Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect and Browser Setting Hijacker [Solved]

Started by t5403cg , Apr 16 2014 05:34 AM

  • This topic is locked This topic is locked

#31
Pyxis
Posted 18 April 2014 - 12:55 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
    • Adobe Reader -- Update
    • Java Runtime Environment -- Update

      Note: Please untick any optional offers Adobe products might come with.
    Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 2

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, ensure a check mark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'ListParts by Farbar' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Press Scan.
    • A log will automatically pop-up once done. Alternatively, you can find Result.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • mbam-log-*.txt (Malwarebytes' Anti-Malware)
    • Result.txt (ListParts)

  • 0

Advertisements

#32
t5403cg
Posted 18 April 2014 - 02:17 PM

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/18/2014
Scan Time: 4:15:45 PM
Logfile: test.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: T5403CG

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315676
Time Elapsed: 22 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, No Action By User, [b44c30d0ba46d7290b7536e107fb8d73],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, No Action By User, [05fb25db15eb01ff0d41e43355adab55],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#33
t5403cg
Posted 18 April 2014 - 02:19 PM

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

ListParts Log:

 

ListParts by Farbar Version: 17-04-2014
Ran by T5403CG (administrator) on 18-04-2014 at 16:20:07
Windows 7 (X64)
Running From: C:\Users\t5403cg\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 60%
Total physical RAM: 3979.23 MB
Available physical RAM: 1586.28 MB
Total Pagefile: 7956.65 MB
Available Pagefile: 5034.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:87.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          149 GB      0 B        

Partitions of Disk 0:
===============

Disk ID: 336094AE

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            149 GB  1024 KB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C                NTFS   Partition    149 GB  Healthy    System (partition with boot components) 

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 336094AE
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

****** End Of Log ******


  • 0

#34
Pyxis
Posted 19 April 2014 - 10:38 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Would you happen to know if your hard drive is encrypted? We're almost done. :)
  • Step 1

    Download 'TDSSKiller by Kaspersky Lab ZAO' and save it to your desktop.
    • Double-click TDSSKiller.exe to run it. It will ask for administrator privileges.
    • Click Start Scan to begin the scan.
      • If an infected file is detected, the default action will be Cure, click on Continue.
      • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now. If not, click Close.
    • The log will be made available at C:\TDSSKiller.*_*_*_log.txt. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • TDSSKiller.*_*_*_log.txt (TDSSKiller)

  • 0

#35
t5403cg
Posted 19 April 2014 - 03:33 PM

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

yes..my hard drive is encrypted...


  • 0

#36
t5403cg
Posted 19 April 2014 - 03:41 PM

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

TDSSKiller Log:

 

