieldmanager popups and it's driving me nuts (I also seem to get allmplayerdownloads.com popups too, but mostly yieldmanager). They seem to particularly enjoy coming up whenever I visit facebook.
* Uninstalled and removed said program, and emptied recycling bin
* Updated ESET virus signature database, no changes
* Googled around - added yieldmanager and ad.yieldmanager to my Mozilla Firefox block list but to no avail
* Downloaded Spyhunter 4, always seems to find a bunch of cookies. I noticed the ad.yieldmanager popups come up less frequently after a scan, but just when I think they're gone completely I go to a site like Facebook and BAM there's another one.
* Found this site, going though suggested Malware removal steps now and will upload logs shortly...
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
-
Thanks for offering to help, I really appreciate it!!! :)
AdwCleaner log:
# AdwCleaner v2.300 - Logfile created 05/16/2013 at 12:33:50
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Lynny - TOSHIBAP870
# Boot Mode : Normal
# Running from : C:\Users\Lynny\Downloads\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Software
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Registry is clean.
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Users\Lynny\AppData\Roaming\Mozilla\Firefox\Profiles\7on4db8w.default\prefs.js
C:\Users\Lynny\AppData\Roaming\Mozilla\Firefox\Profiles\7on4db8w.default\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [885 octets] - [13/05/2013 12:01:30]
AdwCleaner[S1].txt - [921 octets] - [16/05/2013 12:33:50]
########## EOF - C:\AdwCleaner[S1].txt - [980 octets] ##########
-
Malwarebtes scan log:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.16.01
Windows 7
Protection: Enabled
16/05/2013 12:44:19 PM
mbam-log-2013-05-16 (12-44-19).txt
Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415471
Time elapsed: 52 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
JRT scan:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran Thu 16/05/2013 at 13:51:34.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\splashtop"
Failed to delete: [Folder] "C:\Program Files (x86)\splashtop"
~~~ FireFox
Emptied folder: C:\Users\Lynny\AppData\Roaming\mozilla\firefox\profiles\7on4db8w.default\minidumps [32 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 16/05/2013 at 13:55:19.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Popup ads were gone post-scan for a while but are definitely back :( And worse than ever! I notice at the bottom of my screen that almost every page I visit somehow links back to yieldmanager before going to the page I requested.
-
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Security check log:
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
ESET Smart Security 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.7.700.202
Mozilla Firefox (20.0.1)
Google Chrome 18.0.1025.142
````````Process Check: objlist.exe by Laurent````````[/u]
Norton ccSvcHst.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]
-
Combofix log (no computer restarts):
ComboFix 13-05-16.02 - Lynny 17/05/2013 15:07:46.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16303.12930 [GMT 10:00]
Running from: c:\users\Lynny\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Lynny\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Lynny\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Lynny\Documents\~WRL0005.tmp
c:\users\Lynny\Documents\~WRL0076.tmp
c:\users\Lynny\Documents\~WRL0266.tmp
c:\users\Lynny\Documents\~WRL0892.tmp
c:\users\Lynny\Documents\~WRL0987.tmp
c:\users\Lynny\Documents\~WRL2876.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-04-17 to 2013-05-17 )))))))))))))))))))))))))))))))
.
.
2013-05-17 05:12 . 2013-05-17 05:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-17 05:12 . 2013-05-17 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-16 22:33 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68B272DF-0AC2-40A2-8B31-C48B9E280B87}\mpengine.dll
2013-05-16 03:59 . 2013-05-16 03:59 -------- d-----w- c:\programdata\Splashtop
2013-05-16 03:51 . 2013-05-16 03:51 -------- d-----w- c:\windows\ERUNT
2013-05-16 03:51 . 2013-05-16 03:51 -------- d-----w- C:\JRT
2013-05-16 02:43 . 2013-05-16 02:43 -------- d-----w- c:\users\Lynny\AppData\Roaming\Malwarebytes
2013-05-16 02:43 . 2013-05-16 02:43 -------- d-----w- c:\programdata\Malwarebytes
2013-05-16 02:43 . 2013-05-16 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-16 02:43 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-16 02:42 . 2013-05-16 02:42 -------- d-----w- c:\users\Lynny\AppData\Local\Programs
2013-05-16 01:50 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 01:50 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 01:49 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 01:49 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 01:49 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 01:49 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 01:49 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 01:49 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 01:49 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 01:49 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 01:49 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-13 01:55 . 2012-06-22 01:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-05-13 01:55 . 2013-05-13 01:55 110080 ----a-r- c:\users\Lynny\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconF7A21AF7.exe
2013-05-13 01:55 . 2013-05-13 01:55 110080 ----a-r- c:\users\Lynny\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconD7F16134.exe
2013-05-13 01:55 . 2013-05-13 01:55 110080 ----a-r- c:\users\Lynny\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\Icon1226A4C5.exe
2013-05-13 01:55 . 2013-05-13 01:55 -------- d-----w- C:\sh4ldr
2013-05-13 01:55 . 2013-05-13 01:55 -------- d-----w- c:\program files\Enigma Software Group
2013-05-13 01:55 . 2013-05-13 01:55 -------- d-----w- c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-05-13 01:55 . 2013-05-13 04:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-12 23:57 . 2013-05-13 01:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-12 23:57 . 2013-05-13 01:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-05-12 04:07 . 2013-05-13 04:12 -------- d-----w- c:\program files (x86)\VideoSaver
2013-05-12 04:06 . 2013-05-12 04:06 -------- d-----w- c:\users\Lynny\AppData\Local\FlvtoYoutubeDownloader
2013-05-12 04:06 . 2013-05-12 04:08 -------- d-----w- c:\users\Lynny\AppData\Roaming\FlvtoConverter
2013-05-12 04:05 . 2013-05-12 10:33 -------- d-----w- c:\users\Lynny\AppData\Local\Flvto Youtube Downloader
2013-04-24 12:33 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 03:44 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 13:39 . 2012-04-03 10:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:39 . 2012-04-03 10:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-01 16:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 01:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 01:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 01:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 01:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 01:50 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 01:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-26 03:33 . 2012-07-23 12:28 56336 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2013-03-26 03:32 . 2012-07-23 12:28 11376 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-03-26 03:32 . 2012-07-23 12:28 10864 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-03-22 20:50 . 2013-03-22 20:50 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 20:50 . 2013-03-22 20:50 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 20:50 . 2013-03-22 20:50 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-22 20:50 . 2013-03-22 20:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 20:50 . 2013-03-22 20:50 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 20:50 . 2013-03-22 20:50 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-22 20:50 . 2013-03-22 20:50 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-22 20:50 . 2013-03-22 20:50 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 20:50 . 2013-03-22 20:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 20:50 . 2013-03-22 20:50 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 20:50 . 2013-03-22 20:50 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-22 20:50 . 2013-03-22 20:50 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 20:50 . 2013-03-22 20:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 20:50 . 2013-03-22 20:50 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 20:50 . 2013-03-22 20:50 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 20:50 . 2013-03-22 20:50 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 20:50 . 2013-03-22 20:50 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 20:50 . 2013-03-22 20:50 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 20:50 . 2013-03-22 20:50 441856 ----a-w- c:\windows\system32\html.iec
2013-03-22 20:50 . 2013-03-22 20:50 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 20:50 . 2013-03-22 20:50 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 20:50 . 2013-03-22 20:50 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 20:50 . 2013-03-22 20:50 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 20:50 . 2013-03-22 20:50 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 20:50 . 2013-03-22 20:50 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-22 20:50 . 2013-03-22 20:50 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 20:50 . 2013-03-22 20:50 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-22 20:50 . 2013-03-22 20:50 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 20:50 . 2013-03-22 20:50 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-22 20:50 . 2013-03-22 20:50 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 20:50 . 2013-03-22 20:50 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 20:50 . 2013-03-22 20:50 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-22 20:50 . 2013-03-22 20:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 20:50 . 2013-03-22 20:50 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 20:50 . 2013-03-22 20:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 20:50 . 2013-03-22 20:50 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 20:50 . 2013-03-22 20:50 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 20:50 . 2013-03-22 20:50 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 20:50 . 2013-03-22 20:50 235008 ----a-w- c:\windows\system32\url.dll
2013-03-22 20:50 . 2013-03-22 20:50 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-22 20:50 . 2013-03-22 20:50 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 20:50 . 2013-03-22 20:50 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-22 20:50 . 2013-03-22 20:50 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 20:50 . 2013-03-22 20:50 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 20:50 . 2013-03-22 20:50 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 20:50 . 2013-03-22 20:50 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 20:50 . 2013-03-22 20:50 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 20:50 . 2013-03-22 20:50 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-22 20:50 . 2013-03-22 20:50 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-10 06:13 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 06:13 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 06:13 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:13 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 06:13 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 06:13 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FCA0E497-33D1-4DBE-8FDB-7F9A597C8BC2}]
2013-04-23 21:57 133528 ----a-w- c:\program files (x86)\VideoSaver\VideoSaver.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-12 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"SacReminderBOX"="c:\programdata\Clickfree\BoxSoftware\reminder\SacReminder.exe" [2011-11-01 567120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
R2 CFUACProxy_boxsoftware;CFUACProxy_boxsoftware;c:\programdata\Clickfree\BoxSoftware\UACProxy.exe [2011-11-01 83792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2012-11-07 174176]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys [2012-01-05 21096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-13 62496]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-01-28 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2013-03-26 56336]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-13 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-13 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-13 38288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\SymcPCCULaunchSvc.exe [2012-08-01 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe [2011-09-13 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-09-03 548264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [2012-01-18 30064]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-20 363800]
S3 CXPOLARIS;YUAN Polaris Hybrid TV AVS Video Capture;c:\windows\system32\drivers\cxRDU253S.sys [2011-02-21 449792]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2011-03-09 6656]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2011-03-09 32256]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-12-13 259176]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-02-25 22800]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:39]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 23:01]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 23:01]
.
2013-05-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-05-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-06 2165120]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2011-10-19 718720]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Lynny\AppData\Roaming\Mozilla\Firefox\Profiles\7on4db8w.default\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-12 14:07; [email protected]; c:\program files (x86)\VideoSaver\FF
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TPSCMain - c:\program files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Splashtop Software Updater - c:\program files (x86)\Splashtop\Splashtop Software Updater\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-17 15:14:18
ComboFix-quarantined-files.txt 2013-05-17 05:14
.
Pre-Run: 785,359,781,888 bytes free
Post-Run: 785,651,441,664 bytes free
.
- - End Of File - - F875C6D5D85706F3A36FED9E5E4E6295
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
************************************
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
Had issues verifying my Java, but downloaded latest one anyway (7. something?) from the site you recommended. Also downloaded JavaRa - it wasn't able to "find" the log but did tell me that it removed C:/Program Files(x86)\Java\jre\6.
Rooter log: (It mentions something about not being an administrator - but I should be?)
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.10.9200.16576