17:35:51.0752 0xc668  TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:10
17:35:57.0727 0xc668  ============================================================
17:35:57.0727 0xc668  Current date / time: 2014/04/19 17:35:57.0727
17:35:57.0727 0xc668  SystemInfo:
17:35:57.0727 0xc668 
17:35:57.0727 0xc668  OS Version: 6.1.7601 ServicePack: 1.0
17:35:57.0727 0xc668  Product type: Workstation
17:35:57.0727 0xc668  ComputerName: CID-TDENZL403CG
17:35:57.0727 0xc668  UserName: T5403CG
17:35:57.0727 0xc668  Windows directory: C:\Windows
17:35:57.0727 0xc668  System windows directory: C:\Windows
17:35:57.0727 0xc668  Running under WOW64
17:35:57.0727 0xc668  Processor architecture: Intel x64
17:35:57.0727 0xc668  Number of processors: 4
17:35:57.0727 0xc668  Page size: 0x1000
17:35:57.0727 0xc668  Boot type: Normal boot
17:35:57.0727 0xc668  ============================================================
17:35:57.0898 0xc668  KLMD registered as C:\Windows\system32\drivers\10463682.sys
17:35:58.0288 0xc668  System UUID: {810C51E0-4B2D-2C2A-BE54-3842FF977496}
17:35:59.0474 0xc668  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:35:59.0489 0xc668  ============================================================
17:35:59.0489 0xc668  \Device\Harddisk0\DR0:
17:35:59.0489 0xc668  MBR partitions:
17:35:59.0489 0xc668  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
17:35:59.0489 0xc668  ============================================================
17:35:59.0505 0xc668  Initialize success
17:35:59.0505 0xc668  ============================================================
17:36:32.0640 0xcf60  ============================================================
17:36:32.0640 0xcf60  Scan started
17:36:32.0640 0xcf60  Mode: Manual;
17:36:32.0640 0xcf60  ============================================================
17:36:32.0640 0xcf60  KSN ping started
17:36:46.0570 0xcf60  KSN ping finished: true
17:36:46.0711 0xcf60  ================ Scan system memory ========================
17:36:46.0711 0xcf60  System memory - ok
17:36:46.0711 0xcf60  ================ Scan services =============================
17:36:46.0773 0xcf60  1394ohci - ok
17:36:46.0804 0xcf60  5U877 - ok
17:36:46.0804 0xcf60  ACPI - ok
17:36:46.0820 0xcf60  AcpiPmi - ok
17:36:46.0836 0xcf60  adp94xx - ok
17:36:46.0851 0xcf60  adpahci - ok
17:36:46.0867 0xcf60  adpu320 - ok
17:36:46.0882 0xcf60  AeLookupSvc - ok
17:36:46.0914 0xcf60  AeXNSClient - ok
17:36:46.0929 0xcf60  AFD - ok
17:36:46.0945 0xcf60  agp440 - ok
17:36:46.0945 0xcf60  ALG - ok
17:36:46.0960 0xcf60  aliide - ok
17:36:46.0960 0xcf60  AltirisAgentProvider - ok
17:36:46.0960 0xcf60  amdide - ok
17:36:46.0976 0xcf60  AmdK8 - ok
17:36:46.0976 0xcf60  AmdPPM - ok
17:36:46.0992 0xcf60  amdsata - ok
17:36:46.0992 0xcf60  amdsbs - ok
17:36:47.0007 0xcf60  amdxata - ok
17:36:47.0007 0xcf60  AppID - ok
17:36:47.0023 0xcf60  AppIDSvc - ok
17:36:47.0023 0xcf60  Appinfo - ok
17:36:47.0038 0xcf60  AppMgmt - ok
17:36:47.0038 0xcf60  arc - ok
17:36:47.0054 0xcf60  arcsas - ok
17:36:47.0070 0xcf60  aspnet_state - ok
17:36:47.0070 0xcf60  AsyncMac - ok
17:36:47.0085 0xcf60  atapi - ok
17:36:47.0085 0xcf60  AudioEndpointBuilder - ok
17:36:47.0101 0xcf60  AudioSrv - ok
17:36:47.0116 0xcf60  AxInstSV - ok
17:36:47.0116 0xcf60  b06bdrv - ok
17:36:47.0116 0xcf60  b57nd60a - ok
17:36:47.0132 0xcf60  BDESVC - ok
17:36:47.0132 0xcf60  Beep - ok
17:36:47.0148 0xcf60  BFE - ok
17:36:47.0163 0xcf60  BITS - ok
17:36:47.0163 0xcf60  blbdrive - ok
17:36:47.0179 0xcf60  bowser - ok
17:36:47.0179 0xcf60  BrFiltLo - ok
17:36:47.0194 0xcf60  BrFiltUp - ok
17:36:47.0194 0xcf60  Browser - ok
17:36:47.0210 0xcf60  Brserid - ok
17:36:47.0210 0xcf60  BrSerWdm - ok
17:36:47.0226 0xcf60  BrUsbMdm - ok
17:36:47.0226 0xcf60  BrUsbSer - ok
17:36:47.0226 0xcf60  BTHMODEM - ok
17:36:47.0241 0xcf60  bthserv - ok
17:36:47.0241 0xcf60  btwavdt - ok
17:36:47.0241 0xcf60  btwrchid - ok
17:36:47.0257 0xcf60  ccEvtMgr - ok
17:36:47.0257 0xcf60  ccSetMgr - ok
17:36:47.0257 0xcf60  cdfs - ok
17:36:47.0272 0xcf60  cdrom - ok
17:36:47.0272 0xcf60  CertPropSvc - ok
17:36:47.0272 0xcf60  circlass - ok
17:36:47.0272 0xcf60  CLFS - ok
17:36:47.0288 0xcf60  clr_optimization_v2.0.50727_32 - ok
17:36:47.0288 0xcf60  clr_optimization_v2.0.50727_64 - ok
17:36:47.0288 0xcf60  clr_optimization_v4.0.30319_32 - ok
17:36:47.0304 0xcf60  clr_optimization_v4.0.30319_64 - ok
17:36:47.0304 0xcf60  CmBatt - ok
17:36:47.0304 0xcf60  cmdide - ok
17:36:47.0304 0xcf60  CNG - ok
17:36:47.0319 0xcf60  CnxtHdAudService - ok
17:36:47.0319 0xcf60  COAX - ok
17:36:47.0319 0xcf60  Compbatt - ok
17:36:47.0319 0xcf60  CompositeBus - ok
17:36:47.0335 0xcf60  COMSysApp - ok
17:36:47.0335 0xcf60  ConfigService - ok
17:36:47.0335 0xcf60  crcdisk - ok
17:36:47.0335 0xcf60  CryptSvc - ok
17:36:47.0350 0xcf60  CSC - ok
17:36:47.0350 0xcf60  CscService - ok
17:36:47.0350 0xcf60  DcomLaunch - ok
17:36:47.0382 0xcf60  defragsvc - ok
17:36:47.0397 0xcf60  DfsC - ok
17:36:47.0397 0xcf60  Dhcp - ok