Mozilla Firefox 20.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:918 Go - Free:731 Go )
D:\ [Fixed-NTFS] .. ( Total:465 Go - Free:465 Go )
E:\ [CD_Rom]
F:\ [Removable]
Q:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 09:41.57
Path : C:\Users\Lynny\Desktop\Rooter.exe
User : Lynny ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (456)
Locked csrss.exe (672)
Locked wininit.exe (752)
Locked csrss.exe (772)
Locked winlogon.exe (816)
Locked services.exe (860)
Locked lsass.exe (880)
Locked lsm.exe (888)
Locked svchost.exe (988)
Locked SH4SER~1.EXE (188)
Locked nvvsvc.exe (476)
Locked svchost.exe (668)
Locked svchost.exe (688)
Locked svchost.exe (1068)
Locked svchost.exe (1116)
Locked svchost.exe (1148)
Locked svchost.exe (1492)
Locked spoolsv.exe (1628)
Locked svchost.exe (1656)
Locked AppleMobileDeviceService.exe (1748)
Locked mDNSResponder.exe (1792)
Locked ekrn.exe (1864)
Locked svchost.exe (1888)
Locked HeciServer.exe (1924)
Locked IntelMeFWService.exe (1964)
Locked Jhi_service.exe (1992)
Locked mbamscheduler.exe (1196)
Locked mbamservice.exe (1472)
Locked ccSvcHst.exe (1520)
Locked PsiService_2.exe (2096)
Locked sftvsa.exe (2436)
Locked SRService.exe (2488)
Locked SSUService.exe (2524)
Locked ThpSrv.exe (2576)
Locked TODDSrv.exe (2612)
Locked TosCoSrv.exe (2648)
Locked UDSS.exe (2712)
Locked WLIDSVC.EXE (2812)
Locked sftlist.exe (2860)
Locked TecoService.exe (2948)
Locked WLIDSVCM.EXE (1312)
Locked WmiPrvSE.exe (3168)
Locked CVHSVC.EXE (3656)
Locked SearchIndexer.exe (3776)
Locked svchost.exe (4200)
Locked WUDFHost.exe (4968)
Locked nvxdsync.exe (4576)
Locked nvvsvc.exe (236)
Locked PresentationFontCache.exe (4208)
Locked CFIWmxSvcs64.exe (2672)
Locked CFSvcs.exe (464)
Locked LMS.exe (432)
Locked SymcPCCULaunchSvc.exe (996)
Locked daemonu.exe (3408)
Locked svchost.exe (3644)
Locked wmpnetwk.exe (3820)
Locked UNS.exe (3432)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (1184)
______ ?????????? (2272)
______ ?????????? (4100)
______ ?????????? (1364)
Locked ccSvcHst.exe (4356)
Locked SRServer.exe (1220)
______ ?????????? (4416)
______ ?????????? (4808)
______ ?????????? (2664)
Locked audiodg.exe (4464)
______ ?????????? (4396)
______ ?????????? (2896)
______ ?????????? (3952)
______ ?????????? (3140)
______ ?????????? (1212)
______ ?????????? (1088)
______ ?????????? (4752)
______ ?????????? (2884)
______ ?????????? (3824)
______ ?????????? (3056)
Locked GoogleToolbarNotifier.exe (5312)
______ C:\Program Files (x86)\Skype\Phone\Skype.exe (5412)
______ C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (6136)
______ C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (5236)
Locked SynTPHelper.exe (5720)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (6100)
______ C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (5424)
______ ?????????? (5692)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (5908)
______ ?????????? (5972)
Locked OSPPSVC.EXE (5816)
Locked iPodService.exe (2356)
______ ?????????? (6784)
______ ?????????? (6804)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (6852)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (6600)
Locked TMachInfo.exe (7500)
Locked TPCHSrv.exe (7528)
Locked TosSmartSrv.exe (3632)
______ ?????????? (6256)
______ ?????????? (5164)
______ C:\Program Files (x86)\iTunes\iTunes.exe (7008)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (4816)
______ ?????????? (6384)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (4488)
______ ?????????? (8036)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (3544)
______ ?????????? (6012)
______ C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (10640)
______ C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (1608)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (5256)
______ ?????????? (9424)
Locked SRFeature.exe (12880)
Locked msiexec.exe (13280)
Locked svchost.exe (11556)
Locked TrustedInstaller.exe (13584)
______ ?????????? (12704)
______ C:\Users\Lynny\Desktop\JavaRa\JavaRa.exe (8536)
Locked taskeng.exe (14024)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (11348)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (9668)
______ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (10812)
______ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (13044)
Locked SearchProtocolHost.exe (12488)
Locked SearchFilterHost.exe (13528)
______ C:\Users\Lynny\Desktop\Rooter.exe (8520)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 (Start_Offset:1573912576 | Length:985914146816)
\Device\Harddisk0\Partition3 (Start_Offset:987488059392 | Length:12716081152)
.
----------------------\\ Scheduled Tasks
.
C:\windows\Tasks\Adobe Flash Player Updater.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
C:\windows\Tasks\SA.DAT
C:\windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 09:42.02
.
C:\Rooter$\Rooter_1.txt - (18/05/2013 | 09:42.02)
-
roguekiller log: (it found stuff! Should I delete the five ticked items?)
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lynny [Admin rights]
Mode : Scan -- Date : 05/18/2013 09:48:26
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SacReminderBOX (C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe) [7] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] 4bad06f2666e3afa6f0b88cb06f8429f
[BSP] 3829025f6d7950e82f01c4b1622cb505 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 940241 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1928687616 | Size: 12127 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] e8eb6175e5b63cabf60a09af76b4ee09
[BSP] 12b1a2624a46569841183faa8d7f55c8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_05182013_02d0948.txt >>
RKreport[1]_S_05182013_02d0948.txt
-
Please run RogueKiller again and delete those items.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Deleted found items. Ran roguekiller again, log below. Still having some crazy ad issues (like random text words being linked to ads when I run the mouse over them)
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lynny [Admin rights]
Mode : Scan -- Date : 05/18/2013 14:29:00
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] 4bad06f2666e3afa6f0b88cb06f8429f
[BSP] 3829025f6d7950e82f01c4b1622cb505 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 940241 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1928687616 | Size: 12127 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] e8eb6175e5b63cabf60a09af76b4ee09
[BSP] 12b1a2624a46569841183faa8d7f55c8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_S_05182013_02d1429.txt >>
RKreport[1]_S_05182013_02d0948.txt ; RKreport[2]_D_05182013_02d1426.txt ; RKreport[3]_S_05182013_02d1429.txt
Will run the ESET scan and upload the scan tonight. Thanks again for all your help so far! :)
-
ESET scans - "No threats found" (but popup ads are definitely still in full force!)
What should I do next?
-
Still having some crazy ad issues (like random text words being linked to ads when I run the mouse over them)
Here's (http://www.dailyblogtips.com/stay-away-from-in-text-advertising/)more about that. Only certain sites use them.
What should I do next?
Please let me know how your computer is working.
-
Ok. Well, in that case, most site I visit (including this one) have the in-text advertising. I also still have the popups (just got another one as I accessed this website) :(
-
What browser do you see the pop-ups on?
Here's (http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/how-to-permanently-disable-in-text-advertising/f7d3b1ea-d5e9-4b9d-98f0-b811f6ce4677) some more information about in-text advertising.
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
Mozilla firefox.