17:36:47.0397 0xcf60  discache - ok
17:36:47.0397 0xcf60  Disk - ok
17:36:47.0397 0xcf60  dmvsc - ok
17:36:47.0413 0xcf60  Dnscache - ok
17:36:47.0413 0xcf60  dot3svc - ok
17:36:47.0413 0xcf60  DPS - ok
17:36:47.0413 0xcf60  drmkaud - ok
17:36:47.0428 0xcf60  DXGKrnl - ok
17:36:47.0428 0xcf60  e1cexpress - ok
17:36:47.0444 0xcf60  EapHost - ok
17:36:47.0444 0xcf60  ebdrv - ok
17:36:47.0444 0xcf60  EDPA - ok
17:36:47.0460 0xcf60  eeCtrl - ok
17:36:47.0460 0xcf60  EFS - ok
17:36:47.0460 0xcf60  ehRecvr - ok
17:36:47.0460 0xcf60  ehSched - ok
17:36:47.0460 0xcf60  elxstor - ok
17:36:47.0475 0xcf60  enstart64 - ok
17:36:47.0475 0xcf60  enstart64_ - ok
17:36:47.0475 0xcf60  EPS - ok
17:36:47.0475 0xcf60  EraserUtilRebootDrv - ok
17:36:47.0491 0xcf60  ErrDev - ok
17:36:47.0506 0xcf60  EventSystem - ok
17:36:47.0506 0xcf60  exfat - ok
17:36:47.0506 0xcf60  fastfat - ok
17:36:47.0506 0xcf60  Fax - ok
17:36:47.0506 0xcf60  fdc - ok
17:36:47.0522 0xcf60  fdPHost - ok
17:36:47.0522 0xcf60  FDResPub - ok
17:36:47.0522 0xcf60  FileInfo - ok
17:36:47.0522 0xcf60  Filetrace - ok
17:36:47.0538 0xcf60  FLEXnet Licensing Service - ok
17:36:47.0538 0xcf60  flpydisk - ok
17:36:47.0538 0xcf60  FltMgr - ok
17:36:47.0538 0xcf60  FontCache - ok
17:36:47.0538 0xcf60  FontCache3.0.0.0 - ok
17:36:47.0553 0xcf60  FsDepends - ok
17:36:47.0553 0xcf60  Fs_Rec - ok
17:36:47.0553 0xcf60  fvevol - ok
17:36:47.0553 0xcf60  gagp30kx - ok
17:36:47.0569 0xcf60  GoToAssist - ok
17:36:47.0584 0xcf60  gpsvc - ok
17:36:47.0584 0xcf60  gupdate - ok
17:36:47.0584 0xcf60  gupdatem - ok
17:36:47.0584 0xcf60  hcw85cir - ok
17:36:47.0600 0xcf60  HDAudBus - ok
17:36:47.0600 0xcf60  HidBatt - ok
17:36:47.0600 0xcf60  HidBth - ok
17:36:47.0600 0xcf60  HidIr - ok
17:36:47.0600 0xcf60  hidserv - ok
17:36:47.0616 0xcf60  HidUsb - ok
17:36:47.0616 0xcf60  hkmsvc - ok
17:36:47.0616 0xcf60  HomeGroupListener - ok
17:36:47.0616 0xcf60  HomeGroupProvider - ok
17:36:47.0616 0xcf60  HpSAMD - ok
17:36:47.0631 0xcf60  HTTP - ok
17:36:47.0631 0xcf60  hwpolicy - ok
17:36:47.0631 0xcf60  i8042prt - ok
17:36:47.0631 0xcf60  iaStor - ok
17:36:47.0647 0xcf60  iaStorV - ok
17:36:47.0647 0xcf60  IBMPMDRV - ok
17:36:47.0662 0xcf60  IBMPMSVC - ok
17:36:47.0662 0xcf60  idsvc - ok
17:36:47.0662 0xcf60  igfx - ok
17:36:47.0678 0xcf60  iirsp - ok
17:36:47.0678 0xcf60  IKEEXT - ok
17:36:47.0678 0xcf60  IntcDAud - ok
17:36:47.0694 0xcf60  intelide - ok
17:36:47.0694 0xcf60  intelppm - ok
17:36:47.0694 0xcf60  IntuitUpdateServiceV4 - ok
17:36:47.0709 0xcf60  IPBusEnum - ok
17:36:47.0709 0xcf60  IpFilterDriver - ok
17:36:47.0709 0xcf60  iphlpsvc - ok
17:36:47.0709 0xcf60  IPMIDRV - ok
17:36:47.0725 0xcf60  IPNAT - ok
17:36:47.0725 0xcf60  IRENUM - ok
17:36:47.0725 0xcf60  isapnp - ok
17:36:47.0725 0xcf60  iScsiPrt - ok
17:36:47.0725 0xcf60  kbdclass - ok
17:36:47.0740 0xcf60  kbdhid - ok
17:36:47.0740 0xcf60  KeyIso - ok
17:36:47.0740 0xcf60  KSecDD - ok
17:36:47.0740 0xcf60  KSecPkg - ok
17:36:47.0740 0xcf60  ksthunk - ok
17:36:47.0756 0xcf60  KtmRm - ok
17:36:47.0756 0xcf60  LanmanServer - ok
17:36:47.0756 0xcf60  LanmanWorkstation - ok
17:36:47.0756 0xcf60  LEMSS Agent - ok
17:36:47.0772 0xcf60  LiveUpdate - ok
17:36:47.0772 0xcf60  lltdio - ok
17:36:47.0787 0xcf60  lltdsvc - ok
17:36:47.0787 0xcf60  lmhosts - ok
17:36:47.0787 0xcf60  Lotus Notes Diagnostics - ok
17:36:47.0803 0xcf60  LSI_FC - ok
17:36:47.0803 0xcf60  LSI_SAS - ok
17:36:47.0803 0xcf60  LSI_SAS2 - ok
17:36:47.0803 0xcf60  LSI_SCSI - ok
17:36:47.0818 0xcf60  luafv - ok
17:36:47.0818 0xcf60  Mcx2Svc - ok
17:36:47.0818 0xcf60  megasas - ok
17:36:47.0834 0xcf60  MegaSR - ok
17:36:47.0834 0xcf60  MEIx64 - ok
17:36:47.0834 0xcf60  MMCSS - ok
17:36:47.0850 0xcf60  Modem - ok
17:36:47.0850 0xcf60  monitor - ok
17:36:47.0850 0xcf60  mouclass - ok
17:36:47.0850 0xcf60  mouhid - ok
17:36:47.0865 0xcf60  mountmgr - ok
17:36:47.0865 0xcf60  mpio - ok
17:36:47.0865 0xcf60  mpsdrv - ok
17:36:47.0865 0xcf60  MpsSvc - ok
17:36:47.0881 0xcf60  MRxDAV - ok
17:36:47.0881 0xcf60  mrxsmb - ok
17:36:47.0881 0xcf60  mrxsmb10 - ok
17:36:47.0881 0xcf60  mrxsmb20 - ok
17:36:47.0881 0xcf60  msahci - ok
17:36:47.0896 0xcf60  msdsm - ok
17:36:47.0896 0xcf60  MSDTC - ok
17:36:47.0896 0xcf60  Msfs - ok
17:36:47.0896 0xcf60  mshidkmdf - ok
17:36:47.0912 0xcf60  msisadrv - ok
17:36:47.0912 0xcf60  MSiSCSI - ok
17:36:47.0912 0xcf60  msiserver - ok
17:36:47.0912 0xcf60  MSKSSRV - ok
17:36:47.0928 0xcf60  MSPCLOCK - ok
17:36:47.0928 0xcf60  MSPQM - ok
17:36:47.0928 0xcf60  MsRPC - ok
17:36:47.0928 0xcf60  mssmbios - ok
17:36:47.0943 0xcf60  MSTEE - ok
17:36:47.0943 0xcf60  MTConfig - ok
17:36:47.0943 0xcf60  Mup - ok
17:36:47.0959 0xcf60  NACAgent - ok
17:36:47.0959 0xcf60  napagent - ok
17:36:47.0959 0xcf60  NativeWifiP - ok
17:36:47.0974 0xcf60  NAVENG - ok
17:36:47.0974 0xcf60  NAVEX15 - ok
17:36:47.0974 0xcf60  NDIS - ok
17:36:47.0990 0xcf60  NdisCap - ok
17:36:47.0990 0xcf60  NdisTapi - ok
17:36:47.0990 0xcf60  Ndisuio - ok
17:36:48.0006 0xcf60  NdisWan - ok