TDSSKiller log: (no hits :( ) )
22:20:20.0372 24452 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:20:21.0401 24452 ============================================================
22:20:21.0401 24452 Current date / time: 2013/05/21 22:20:21.0401
22:20:21.0401 24452 SystemInfo:
22:20:21.0401 24452
22:20:21.0401 24452 OS Version: 6.1.7601 ServicePack: 1.0
22:20:21.0401 24452 Product type: Workstation
22:20:21.0401 24452 ComputerName: TOSHIBAP870
22:20:21.0401 24452 UserName: Lynny
22:20:21.0401 24452 Windows directory: C:\windows
22:20:21.0401 24452 System windows directory: C:\windows
22:20:21.0401 24452 Running under WOW64
22:20:21.0401 24452 Processor architecture: Intel x64
22:20:21.0401 24452 Number of processors: 8
22:20:21.0401 24452 Page size: 0x1000
22:20:21.0402 24452 Boot type: Normal boot
22:20:21.0402 24452 ============================================================
22:20:23.0308 24452 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:20:23.0341 24452 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:20:23.0371 24452 ============================================================
22:20:23.0371 24452 \Device\Harddisk0\DR0:
22:20:23.0371 24452 MBR partitions:
22:20:23.0371 24452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x72C68800
22:20:23.0371 24452 \Device\Harddisk1\DR1:
22:20:23.0371 24452 MBR partitions:
22:20:23.0371 24452 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
22:20:23.0371 24452 ============================================================
22:20:23.0388 24452 C: <-> \Device\Harddisk0\DR0\Partition1
22:20:23.0405 24452 D: <-> \Device\Harddisk1\DR1\Partition1
22:20:23.0405 24452 ============================================================
22:20:23.0405 24452 Initialize success
22:20:23.0405 24452 ============================================================
22:23:18.0257 28324 ============================================================
22:23:18.0257 28324 Scan started
22:23:18.0257 28324 Mode: Manual;
22:23:18.0257 28324 ============================================================
22:23:18.0677 28324 ================ Scan system memory ========================
22:23:18.0677 28324 System memory - ok
22:23:18.0677 28324 ================ Scan services =============================
22:23:19.0087 28324 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:23:19.0087 28324 1394ohci - ok
22:23:19.0157 28324 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:23:19.0167 28324 ACPI - ok
22:23:19.0187 28324 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:23:19.0187 28324 AcpiPmi - ok
22:23:19.0567 28324 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:23:19.0567 28324 AdobeFlashPlayerUpdateSvc - ok
22:23:19.0637 28324 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
22:23:19.0637 28324 adp94xx - ok
22:23:19.0746 28324 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
22:23:19.0750 28324 adpahci - ok
22:23:19.0778 28324 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
22:23:19.0780 28324 adpu320 - ok
22:23:19.0832 28324 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:23:19.0833 28324 AeLookupSvc - ok
22:23:19.0913 28324 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:23:19.0917 28324 AFD - ok
22:23:19.0954 28324 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:23:19.0955 28324 agp440 - ok
22:23:19.0967 28324 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:23:19.0969 28324 ALG - ok
22:23:19.0993 28324 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:23:19.0993 28324 aliide - ok
22:23:20.0053 28324 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:23:20.0053 28324 amdide - ok
22:23:20.0093 28324 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
22:23:20.0093 28324 AmdK8 - ok
22:23:20.0123 28324 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
22:23:20.0123 28324 AmdPPM - ok
22:23:20.0153 28324 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:23:20.0153 28324 amdsata - ok
22:23:20.0203 28324 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
22:23:20.0203 28324 amdsbs - ok
22:23:20.0233 28324 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:23:20.0233 28324 amdxata - ok
22:23:20.0263 28324 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:23:20.0263 28324 AppID - ok
22:23:20.0283 28324 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:23:20.0283 28324 AppIDSvc - ok
22:23:20.0323 28324 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
22:23:20.0323 28324 Appinfo - ok
22:23:20.0423 28324 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:23:20.0423 28324 Apple Mobile Device - ok
22:23:20.0473 28324 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
22:23:20.0473 28324 arc - ok
22:23:20.0513 28324 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
22:23:20.0513 28324 arcsas - ok
22:23:20.0583 28324 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:23:20.0583 28324 AsyncMac - ok
22:23:20.0603 28324 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:23:20.0603 28324 atapi - ok
22:23:20.0653 28324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:23:20.0663 28324 AudioEndpointBuilder - ok
22:23:20.0673 28324 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:23:20.0683 28324 AudioSrv - ok
22:23:20.0753 28324 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:23:20.0763 28324 AxInstSV - ok
22:23:20.0803 28324 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
22:23:20.0813 28324 b06bdrv - ok
22:23:20.0833 28324 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:23:20.0843 28324 b57nd60a - ok
22:23:20.0863 28324 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:23:20.0863 28324 BDESVC - ok
22:23:20.0893 28324 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:23:20.0893 28324 Beep - ok
22:23:20.0933 28324 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
22:23:20.0943 28324 BFE - ok
22:23:20.0983 28324 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
22:23:21.0003 28324 BITS - ok
22:23:21.0023 28324 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:23:21.0023 28324 blbdrive - ok
22:23:21.0093 28324 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:23:21.0103 28324 Bonjour Service - ok
22:23:21.0143 28324 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:23:21.0143 28324 bowser - ok
22:23:21.0173 28324 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
22:23:21.0173 28324 BrFiltLo - ok
22:23:21.0193 28324 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
22:23:21.0193 28324 BrFiltUp - ok
22:23:21.0223 28324 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
22:23:21.0223 28324 BridgeMP - ok
22:23:21.0253 28324 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:23:21.0263 28324 Browser - ok
22:23:21.0273 28324 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:23:21.0273 28324 Brserid - ok
22:23:21.0293 28324 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:23:21.0293 28324 BrSerWdm - ok
22:23:21.0313 28324 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:23:21.0313 28324 BrUsbMdm - ok
22:23:21.0323 28324 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:23:21.0323 28324 BrUsbSer - ok
22:23:21.0353 28324 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
22:23:21.0353 28324 BTHMODEM - ok
22:23:21.0403 28324 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:23:21.0403 28324 bthserv - ok
22:23:21.0433 28324 catchme - ok
22:23:21.0463 28324 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:23:21.0463 28324 cdfs - ok
22:23:21.0493 28324 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:23:21.0493 28324 cdrom - ok
22:23:21.0533 28324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:23:21.0533 28324 CertPropSvc - ok
22:23:21.0583 28324 [ 8FC9A59353F2C5D257613952AD697A2E ] CFUACProxy_boxsoftware C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe
22:23:21.0593 28324 CFUACProxy_boxsoftware - ok
22:23:21.0653 28324 [ B641F0302D444EB94509CFD998CF9FD8 ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
22:23:21.0653 28324 cfWiMAXService - ok
22:23:21.0683 28324 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
22:23:21.0683 28324 circlass - ok
22:23:21.0713 28324 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:23:21.0723 28324 CLFS - ok
22:23:21.0783 28324 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:23:21.0783 28324 clr_optimization_v2.0.50727_32 - ok
22:23:21.0813 28324 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:23:21.0813 28324 clr_optimization_v2.0.50727_64 - ok
22:23:21.0883 28324 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:23:21.0883 28324 clr_optimization_v4.0.30319_32 - ok
22:23:21.0933 28324 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:23:21.0933 28324 clr_optimization_v4.0.30319_64 - ok
22:23:21.0983 28324 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:23:21.0983 28324 CmBatt - ok
22:23:21.0993 28324 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:23:21.0993 28324 cmdide - ok
22:23:22.0033 28324 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:23:22.0043 28324 CNG - ok
22:23:22.0123 28324 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
22:23:22.0123 28324 Compbatt - ok
22:23:22.0143 28324 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
22:23:22.0143 28324 CompositeBus - ok
22:23:22.0153 28324 COMSysApp - ok
22:23:22.0173 28324 [ 1263760C5F62674934C709C3EC31869D ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:23:22.0173 28324 ConfigFree Service - ok
22:23:22.0273 28324 [ 723E3512D6D1FF75E5398981B38FCEF7 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
22:23:22.0273 28324 cphs - ok
22:23:22.0293 28324 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
22:23:22.0293 28324 crcdisk - ok
22:23:22.0343 28324 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
22:23:22.0353 28324 CryptSvc - ok
22:23:22.0443 28324 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:23:22.0443 28324 cvhsvc - ok
22:23:22.0473 28324 [ 066B4AD6534D1C36CB6E6E342DB05ED2 ] CXPOLARIS C:\windows\system32\drivers\cxRDU253S.sys
22:23:22.0473 28324 CXPOLARIS - ok
22:23:22.0513 28324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:23:22.0523 28324 DcomLaunch - ok
22:23:22.0553 28324 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:23:22.0563 28324 defragsvc - ok
22:23:22.0593 28324 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:23:22.0593 28324 DfsC - ok
22:23:22.0623 28324 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:23:22.0623 28324 Dhcp - ok
22:23:22.0633 28324 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:23:22.0633 28324 discache - ok
22:23:22.0653 28324 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
22:23:22.0653 28324 Disk - ok
22:23:22.0673 28324 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:23:22.0673 28324 Dnscache - ok
22:23:22.0713 28324 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:23:22.0713 28324 dot3svc - ok
22:23:22.0733 28324 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:23:22.0733 28324 DPS - ok
22:23:22.0773 28324 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:23:22.0773 28324 drmkaud - ok
22:23:22.0823 28324 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:23:22.0853 28324 DXGKrnl - ok
22:23:22.0913 28324 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\windows\system32\DRIVERS\eamonm.sys
22:23:22.0913 28324 eamonm - ok
22:23:22.0943 28324 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:23:22.0943 28324 EapHost - ok
22:23:23.0003 28324 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
22:23:23.0063 28324 ebdrv - ok
22:23:23.0093 28324 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:23:23.0093 28324 EFS - ok
22:23:23.0143 28324 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\windows\system32\DRIVERS\ehdrv.sys
22:23:23.0143 28324 ehdrv - ok
22:23:23.0203 28324 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:23:23.0213 28324 ehRecvr - ok
22:23:23.0233 28324 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:23:23.0233 28324 ehSched - ok
22:23:23.0333 28324 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
22:23:23.0353 28324 ekrn - ok
22:23:23.0383 28324 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
22:23:23.0393 28324 elxstor - ok
22:23:23.0443 28324 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\windows\system32\DRIVERS\epfw.sys
22:23:23.0453 28324 epfw - ok
22:23:23.0463 28324 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\windows\system32\DRIVERS\EpfwLWF.sys
22:23:23.0463 28324 EpfwLWF - ok
22:23:23.0473 28324 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\windows\system32\DRIVERS\epfwwfp.sys
22:23:23.0473 28324 epfwwfp - ok
22:23:23.0493 28324 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:23:23.0493 28324 ErrDev - ok
22:23:23.0563 28324 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
22:23:23.0563 28324 esgiguard - ok
22:23:23.0583 28324 [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner C:\windows\system32\DRIVERS\EsgScanner.sys
22:23:23.0583 28324 EsgScanner - ok
22:23:23.0613 28324 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:23:23.0613 28324 EventSystem - ok
22:23:23.0653 28324 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:23:23.0663 28324 exfat - ok
22:23:23.0693 28324 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:23:23.0703 28324 fastfat - ok
22:23:23.0743 28324 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:23:23.0753 28324 Fax - ok
22:23:23.0783 28324 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
22:23:23.0783 28324 fdc - ok
22:23:23.0803 28324 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:23:23.0803 28324 fdPHost - ok
22:23:23.0813 28324 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
22:23:23.0813 28324 FDResPub - ok
22:23:23.0833 28324 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:23:23.0833 28324 FileInfo - ok
22:23:23.0843 28324 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:23:23.0843 28324 Filetrace - ok
22:23:23.0863 28324 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
22:23:23.0863 28324 flpydisk - ok
22:23:23.0903 28324 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:23:23.0903 28324 FltMgr - ok
22:23:24.0013 28324 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
22:23:24.0023 28324 FontCache - ok
22:23:24.0073 28324 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:23:24.0083 28324 FontCache3.0.0.0 - ok
22:23:24.0093 28324 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:23:24.0093 28324 FsDepends - ok
22:23:24.0123 28324 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
22:23:24.0123 28324 fssfltr - ok
22:23:24.0173 28324 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:23:24.0193 28324 fsssvc - ok
22:23:24.0223 28324 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:23:24.0223 28324 Fs_Rec - ok
22:23:24.0273 28324 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:23:24.0273 28324 fvevol - ok
22:23:24.0313 28324 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
22:23:24.0313 28324 FwLnk - ok
22:23:24.0333 28324 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
22:23:24.0333 28324 gagp30kx - ok
22:23:24.0363 28324 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:23:24.0383 28324 GamesAppService - ok
22:23:24.0423 28324 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:23:24.0423 28324 GEARAspiWDM - ok
22:23:24.0443 28324 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:23:24.0453 28324 gpsvc - ok
22:23:24.0543 28324 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:23:24.0543 28324 gupdate - ok
22:23:24.0553 28324 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:23:24.0563 28324 gupdatem - ok
22:23:24.0583 28324 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:23:24.0593 28324 gusvc - ok
22:23:24.0603 28324 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:23:24.0603 28324 hcw85cir - ok