17:36:48.0006 0xcf60  NDProxy - ok
17:36:48.0006 0xcf60  NetBIOS - ok
17:36:48.0006 0xcf60  NetBT - ok
17:36:48.0021 0xcf60  Netlogon - ok
17:36:48.0021 0xcf60  Netman - ok
17:36:48.0021 0xcf60  NetMsmqActivator - ok
17:36:48.0021 0xcf60  NetPipeActivator - ok
17:36:48.0037 0xcf60  netprofm - ok
17:36:48.0037 0xcf60  NetTcpActivator - ok
17:36:48.0037 0xcf60  NetTcpPortSharing - ok
17:36:48.0037 0xcf60  NETwNs64 - ok
17:36:48.0037 0xcf60  nfrd960 - ok
17:36:48.0052 0xcf60  NgFilter - ok
17:36:48.0052 0xcf60  NgLog - ok
17:36:48.0068 0xcf60  NgVpn - ok
17:36:48.0084 0xcf60  NgVpnMgr - ok
17:36:48.0084 0xcf60  NgWfp - ok
17:36:48.0084 0xcf60  NlaSvc - ok
17:36:48.0084 0xcf60  Npfs - ok
17:36:48.0099 0xcf60  nsi - ok
17:36:48.0099 0xcf60  nsiproxy - ok
17:36:48.0099 0xcf60  Ntfs - ok
17:36:48.0099 0xcf60  Null - ok
17:36:48.0115 0xcf60  nvraid - ok
17:36:48.0130 0xcf60  nvstor - ok
17:36:48.0130 0xcf60  nv_agp - ok
17:36:48.0130 0xcf60  odserv - ok
17:36:48.0146 0xcf60  ohci1394 - ok
17:36:48.0146 0xcf60  ose - ok
17:36:48.0162 0xcf60  p2pimsvc - ok
17:36:48.0162 0xcf60  p2psvc - ok
17:36:48.0162 0xcf60  Parport - ok
17:36:48.0177 0xcf60  partmgr - ok
17:36:48.0177 0xcf60  Patch Agent - ok
17:36:48.0177 0xcf60  PcaSvc - ok
17:36:48.0177 0xcf60  pci - ok
17:36:48.0177 0xcf60  pciide - ok
17:36:48.0193 0xcf60  pcmcia - ok
17:36:48.0193 0xcf60  pcw - ok
17:36:48.0193 0xcf60  PEAUTH - ok
17:36:48.0193 0xcf60  PeerDistSvc - ok
17:36:48.0208 0xcf60  PerfHost - ok
17:36:48.0208 0xcf60  PinFile - ok
17:36:48.0208 0xcf60  pla - ok
17:36:48.0224 0xcf60  PlugPlay - ok
17:36:48.0224 0xcf60  PNRPAutoReg - ok
17:36:48.0224 0xcf60  PNRPsvc - ok
17:36:48.0224 0xcf60  PolicyAgent - ok
17:36:48.0240 0xcf60  Power - ok
17:36:48.0240 0xcf60  PptpMiniport - ok
17:36:48.0240 0xcf60  Processor - ok
17:36:48.0255 0xcf60  ProfSvc - ok
17:36:48.0255 0xcf60  ProtectedStorage - ok
17:36:48.0255 0xcf60  Psched - ok
17:36:48.0255 0xcf60  ql2300 - ok
17:36:48.0255 0xcf60  ql40xx - ok
17:36:48.0271 0xcf60  QWAVE - ok
17:36:48.0271 0xcf60  QWAVEdrv - ok
17:36:48.0271 0xcf60  RasAcd - ok
17:36:48.0271 0xcf60  RasAgileVpn - ok
17:36:48.0286 0xcf60  RasAuto - ok
17:36:48.0286 0xcf60  Rasl2tp - ok
17:36:48.0286 0xcf60  RasMan - ok
17:36:48.0286 0xcf60  RasPppoe - ok
17:36:48.0302 0xcf60  RasSstp - ok
17:36:48.0302 0xcf60  rdbss - ok
17:36:48.0302 0xcf60  rdpbus - ok
17:36:48.0302 0xcf60  RDPCDD - ok
17:36:48.0318 0xcf60  RDPDR - ok
17:36:48.0318 0xcf60  RDPENCDD - ok
17:36:48.0318 0xcf60  RDPREFMP - ok
17:36:48.0318 0xcf60  RDPWD - ok
17:36:48.0318 0xcf60  rdyboost - ok
17:36:48.0333 0xcf60  RemoteAccess - ok
17:36:48.0333 0xcf60  RemoteRegistry - ok
17:36:48.0333 0xcf60  risdxc - ok
17:36:48.0333 0xcf60  RMBS - ok
17:36:48.0333 0xcf60  RpcEptMapper - ok
17:36:48.0349 0xcf60  RpcLocator - ok
17:36:48.0349 0xcf60  RpcSs - ok
17:36:48.0349 0xcf60  rspndr - ok
17:36:48.0349 0xcf60  s3cap - ok
17:36:48.0364 0xcf60  SamSs - ok
17:36:48.0364 0xcf60  Samsung UPD Service2 - ok
17:36:48.0364 0xcf60  sbp2port - ok
17:36:48.0364 0xcf60  SCardSvr - ok
17:36:48.0364 0xcf60  scfilter - ok
17:36:48.0380 0xcf60  Schedule - ok
17:36:48.0380 0xcf60  SCPolicySvc - ok
17:36:48.0380 0xcf60  SDDisk2K - ok
17:36:48.0380 0xcf60  SDDToki - ok
17:36:48.0396 0xcf60  SDDVD - ok
17:36:48.0396 0xcf60  SDRSVC - ok
17:36:48.0396 0xcf60  SDUPC - ok
17:36:48.0396 0xcf60  secdrv - ok
17:36:48.0396 0xcf60  seclogon - ok
17:36:48.0411 0xcf60  SENS - ok
17:36:48.0411 0xcf60  SensrSvc - ok
17:36:48.0411 0xcf60  Serenum - ok
17:36:48.0411 0xcf60  Serial - ok
17:36:48.0427 0xcf60  sermouse - ok
17:36:48.0427 0xcf60  SessionEnv - ok
17:36:48.0427 0xcf60  sffdisk - ok
17:36:48.0442 0xcf60  sffp_mmc - ok
17:36:48.0442 0xcf60  sffp_sd - ok
17:36:48.0442 0xcf60  sfloppy - ok
17:36:48.0442 0xcf60  SFsCtrx - ok
17:36:48.0442 0xcf60  SharedAccess - ok
17:36:48.0458 0xcf60  ShellHWDetection - ok
17:36:48.0458 0xcf60  SiSRaid2 - ok
17:36:48.0458 0xcf60  SiSRaid4 - ok
17:36:48.0458 0xcf60  Smb - ok
17:36:48.0458 0xcf60  SmcService - ok
17:36:48.0489 0xcf60  SNAC - ok
17:36:48.0489 0xcf60  SNMPTRAP - ok
17:36:48.0505 0xcf60  spldr - ok
17:36:48.0505 0xcf60  Spooler - ok
17:36:48.0505 0xcf60  sppsvc - ok
17:36:48.0505 0xcf60  sppuinotify - ok
17:36:48.0505 0xcf60  SRTSP - ok
17:36:48.0520 0xcf60  SRTSPL - ok
17:36:48.0520 0xcf60  SRTSPX - ok
17:36:48.0520 0xcf60  srv - ok
17:36:48.0520 0xcf60  srv2 - ok
17:36:48.0536 0xcf60  SrvHsfHDA - ok
17:36:48.0536 0xcf60  SrvHsfV92 - ok
17:36:48.0536 0xcf60  SrvHsfWinac - ok
17:36:48.0536 0xcf60  srvnet - ok
17:36:48.0552 0xcf60  SSDPSRV - ok
17:36:48.0552 0xcf60  SstpSvc - ok
17:36:48.0552 0xcf60  stexstor - ok
17:36:48.0552 0xcf60  stisvc - ok
17:36:48.0552 0xcf60  storflt - ok
17:36:48.0567 0xcf60  StorSvc - ok
17:36:48.0567 0xcf60  storvsc - ok
17:36:48.0567 0xcf60  swenum - ok
17:36:48.0567 0xcf60  swprv - ok
17:36:48.0583 0xcf60  Symantec AntiVirus - ok
17:36:48.0583 0xcf60  SymEvent - ok
17:36:48.0583 0xcf60  SynTP - ok
17:36:48.0583 0xcf60  SysMain - ok