22:23:24.0623 28324 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:23:24.0633 28324 HdAudAddService - ok
22:23:24.0653 28324 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
22:23:24.0653 28324 HDAudBus - ok
22:23:24.0663 28324 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
22:23:24.0663 28324 HidBatt - ok
22:23:24.0683 28324 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
22:23:24.0683 28324 HidBth - ok
22:23:24.0693 28324 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
22:23:24.0703 28324 HidIr - ok
22:23:24.0713 28324 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
22:23:24.0713 28324 hidserv - ok
22:23:24.0743 28324 [ 794868B22EC45220F91D077FEC3EB1F8 ] hidshim C:\windows\system32\DRIVERS\hidshim.sys
22:23:24.0753 28324 hidshim - ok
22:23:24.0783 28324 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:23:24.0793 28324 HidUsb - ok
22:23:24.0813 28324 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:23:24.0813 28324 hkmsvc - ok
22:23:24.0823 28324 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:23:24.0833 28324 HomeGroupListener - ok
22:23:24.0853 28324 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:23:24.0853 28324 HomeGroupProvider - ok
22:23:24.0873 28324 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:23:24.0873 28324 HpSAMD - ok
22:23:24.0923 28324 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:23:24.0933 28324 HTTP - ok
22:23:24.0943 28324 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:23:24.0953 28324 hwpolicy - ok
22:23:24.0983 28324 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:23:24.0983 28324 i8042prt - ok
22:23:25.0033 28324 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
22:23:25.0033 28324 iaStor - ok
22:23:25.0073 28324 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:23:25.0083 28324 iaStorV - ok
22:23:25.0113 28324 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:23:25.0153 28324 idsvc - ok
22:23:25.0393 28324 [ 9AA61DC7AA32C1D1260C4267FF07E0C1 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
22:23:25.0613 28324 igfx - ok
22:23:25.0623 28324 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
22:23:25.0623 28324 iirsp - ok
22:23:25.0653 28324 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:23:25.0683 28324 IKEEXT - ok
22:23:25.0783 28324 [ 8BD7EB761F4341E6F9FD066099F24B01 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
22:23:25.0853 28324 IntcAzAudAddService - ok
22:23:25.0913 28324 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
22:23:25.0923 28324 IntcDAud - ok
22:23:26.0003 28324 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:23:26.0013 28324 Intel(R) Capability Licensing Service Interface - ok
22:23:26.0053 28324 [ D7467E57549960468E0CA85C17185B12 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
22:23:26.0053 28324 Intel(R) ME Service - ok
22:23:26.0073 28324 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:23:26.0073 28324 intelide - ok
22:23:26.0103 28324 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:23:26.0103 28324 intelppm - ok
22:23:26.0133 28324 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:23:26.0133 28324 IPBusEnum - ok
22:23:26.0143 28324 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:23:26.0143 28324 IpFilterDriver - ok
22:23:26.0183 28324 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:23:26.0213 28324 iphlpsvc - ok
22:23:26.0243 28324 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:23:26.0243 28324 IPMIDRV - ok
22:23:26.0253 28324 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:23:26.0263 28324 IPNAT - ok
22:23:26.0313 28324 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:23:26.0333 28324 iPod Service - ok
22:23:26.0363 28324 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:23:26.0363 28324 IRENUM - ok
22:23:26.0363 28324 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:23:26.0363 28324 isapnp - ok
22:23:26.0393 28324 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:23:26.0393 28324 iScsiPrt - ok
22:23:26.0433 28324 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
22:23:26.0433 28324 iusb3hcs - ok
22:23:26.0453 28324 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
22:23:26.0453 28324 iusb3hub - ok
22:23:26.0483 28324 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
22:23:26.0503 28324 iusb3xhc - ok
22:23:26.0533 28324 [ 604A8615BB3D7064197A0563C799B938 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:23:26.0543 28324 jhi_service - ok
22:23:26.0563 28324 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:23:26.0563 28324 kbdclass - ok
22:23:26.0583 28324 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
22:23:26.0583 28324 kbdhid - ok
22:23:26.0593 28324 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:23:26.0593 28324 KeyIso - ok
22:23:26.0623 28324 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:23:26.0623 28324 KSecDD - ok
22:23:26.0643 28324 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:23:26.0643 28324 KSecPkg - ok
22:23:26.0673 28324 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:23:26.0673 28324 ksthunk - ok
22:23:26.0703 28324 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:23:26.0703 28324 KtmRm - ok
22:23:26.0733 28324 [ 3CE6A9BEF066BF9488E6BC4D6C62F77E ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
22:23:26.0733 28324 L1C - ok
22:23:26.0773 28324 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
22:23:26.0773 28324 LanmanServer - ok
22:23:26.0783 28324 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:23:26.0783 28324 LanmanWorkstation - ok
22:23:26.0813 28324 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:23:26.0823 28324 lltdio - ok
22:23:26.0863 28324 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:23:26.0863 28324 lltdsvc - ok
22:23:26.0883 28324 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:23:26.0893 28324 lmhosts - ok
22:23:26.0933 28324 [ AB41542FA180CB3317F597ED7E7D5C5D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:23:26.0933 28324 LMS - ok
22:23:26.0973 28324 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
22:23:26.0973 28324 LSI_FC - ok
22:23:26.0993 28324 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
22:23:26.0993 28324 LSI_SAS - ok
22:23:27.0003 28324 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
22:23:27.0013 28324 LSI_SAS2 - ok
22:23:27.0013 28324 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
22:23:27.0023 28324 LSI_SCSI - ok
22:23:27.0053 28324 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:23:27.0063 28324 luafv - ok
22:23:27.0113 28324 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
22:23:27.0113 28324 MBAMProtector - ok
22:23:27.0193 28324 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:23:27.0193 28324 MBAMScheduler - ok
22:23:27.0223 28324 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:23:27.0233 28324 MBAMService - ok
22:23:27.0273 28324 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:23:27.0273 28324 Mcx2Svc - ok
22:23:27.0293 28324 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
22:23:27.0293 28324 megasas - ok
22:23:27.0343 28324 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
22:23:27.0353 28324 MegaSR - ok
22:23:27.0383 28324 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
22:23:27.0383 28324 MEIx64 - ok
22:23:27.0423 28324 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:23:27.0423 28324 MMCSS - ok
22:23:27.0453 28324 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:23:27.0463 28324 Modem - ok
22:23:27.0483 28324 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:23:27.0483 28324 monitor - ok
22:23:27.0513 28324 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:23:27.0513 28324 mouclass - ok
22:23:27.0543 28324 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:23:27.0543 28324 mouhid - ok
22:23:27.0563 28324 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:23:27.0563 28324 mountmgr - ok
22:23:27.0603 28324 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:23:27.0603 28324 MozillaMaintenance - ok
22:23:27.0623 28324 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:23:27.0623 28324 mpio - ok
22:23:27.0643 28324 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:23:27.0643 28324 mpsdrv - ok
22:23:27.0673 28324 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
22:23:27.0693 28324 MpsSvc - ok
22:23:27.0713 28324 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:23:27.0713 28324 MRxDAV - ok
22:23:27.0723 28324 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:23:27.0723 28324 mrxsmb - ok
22:23:27.0763 28324 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:23:27.0763 28324 mrxsmb10 - ok
22:23:27.0773 28324 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:23:27.0773 28324 mrxsmb20 - ok
22:23:27.0783 28324 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
22:23:27.0783 28324 msahci - ok
22:23:27.0803 28324 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:23:27.0803 28324 msdsm - ok
22:23:27.0823 28324 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:23:27.0823 28324 MSDTC - ok
22:23:27.0833 28324 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:23:27.0833 28324 Msfs - ok
22:23:27.0853 28324 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:23:27.0853 28324 mshidkmdf - ok
22:23:27.0863 28324 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:23:27.0863 28324 msisadrv - ok
22:23:27.0913 28324 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:23:27.0913 28324 MSiSCSI - ok
22:23:27.0913 28324 msiserver - ok
22:23:27.0963 28324 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:23:27.0963 28324 MSKSSRV - ok
22:23:27.0973 28324 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:23:27.0973 28324 MSPCLOCK - ok
22:23:27.0993 28324 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:23:27.0993 28324 MSPQM - ok
22:23:28.0023 28324 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:23:28.0023 28324 MsRPC - ok
22:23:28.0043 28324 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:23:28.0043 28324 mssmbios - ok
22:23:28.0086 28324 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:23:28.0109 28324 MSTEE - ok
22:23:28.0119 28324 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
22:23:28.0120 28324 MTConfig - ok
22:23:28.0135 28324 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:23:28.0136 28324 Mup - ok
22:23:28.0160 28324 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:23:28.0165 28324 napagent - ok
22:23:28.0205 28324 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:23:28.0209 28324 NativeWifiP - ok
22:23:28.0261 28324 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
22:23:28.0284 28324 NDIS - ok
22:23:28.0317 28324 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:23:28.0318 28324 NdisCap - ok
22:23:28.0332 28324 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:23:28.0333 28324 NdisTapi - ok
22:23:28.0354 28324 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:23:28.0354 28324 Ndisuio - ok
22:23:28.0364 28324 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:23:28.0364 28324 NdisWan - ok
22:23:28.0384 28324 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:23:28.0384 28324 NDProxy - ok
22:23:28.0435 28324 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\windows\system32\DRIVERS\netaapl64.sys
22:23:28.0436 28324 Netaapl - ok
22:23:28.0460 28324 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:23:28.0462 28324 NetBIOS - ok
22:23:28.0481 28324 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:23:28.0483 28324 NetBT - ok
22:23:28.0499 28324 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:23:28.0500 28324 Netlogon - ok
22:23:28.0533 28324 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:23:28.0538 28324 Netman - ok
22:23:28.0553 28324 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:23:28.0558 28324 netprofm - ok
22:23:28.0576 28324 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:23:28.0578 28324 NetTcpPortSharing - ok
22:23:28.0607 28324 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
22:23:28.0609 28324 nfrd960 - ok
22:23:28.0639 28324 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
22:23:28.0643 28324 NlaSvc - ok
22:23:28.0680 28324 Norton PC Checkup Application Launcher - ok
22:23:28.0707 28324 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:23:28.0708 28324 Npfs - ok
22:23:28.0729 28324 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:23:28.0731 28324 nsi - ok
22:23:28.0745 28324 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:23:28.0746 28324 nsiproxy - ok
22:23:28.0799 28324 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:23:28.0822 28324 Ntfs - ok
22:23:28.0852 28324 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:23:28.0852 28324 Null - ok
22:23:28.0861 28324 [ E00CC5F0D26316190FA4BA19B393E37C ] nuvotonhidcir C:\windows\system32\DRIVERS\nuvotonhidcir.sys
22:23:28.0862 28324 nuvotonhidcir - ok
22:23:29.0289 28324 [ 12E18E5F438AAD55DAF77E127C0EA25B ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
22:23:29.0509 28324 nvlddmkm - ok
22:23:29.0529 28324 [ 186290C63FEB79C199A620E36705F9EE ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
22:23:29.0529 28324 nvpciflt - ok
22:23:29.0559 28324 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
22:23:29.0569 28324 nvraid - ok
22:23:29.0589 28324 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
22:23:29.0589 28324 nvstor - ok
22:23:29.0629 28324 [ 33A2052D60D4EA6599CEE1D6853D0A42 ] nvsvc C:\windows\system32\nvvsvc.exe
22:23:29.0649 28324 nvsvc - ok
22:23:29.0725 28324 [ FD6F5B42DB429FD1AE1A4483DB4DD2E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:23:29.0760 28324 nvUpdatusService - ok
22:23:29.0775 28324 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:23:29.0777 28324 nv_agp - ok
22:23:29.0808 28324 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:23:29.0810 28324 ohci1394 - ok
22:23:29.0852 28324 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:29.0854 28324 ose - ok
22:23:30.0028 28324 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:23:30.0108 28324 osppsvc - ok
22:23:30.0148 28324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:23:30.0158 28324 p2pimsvc - ok
22:23:30.0168 28324 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:23:30.0178 28324 p2psvc - ok
22:23:30.0268 28324 [ F9AAE0A3C086DB9E83F38BDA4C7C61E2 ] PACSPTISVR-Sound_Organizer C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
22:23:30.0268 28324 PACSPTISVR-Sound_Organizer - ok
22:23:30.0298 28324 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
22:23:30.0308 28324 Parport - ok
22:23:30.0338 28324 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:23:30.0338 28324 partmgr - ok
22:23:30.0358 28324 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:23:30.0358 28324 PcaSvc - ok
22:23:30.0388 28324 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe
22:23:30.0388 28324 PCCUJobMgr - ok
22:23:30.0418 28324 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:23:30.0418 28324 pci - ok
22:23:30.0428 28324 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
22:23:30.0428 28324 pciide - ok
22:23:30.0438 28324 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
22:23:30.0438 28324 pcmcia - ok
22:23:30.0458 28324 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:23:30.0458 28324 pcw - ok
22:23:30.0478 28324 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:23:30.0498 28324 PEAUTH - ok
22:23:30.0558 28324 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:23:30.0558 28324 PerfHost - ok
22:23:30.0588 28324 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
22:23:30.0608 28324 PGEffect - ok
22:23:30.0639 28324 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:23:30.0659 28324 pla - ok
22:23:30.0699 28324 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:23:30.0709 28324 PlugPlay - ok