17:36:48.0614 0xcf60  SystemExplorerHelpService - ok
17:36:48.0614 0xcf60  TabletInputService - ok
17:36:48.0630 0xcf60  Tanium Client - ok
17:36:48.0630 0xcf60  TapiSrv - ok
17:36:48.0630 0xcf60  TBS - ok
17:36:48.0630 0xcf60  Tcpip - ok
17:36:48.0645 0xcf60  TCPIP6 - ok
17:36:48.0645 0xcf60  tcpipreg - ok
17:36:48.0645 0xcf60  tdifd11 - ok
17:36:48.0661 0xcf60  TDPIPE - ok
17:36:48.0661 0xcf60  TDTCP - ok
17:36:48.0661 0xcf60  tdx - ok
17:36:48.0661 0xcf60  Teefer2 - ok
17:36:48.0661 0xcf60  TermDD - ok
17:36:48.0676 0xcf60  TermService - ok
17:36:48.0676 0xcf60  Themes - ok
17:36:48.0676 0xcf60  THREADORDER - ok
17:36:48.0692 0xcf60  TPM - ok
17:36:48.0692 0xcf60  TrkWks - ok
17:36:48.0692 0xcf60  TrustedInstaller - ok
17:36:48.0692 0xcf60  tssecsrv - ok
17:36:48.0708 0xcf60  TsUsbFlt - ok
17:36:48.0708 0xcf60  TsUsbGD - ok
17:36:48.0708 0xcf60  tunnel - ok
17:36:48.0708 0xcf60  uagp35 - ok
17:36:48.0723 0xcf60  udfs - ok
17:36:48.0723 0xcf60  UI0Detect - ok
17:36:48.0723 0xcf60  uliagpkx - ok
17:36:48.0739 0xcf60  umbus - ok
17:36:48.0739 0xcf60  UmPass - ok
17:36:48.0739 0xcf60  UmRdpService - ok
17:36:48.0739 0xcf60  upnphost - ok
17:36:48.0739 0xcf60  usbccgp - ok
17:36:48.0754 0xcf60  usbcir - ok
17:36:48.0754 0xcf60  usbehci - ok
17:36:48.0754 0xcf60  usbhub - ok
17:36:48.0754 0xcf60  usbohci - ok
17:36:48.0770 0xcf60  usbprint - ok
17:36:48.0770 0xcf60  USBSTOR - ok
17:36:48.0770 0xcf60  usbuhci - ok
17:36:48.0770 0xcf60  UxSms - ok
17:36:48.0786 0xcf60  VaultSvc - ok
17:36:48.0786 0xcf60  vdrvroot - ok
17:36:48.0786 0xcf60  vds - ok
17:36:48.0786 0xcf60  vfsmfd - ok
17:36:48.0801 0xcf60  vga - ok
17:36:48.0801 0xcf60  VgaSave - ok
17:36:48.0801 0xcf60  vhdmp - ok
17:36:48.0801 0xcf60  viaide - ok
17:36:48.0801 0xcf60  vmbus - ok
17:36:48.0817 0xcf60  VMBusHID - ok
17:36:48.0817 0xcf60  volmgr - ok
17:36:48.0817 0xcf60  volmgrx - ok
17:36:48.0817 0xcf60  volsnap - ok
17:36:48.0817 0xcf60  vrtam - ok
17:36:48.0832 0xcf60  vsmraid - ok
17:36:48.0832 0xcf60  VSS - ok
17:36:48.0832 0xcf60  vwifibus - ok
17:36:48.0832 0xcf60  vwififlt - ok
17:36:48.0848 0xcf60  vwifimp - ok
17:36:48.0848 0xcf60  W32Time - ok
17:36:48.0864 0xcf60  WacomPen - ok
17:36:48.0864 0xcf60  WANARP - ok
17:36:48.0864 0xcf60  Wanarpv6 - ok
17:36:48.0864 0xcf60  wbengine - ok
17:36:48.0879 0xcf60  WbioSrvc - ok
17:36:48.0879 0xcf60  wcncsvc - ok
17:36:48.0879 0xcf60  WcsPlugInService - ok
17:36:48.0879 0xcf60  Wd - ok
17:36:48.0879 0xcf60  Wdf01000 - ok
17:36:48.0895 0xcf60  WdiServiceHost - ok
17:36:48.0895 0xcf60  WdiSystemHost - ok
17:36:48.0895 0xcf60  WDP - ok
17:36:48.0895 0xcf60  WebClient - ok
17:36:48.0895 0xcf60  Wecsvc - ok
17:36:48.0910 0xcf60  wercplsupport - ok
17:36:48.0910 0xcf60  WerSvc - ok
17:36:48.0910 0xcf60  WfpLwf - ok
17:36:48.0910 0xcf60  WIMMount - ok
17:36:48.0926 0xcf60  WinDefend - ok
17:36:48.0926 0xcf60  WinHttpAutoProxySvc - ok
17:36:48.0926 0xcf60  WinMagic SecureDoc Service - ok
17:36:48.0926 0xcf60  Winmgmt - ok
17:36:48.0942 0xcf60  WinRM - ok
17:36:48.0942 0xcf60  Wlansvc - ok
17:36:48.0942 0xcf60  WmiAcpi - ok
17:36:48.0957 0xcf60  wmiApSrv - ok
17:36:48.0957 0xcf60  WMPNetworkSvc - ok
17:36:48.0957 0xcf60  WPCSvc - ok
17:36:48.0957 0xcf60  WPDBusEnum - ok
17:36:48.0957 0xcf60  WPS - ok
17:36:48.0973 0xcf60  WpsHelper - ok
17:36:48.0973 0xcf60  ws2ifsl - ok
17:36:48.0973 0xcf60  wscsvc - ok
17:36:48.0988 0xcf60  WSearch - ok
17:36:48.0988 0xcf60  wuauserv - ok
17:36:48.0988 0xcf60  WudfPf - ok
17:36:48.0988 0xcf60  WUDFRd - ok
17:36:49.0004 0xcf60  wudfsvc - ok
17:36:49.0004 0xcf60  WwanSvc - ok
17:36:49.0004 0xcf60  ================ Scan global ===============================
17:36:49.0004 0xcf60  [ Global ] - ok
17:36:49.0020 0xcf60  ================ Scan MBR ==================================
17:36:49.0020 0xcf60  [ 5631B502B49263BF15C30C2DA841C818 ] \Device\Harddisk0\DR0
17:36:49.0020 0xcf60  Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:36:49.0441 0xcf60  \Device\Harddisk0\DR0 - ok
17:36:49.0441 0xcf60  ================ Scan VBR ==================================
17:36:49.0441 0xcf60  [ F04E5C8F645448C02C3BAAE885F8104F ] \Device\Harddisk0\DR0\Partition1
17:36:49.0441 0xcf60  \Device\Harddisk0\DR0\Partition1 - ok
17:36:49.0472 0xcf60  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\WSCSavNotifier.exe ( 11.0.6300.541 ), 0x71000 ( enabled : updated )
17:36:49.0472 0xcf60  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe ( 11.0.6300.552 ), 0x41010 ( enabled )
17:36:52.0062 0xcf60  ============================================================
17:36:52.0062 0xcf60  Scan finished
17:36:52.0062 0xcf60  ============================================================
17:36:52.0077 0xcf58  Detected object count: 0
17:36:52.0077 0xcf58  Actual detected object count: 0
17:39:00.0287 0xcddc  ============================================================
17:39:00.0287 0xcddc  Scan started
17:39:00.0287 0xcddc  Mode: Manual; SigCheck; TDLFS;