22:23:30.0719 28324 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:23:30.0719 28324 PNRPAutoReg - ok
22:23:30.0729 28324 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:23:30.0729 28324 PNRPsvc - ok
22:23:30.0759 28324 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:23:30.0759 28324 PolicyAgent - ok
22:23:30.0789 28324 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
22:23:30.0789 28324 Power - ok
22:23:30.0819 28324 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:23:30.0819 28324 PptpMiniport - ok
22:23:30.0839 28324 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
22:23:30.0839 28324 Processor - ok
22:23:30.0889 28324 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:23:30.0889 28324 ProfSvc - ok
22:23:30.0909 28324 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:23:30.0909 28324 ProtectedStorage - ok
22:23:30.0929 28324 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:23:30.0929 28324 Psched - ok
22:23:30.0969 28324 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:23:30.0979 28324 PSI_SVC_2 - ok
22:23:31.0039 28324 [ 07D57B890DD5693A6AB660CBAE8F91B4 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
22:23:31.0039 28324 PxHlpa64 - ok
22:23:31.0069 28324 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
22:23:31.0089 28324 ql2300 - ok
22:23:31.0109 28324 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
22:23:31.0109 28324 ql40xx - ok
22:23:31.0129 28324 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:23:31.0139 28324 QWAVE - ok
22:23:31.0149 28324 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:23:31.0149 28324 QWAVEdrv - ok
22:23:31.0159 28324 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:23:31.0159 28324 RasAcd - ok
22:23:31.0199 28324 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:23:31.0199 28324 RasAgileVpn - ok
22:23:31.0209 28324 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:23:31.0209 28324 RasAuto - ok
22:23:31.0229 28324 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:23:31.0229 28324 Rasl2tp - ok
22:23:31.0249 28324 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:23:31.0249 28324 RasMan - ok
22:23:31.0259 28324 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:23:31.0259 28324 RasPppoe - ok
22:23:31.0279 28324 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:23:31.0279 28324 RasSstp - ok
22:23:31.0299 28324 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:23:31.0309 28324 rdbss - ok
22:23:31.0319 28324 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
22:23:31.0319 28324 rdpbus - ok
22:23:31.0329 28324 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:23:31.0329 28324 RDPCDD - ok
22:23:31.0359 28324 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:23:31.0359 28324 RDPENCDD - ok
22:23:31.0369 28324 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:23:31.0369 28324 RDPREFMP - ok
22:23:31.0409 28324 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:23:31.0429 28324 RDPWD - ok
22:23:31.0469 28324 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:23:31.0469 28324 rdyboost - ok
22:23:31.0499 28324 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:23:31.0499 28324 RemoteAccess - ok
22:23:31.0509 28324 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:23:31.0519 28324 RemoteRegistry - ok
22:23:31.0529 28324 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:23:31.0539 28324 RpcEptMapper - ok
22:23:31.0549 28324 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:23:31.0559 28324 RpcLocator - ok
22:23:31.0569 28324 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:23:31.0569 28324 RpcSs - ok
22:23:31.0609 28324 [ 40447D89F56780C49AC2EC22A05D5727 ] RSP2STOR C:\windows\system32\DRIVERS\RtsP2Stor.sys
22:23:31.0609 28324 RSP2STOR - ok
22:23:31.0639 28324 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:23:31.0639 28324 rspndr - ok
22:23:31.0679 28324 [ B708BBAB80C60EE613DEE52A1A0A8538 ] RtkBtFilter C:\windows\system32\DRIVERS\RtkBtfilter.sys
22:23:31.0679 28324 RtkBtFilter - ok
22:23:31.0739 28324 [ 8328468053CEDFD7198BEE178C501989 ] RTL8192Ce C:\windows\system32\DRIVERS\rtwlane.sys
22:23:31.0779 28324 RTL8192Ce - ok
22:23:31.0799 28324 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:23:31.0799 28324 SamSs - ok
22:23:31.0829 28324 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:23:31.0829 28324 sbp2port - ok
22:23:31.0879 28324 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:23:31.0879 28324 SCardSvr - ok
22:23:31.0889 28324 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:23:31.0889 28324 scfilter - ok
22:23:31.0909 28324 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:23:31.0929 28324 Schedule - ok
22:23:31.0949 28324 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:23:31.0949 28324 SCPolicySvc - ok
22:23:31.0969 28324 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:23:31.0969 28324 SDRSVC - ok
22:23:31.0999 28324 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:23:31.0999 28324 secdrv - ok
22:23:32.0009 28324 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:23:32.0009 28324 seclogon - ok
22:23:32.0019 28324 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
22:23:32.0019 28324 SENS - ok
22:23:32.0049 28324 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:23:32.0049 28324 SensrSvc - ok
22:23:32.0079 28324 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
22:23:32.0079 28324 Serenum - ok
22:23:32.0109 28324 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
22:23:32.0109 28324 Serial - ok
22:23:32.0129 28324 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
22:23:32.0129 28324 sermouse - ok
22:23:32.0169 28324 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:23:32.0169 28324 SessionEnv - ok
22:23:32.0179 28324 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:23:32.0179 28324 sffdisk - ok
22:23:32.0209 28324 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:23:32.0209 28324 sffp_mmc - ok
22:23:32.0229 28324 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:23:32.0249 28324 sffp_sd - ok
22:23:32.0259 28324 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
22:23:32.0259 28324 sfloppy - ok
22:23:32.0389 28324 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
22:23:32.0409 28324 Sftfs - ok
22:23:32.0469 28324 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:23:32.0479 28324 sftlist - ok
22:23:32.0499 28324 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
22:23:32.0499 28324 Sftplay - ok
22:23:32.0529 28324 [ 617E29A0B0A2807466560
-
Have you configured FireFox to not allow pop-ups?
-
Yes. I've also placed yieldmanager and ads.yieldmanager on my block list, but to no avail
-
Are you getting pop-ups with Internet Explorer? If the answer is no then I would suggest your uninstall and re-install FireFox.
-
IE... kind of doesn't work, which is scary. It just doesn't load any new pages.
In-text ads now appearing on http://www.smh.com.au/ articles and some of my university websites, which I'm pretty sure didn't happen before.
-
Those in-text ads are probably caused by add-ons. Disable all your add-ons to see if they disappear.
MS Fix-It should repair IE.
Please download and run MS Fix-it from here. (http://support.microsoft.com/mats/AudioPlayback/en-us?entrypoint=lightbox)
-
I ran MS-Fix-it, and IE still appears to not work/doesn't load anything.
#^#$^ I now have a Superfish popup too :( I haven't downloaded anything new in the past few weeks, I swear! I have no idea where this is coming from.
* Googled how to remove Addons - there was something called "videosaver" there. Disabled this. Touch wood, so far so good on Firefox (IE still not working)... no popup adds so far and a lot of the mysterious in-text advertising has gone away (I checked some of the usual "as of recently, always some here" haunts like Wikipedia and my university web page just to be sure)
-
When you say IE will not work, what exactly does it do? Did you try running it as Admin?