17:39:00.0287 0xcddc  ============================================================
17:39:00.0287 0xcddc  KSN ping started
17:39:13.0827 0xcddc  KSN ping finished: true
17:39:13.0937 0xcddc  ================ Scan system memory ========================
17:39:13.0937 0xcddc  System memory - ok
17:39:13.0937 0xcddc  ================ Scan services =============================
17:39:13.0968 0xcddc  1394ohci - ok
17:39:13.0983 0xcddc  5U877 - ok
17:39:13.0983 0xcddc  ACPI - ok
17:39:13.0999 0xcddc  AcpiPmi - ok
17:39:13.0999 0xcddc  adp94xx - ok
17:39:13.0999 0xcddc  adpahci - ok
17:39:14.0015 0xcddc  adpu320 - ok
17:39:14.0015 0xcddc  AeLookupSvc - ok
17:39:14.0015 0xcddc  AeXNSClient - ok
17:39:14.0015 0xcddc  AFD - ok
17:39:14.0030 0xcddc  agp440 - ok
17:39:14.0030 0xcddc  ALG - ok
17:39:14.0030 0xcddc  aliide - ok
17:39:14.0030 0xcddc  AltirisAgentProvider - ok
17:39:14.0046 0xcddc  amdide - ok
17:39:14.0046 0xcddc  AmdK8 - ok
17:39:14.0046 0xcddc  AmdPPM - ok
17:39:14.0046 0xcddc  amdsata - ok
17:39:14.0061 0xcddc  amdsbs - ok
17:39:14.0061 0xcddc  amdxata - ok
17:39:14.0061 0xcddc  AppID - ok
17:39:14.0061 0xcddc  AppIDSvc - ok
17:39:14.0061 0xcddc  Appinfo - ok
17:39:14.0077 0xcddc  AppMgmt - ok
17:39:14.0077 0xcddc  arc - ok
17:39:14.0077 0xcddc  arcsas - ok
17:39:14.0093 0xcddc  aspnet_state - ok
17:39:14.0093 0xcddc  AsyncMac - ok
17:39:14.0093 0xcddc  atapi - ok
17:39:14.0093 0xcddc  AudioEndpointBuilder - ok
17:39:14.0093 0xcddc  AudioSrv - ok
17:39:14.0108 0xcddc  AxInstSV - ok
17:39:14.0108 0xcddc  b06bdrv - ok
17:39:14.0108 0xcddc  b57nd60a - ok
17:39:14.0108 0xcddc  BDESVC - ok
17:39:14.0124 0xcddc  Beep - ok
17:39:14.0124 0xcddc  BFE - ok
17:39:14.0124 0xcddc  BITS - ok
17:39:14.0124 0xcddc  blbdrive - ok
17:39:14.0139 0xcddc  bowser - ok
17:39:14.0139 0xcddc  BrFiltLo - ok
17:39:14.0139 0xcddc  BrFiltUp - ok
17:39:14.0139 0xcddc  Browser - ok
17:39:14.0139 0xcddc  Brserid - ok
17:39:14.0155 0xcddc  BrSerWdm - ok
17:39:14.0155 0xcddc  BrUsbMdm - ok
17:39:14.0155 0xcddc  BrUsbSer - ok
17:39:14.0155 0xcddc  BTHMODEM - ok
17:39:14.0171 0xcddc  bthserv - ok
17:39:14.0171 0xcddc  btwavdt - ok
17:39:14.0171 0xcddc  btwrchid - ok
17:39:14.0186 0xcddc  ccEvtMgr - ok
17:39:14.0186 0xcddc  ccSetMgr - ok
17:39:14.0186 0xcddc  cdfs - ok
17:39:14.0186 0xcddc  cdrom - ok
17:39:14.0202 0xcddc  CertPropSvc - ok
17:39:14.0202 0xcddc  circlass - ok
17:39:14.0202 0xcddc  CLFS - ok
17:39:14.0202 0xcddc  clr_optimization_v2.0.50727_32 - ok
17:39:14.0202 0xcddc  clr_optimization_v2.0.50727_64 - ok
17:39:14.0217 0xcddc  clr_optimization_v4.0.30319_32 - ok
17:39:14.0217 0xcddc  clr_optimization_v4.0.30319_64 - ok
17:39:14.0217 0xcddc  CmBatt - ok
17:39:14.0217 0xcddc  cmdide - ok
17:39:14.0217 0xcddc  CNG - ok
17:39:14.0233 0xcddc  CnxtHdAudService - ok
17:39:14.0233 0xcddc  COAX - ok
17:39:14.0233 0xcddc  Compbatt - ok
17:39:14.0233 0xcddc  CompositeBus - ok
17:39:14.0249 0xcddc  COMSysApp - ok
17:39:14.0249 0xcddc  ConfigService - ok
17:39:14.0249 0xcddc  crcdisk - ok
17:39:14.0249 0xcddc  CryptSvc - ok
17:39:14.0264 0xcddc  CSC - ok
17:39:14.0264 0xcddc  CscService - ok
17:39:14.0264 0xcddc  DcomLaunch - ok
17:39:14.0280 0xcddc  defragsvc - ok
17:39:14.0280 0xcddc  DfsC - ok
17:39:14.0280 0xcddc  Dhcp - ok
17:39:14.0280 0xcddc  discache - ok
17:39:14.0280 0xcddc  Disk - ok
17:39:14.0295 0xcddc  dmvsc - ok
17:39:14.0295 0xcddc  Dnscache - ok
17:39:14.0295 0xcddc  dot3svc - ok
17:39:14.0295 0xcddc  DPS - ok
17:39:14.0295 0xcddc  drmkaud - ok
17:39:14.0311 0xcddc  DXGKrnl - ok
17:39:14.0311 0xcddc  e1cexpress - ok
17:39:14.0311 0xcddc  EapHost - ok
17:39:14.0311 0xcddc  ebdrv - ok
17:39:14.0327 0xcddc  EDPA - ok
17:39:14.0327 0xcddc  eeCtrl - ok
17:39:14.0327 0xcddc  EFS - ok
17:39:14.0327 0xcddc  ehRecvr - ok
17:39:14.0327 0xcddc  ehSched - ok
17:39:14.0342 0xcddc  elxstor - ok
17:39:14.0342 0xcddc  enstart64 - ok
17:39:14.0342 0xcddc  enstart64_ - ok
17:39:14.0342 0xcddc  EPS - ok
17:39:14.0342 0xcddc  EraserUtilRebootDrv - ok
17:39:14.0358 0xcddc  ErrDev - ok
17:39:14.0358 0xcddc  EventSystem - ok
17:39:14.0358 0xcddc  exfat - ok
17:39:14.0373 0xcddc  fastfat - ok
17:39:14.0373 0xcddc  Fax - ok
17:39:14.0373 0xcddc  fdc - ok
17:39:14.0373 0xcddc  fdPHost - ok
17:39:14.0373 0xcddc  FDResPub - ok
17:39:14.0389 0xcddc  FileInfo - ok
17:39:14.0389 0xcddc  Filetrace - ok
17:39:14.0389 0xcddc  FLEXnet Licensing Service - ok
17:39:14.0389 0xcddc  flpydisk - ok
17:39:14.0389 0xcddc  FltMgr - ok
17:39:14.0405 0xcddc  FontCache - ok
17:39:14.0405 0xcddc  FontCache3.0.0.0 - ok
17:39:14.0405 0xcddc  FsDepends - ok
17:39:14.0405 0xcddc  Fs_Rec - ok
17:39:14.0420 0xcddc  fvevol - ok
17:39:14.0420 0xcddc  gagp30kx - ok
17:39:14.0420 0xcddc  GoToAssist - ok
17:39:14.0420 0xcddc  gpsvc - ok
17:39:14.0420 0xcddc  gupdate - ok
17:39:14.0436 0xcddc  gupdatem - ok
17:39:14.0436 0xcddc  hcw85cir - ok
17:39:14.0436 0xcddc  HDAudBus - ok
17:39:14.0436 0xcddc  HidBatt - ok
17:39:14.0451 0xcddc  HidBth - ok
17:39:14.0451 0xcddc  HidIr - ok
17:39:14.0451 0xcddc  hidserv - ok
17:39:14.0451 0xcddc  HidUsb - ok
17:39:14.0451 0xcddc  hkmsvc - ok
17:39:14.0467 0xcddc  HomeGroupListener - ok
17:39:14.0467 0xcddc  HomeGroupProvider - ok
17:39:14.0467 0xcddc  HpSAMD - ok
17:39:14.0467 0xcddc  HTTP - ok
17:39:14.0467 0xcddc  hwpolicy - ok
17:39:14.0483 0xcddc  i8042prt - ok
17:39:14.0483 0xcddc  iaStor - ok
17:39:14.0483 0xcddc  iaStorV - ok
17:39:14.0483 0xcddc  IBMPMDRV - ok
17:39:14.0498 0xcddc  IBMPMSVC - ok
17:39:14.0498 0xcddc  idsvc - ok
17:39:14.0498 0xcddc  igfx - ok
17:39:14.0498 0xcddc  iirsp - ok
17:39:14.0514 0xcddc  IKEEXT - ok
17:39:14.0514 0xcddc  IntcDAud - ok
17:39:14.0514 0xcddc  intelide - ok
17:39:14.0514 0xcddc  intelppm - ok
17:39:14.0529 0xcddc  IntuitUpdateServiceV4 - ok
17:39:14.0529 0xcddc  IPBusEnum - ok
17:39:14.0529 0xcddc  IpFilterDriver - ok
17:39:14.0529 0xcddc  iphlpsvc - ok
17:39:14.0529 0xcddc  IPMIDRV - ok
17:39:14.0545 0xcddc  IPNAT - ok
17:39:14.0545 0xcddc  IRENUM - ok
17:39:14.0545 0xcddc  isapnp - ok
17:39:14.0545 0xcddc  iScsiPrt - ok
17:39:14.0561 0xcddc  kbdclass - ok
17:39:14.0561 0xcddc  kbdhid - ok
17:39:14.0561 0xcddc  KeyIso - ok
17:39:14.0561 0xcddc  KSecDD - ok
17:39:14.0561 0xcddc  KSecPkg - ok
17:39:14.0576 0xcddc  ksthunk - ok
17:39:14.0576 0xcddc  KtmRm - ok
17:39:14.0576 0xcddc  LanmanServer - ok
17:39:14.0576 0xcddc  LanmanWorkstation - ok
17:39:14.0592 0xcddc  LEMSS Agent - ok
17:39:14.0592 0xcddc  LiveUpdate - ok
17:39:14.0592 0xcddc  lltdio - ok
17:39:14.0592 0xcddc  lltdsvc - ok
17:39:14.0592 0xcddc  lmhosts - ok
17:39:14.0607 0xcddc  Lotus Notes Diagnostics - ok
17:39:14.0607 0xcddc  LSI_FC - ok
17:39:14.0607 0xcddc  LSI_SAS - ok
17:39:14.0607 0xcddc  LSI_SAS2 - ok
17:39:14.0623 0xcddc  LSI_SCSI - ok
17:39:14.0623 0xcddc  luafv - ok
17:39:14.0623 0xcddc  Mcx2Svc - ok
17:39:14.0623 0xcddc  megasas - ok
17:39:14.0623 0xcddc  MegaSR - ok
17:39:14.0639 0xcddc  MEIx64 - ok
17:39:14.0639 0xcddc  MMCSS - ok
17:39:14.0639 0xcddc  Modem - ok
17:39:14.0639 0xcddc  monitor - ok
17:39:14.0654 0xcddc  mouclass - ok
17:39:14.0654 0xcddc  mouhid - ok
17:39:14.0654 0xcddc  mountmgr - ok
17:39:14.0654 0xcddc  mpio - ok
17:39:14.0670 0xcddc  mpsdrv - ok
17:39:14.0670 0xcddc  MpsSvc - ok
17:39:14.0670 0xcddc  MRxDAV - ok
17:39:14.0670 0xcddc  mrxsmb - ok
17:39:14.0670 0xcddc  mrxsmb10 - ok
17:39:14.0685 0xcddc  mrxsmb20 - ok
17:39:14.0685 0xcddc  msahci - ok
17:39:14.0685 0xcddc  msdsm - ok
17:39:14.0685 0xcddc  MSDTC - ok
17:39:14.0701 0xcddc  Msfs - ok
17:39:14.0701 0xcddc  mshidkmdf - ok
17:39:14.0701 0xcddc  msisadrv - ok
17:39:14.0701 0xcddc  MSiSCSI - ok
17:39:14.0701 0xcddc  msiserver - ok
17:39:14.0717 0xcddc  MSKSSRV - ok
17:39:14.0717 0xcddc  MSPCLOCK - ok
17:39:14.0717 0xcddc  MSPQM - ok
17:39:14.0717 0xcddc  MsRPC - ok
17:39:14.0732 0xcddc  mssmbios - ok
17:39:14.0732 0xcddc  MSTEE - ok
17:39:14.0732 0xcddc  MTConfig - ok
17:39:14.0732 0xcddc  Mup - ok
17:39:14.0732 0xcddc  NACAgent - ok
17:39:14.0748 0xcddc  napagent - ok
17:39:14.0748 0xcddc  NativeWifiP - ok
17:39:14.0748 0xcddc  NAVENG - ok
17:39:14.0748 0xcddc  NAVEX15 - ok
17:39:14.0763 0xcddc  NDIS - ok
17:39:14.0763 0xcddc  NdisCap - ok
17:39:14.0763 0xcddc  NdisTapi - ok
17:39:14.0763 0xcddc  Ndisuio - ok
17:39:14.0779 0xcddc  NdisWan - ok
17:39:14.0779 0xcddc  NDProxy - ok
17:39:14.0779 0xcddc  NetBIOS - ok
17:39:14.0779 0xcddc  NetBT - ok
17:39:14.0795 0xcddc  Netlogon - ok
17:39:14.0795 0xcddc  Netman - ok
17:39:14.0795 0xcddc  NetMsmqActivator - ok
17:39:14.0795 0xcddc  NetPipeActivator - ok
17:39:14.0795 0xcddc  netprofm - ok
17:39:14.0810 0xcddc  NetTcpActivator - ok
17:39:14.0810 0xcddc  NetTcpPortSharing - ok
17:39:14.0810 0xcddc  NETwNs64 - ok
17:39:14.0810 0xcddc  nfrd960 - ok
17:39:14.0826 0xcddc  NgFilter - ok
17:39:14.0826 0xcddc  NgLog - ok
17:39:14.0826 0xcddc  NgVpn - ok
17:39:14.0826 0xcddc  NgVpnMgr - ok
17:39:14.0826 0xcddc  NgWfp - ok
17:39:14.0841 0xcddc  NlaSvc - ok
17:39:14.0841 0xcddc  Npfs - ok
17:39:14.0841 0xcddc  nsi - ok
17:39:14.0841 0xcddc  nsiproxy - ok
17:39:14.0841 0xcddc  Ntfs - ok
17:39:14.0857 0xcddc  Null - ok
17:39:14.0857 0xcddc  nvraid - ok
17:39:14.0857 0xcddc  nvstor - ok
17:39:14.0873 0xcddc  nv_agp - ok
17:39:14.0873 0xcddc  odserv - ok
17:39:14.0873 0xcddc  ohci1394 - ok
17:39:14.0873 0xcddc  ose - ok
17:39:14.0888 0xcddc  p2pimsvc - ok
17:39:14.0888 0xcddc  p2psvc - ok
17:39:14.0888 0xcddc  Parport - ok
17:39:14.0888 0xcddc  partmgr - ok
17:39:14.0904 0xcddc  Patch Agent - ok
17:39:14.0904 0xcddc  PcaSvc - ok
17:39:14.0904 0xcddc  pci - ok
17:39:14.0904 0xcddc  pciide - ok
17:39:14.0919 0xcddc  pcmcia - ok
17:39:14.0919 0xcddc  pcw - ok
17:39:14.0919 0xcddc  PEAUTH - ok
17:39:14.0919 0xcddc  PeerDistSvc - ok
17:39:14.0935 0xcddc  PerfHost - ok
17:39:14.0935 0xcddc  PinFile - ok
17:39:14.0935 0xcddc  pla - ok
17:39:14.0951 0xcddc  PlugPlay - ok
17:39:14.0951 0xcddc  PNRPAutoReg - ok
17:39:14.0951 0xcddc  PNRPsvc - ok
17:39:14.0951 0xcddc  PolicyAgent - ok
17:39:14.0966 0xcddc  Power - ok
17:39:14.0966 0xcddc  PptpMiniport - ok
17:39:14.0966 0xcddc  Processor - ok
17:39:14.0966 0xcddc  ProfSvc - ok
17:39:14.0982 0xcddc  ProtectedStorage - ok
17:39:14.0982 0xcddc  Psched - ok
17:39:14.0982 0xcddc  ql2300 - ok
17:39:14.0982 0xcddc  ql40xx - ok
17:39:14.0997 0xcddc  QWAVE - ok
17:39:14.0997 0xcddc  QWAVEdrv - ok
17:39:14.0997 0xcddc  RasAcd - ok
17:39:14.0997 0xcddc  RasAgileVpn - ok
17:39:15.0013 0xcddc  RasAuto - ok
17:39:15.0013 0xcddc  Rasl2tp - ok
17:39:15.0013 0xcddc  RasMan - ok
17:39:15.0013 0xcddc  RasPppoe - ok
17:39:15.0013 0xcddc  RasSstp - ok
17:39:15.0029 0xcddc  rdbss - ok
17:39:15.0029 0xcddc  rdpbus - ok
17:39:15.0029 0xcddc  RDPCDD - ok
17:39:15.0029 0xcddc  RDPDR - ok
17:39:15.0044 0xcddc  RDPENCDD - ok
17:39:15.0044 0xcddc  RDPREFMP - ok
17:39:15.0044 0xcddc  RDPWD - ok
17:39:15.0044 0xcddc  rdyboost - ok
17:39:15.0044 0xcddc  RemoteAccess - ok
17:39:15.0060 0xcddc  RemoteRegistry - ok
17:39:15.0060 0xcddc  risdxc - ok
17:39:15.0060 0xcddc  RMBS - ok
17:39:15.0060 0xcddc  RpcEptMapper - ok
17:39:15.0075 0xcddc  RpcLocator - ok
17:39:15.0075 0xcddc  RpcSs - ok
17:39:15.0075 0xcddc  rspndr - ok
17:39:15.0075 0xcddc  s3cap - ok
17:39:15.0075 0xcddc  SamSs - ok
17:39:15.0091 0xcddc  Samsung UPD Service2 - ok
17:39:15.0091 0xcddc  sbp2port - ok
17:39:15.0091 0xcddc  SCardSvr - ok
17:39:15.0091 0xcddc  scfilter - ok
17:39:15.0091 0xcddc  Schedule - ok
17:39:15.0107 0xcddc  SCPolicySvc - ok
17:39:15.0107 0xcddc  SDDisk2K - ok
17:39:15.0107 0xcddc  SDDToki - ok
17:39:15.0107 0xcddc  SDDVD - ok
17:39:15.0122 0xcddc  SDRSVC - ok
17:39:15.0122 0xcddc  SDUPC - ok
17:39:15.0122 0xcddc  secdrv - ok
17:39:15.0122 0xcddc  seclogon - ok
17:39:15.0138 0xcddc  SENS - ok
17:39:15.0138 0xcddc  SensrSvc - ok
17:39:15.0138 0xcddc  Serenum - ok
17:39:15.0138 0xcddc  Serial - ok
17:39:15.0138 0xcddc  sermouse - ok
17:39:15.0153 0xcddc  SessionEnv - ok
17:39:15.0153 0xcddc  sffdisk - ok
17:39:15.0153 0xcddc  sffp_mmc - ok
17:39:15.0153 0xcddc  sffp_sd - ok
17:39:15.0169 0xcddc  sfloppy - ok
17:39:15.0169 0xcddc  SFsCtrx - ok
17:39:15.0169 0xcddc  SharedAccess - ok
17:39:15.0169 0xcddc  ShellHWDetection - ok
17:39:15.0185 0xcddc  SiSRaid2 - ok
17:39:15.0185 0xcddc  SiSRaid4 - ok
17:39:15.0185 0xcddc  Smb - ok
17:39:15.0185 0xcddc  SmcService - ok
17:39:15.0200 0xcddc  SNAC - ok
17:39:15.0216 0xcddc  SNMPTRAP - ok
17:39:15.0216 0xcddc  spldr - ok
17:39:15.0216 0xcddc  Spooler - ok
17:39:15.0216 0xcddc  sppsvc - ok
17:39:15.0231 0xcddc  sppuinotify - ok
17:39:15.0231 0xcddc  SRTSP - ok
17:39:15.0231 0xcddc  SRTSPL - ok
17:39:15.0247 0xcddc  SRTSPX - ok
17:39:15.0247 0xcddc  srv - ok
17:39:15.0247 0xcddc  srv2 - ok
17:39:15.0263 0xcddc  SrvHsfHDA - ok
17:39:15.0263 0xcddc  SrvHsfV92 - ok
17:39:15.0278 0xcddc  SrvHsfWinac - ok
17:39:15.0278 0xcddc  srvnet - ok
17:39:15.0278 0xcddc  SSDPSRV - ok
17:39:15.0278 0xcddc  SstpSvc - ok
17:39:15.0294 0xcddc  stexstor - ok
17:39:15.0294 0xcddc  stisvc - ok
17:39:15.0294 0xcddc  storflt - ok
17:39:15.0309 0xcddc  StorSvc - ok
17:39:15.0309 0xcddc  storvsc - ok
17:39:15.0309 0xcddc  swenum - ok
17:39:15.0325 0xcddc  swprv - ok
17:39:15.0325 0xcddc  Symantec AntiVirus - ok
17:39:15.0325 0xcddc  SymEvent - ok
17:39:15.0341 0xcddc  SynTP - ok
17:39:15.0341 0xcddc  SysMain - ok
17:39:15.0341 0xcddc  SystemExplorerHelpService - ok
17:39:15.0341 0xcddc  TabletInputService - ok
17:39:15.0356 0xcddc  Tanium Client - ok
17:39:15.0356 0xcddc  TapiSrv - ok
17:39:15.0356 0xcddc  TBS - ok
17:39:15.0372 0xcddc  Tcpip - ok
17:39:15.0372 0xcddc  TCPIP6 - ok
17:39:15.0387 0xcddc  tcpipreg - ok
17:39:15.0387 0xcddc  tdifd11 - ok
17:39:15.0387 0xcddc  TDPIPE - ok
17:39:15.0403 0xcddc  TDTCP - ok
17:39:15.0403 0xcddc  tdx - ok
17:39:15.0403 0xcddc  Teefer2 - ok
17:39:15.0403 0xcddc  TermDD - ok
17:39:15.0419 0xcddc  TermService - ok
17:39:15.0419 0xcddc  Themes - ok
17:39:15.0419 0xcddc  THREADORDER - ok
17:39:15.0434 0xcddc  TPM - ok
17:39:15.0434 0xcddc  TrkWks - ok
17:39:15.0450 0xcddc  TrustedInstaller - ok
17:39:15.0450 0xcddc  tssecsrv - ok
17:39:15.0465 0xcddc  TsUsbFlt - ok
17:39:15.0465 0xcddc  TsUsbGD - ok
17:39:15.0465 0xcddc  tunnel - ok
17:39:15.0481 0xcddc  uagp35 - ok
17:39:15.0481 0xcddc  udfs - ok
17:39:15.0497 0xcddc  UI0Detect - ok
17:39:15.0497 0xcddc  uliagpkx - ok
17:39:15.0512 0xcddc  umbus - ok
17:39:15.0512 0xcddc  UmPass - ok
17:39:15.0528 0xcddc  UmRdpService - ok
17:39:15.0528 0xcddc  upnphost - ok
17:39:15.0543 0xcddc  usbccgp - ok
17:39:15.0543 0xcddc  usbcir - ok
17:39:15.0543 0xcddc  usbehci - ok
17:39:15.0543 0xcddc  usbhub - ok
17:39:15.0559 0xcddc  usbohci - ok
17:39:15.0559 0xcddc  usbprint - ok
17:39:15.0559 0xcddc  USBSTOR - ok
17:39:15.0575 0xcddc  usbuhci - ok
17:39:15.0575 0xcddc  UxSms - ok
17:39:15.0575 0xcddc  VaultSvc - ok
17:39:15.0590 0xcddc  vdrvroot - ok
17:39:15.0590 0xcddc  vds - ok
17:39:15.0606 0xcddc  vfsmfd - ok
17:39:15.0606 0xcddc  vga - ok
17:39:15.0606 0xcddc  VgaSave - ok
17:39:15.0621 0xcddc  vhdmp - ok
17:39:15.0621 0xcddc  viaide - ok
17:39:15.0621 0xcddc  vmbus - ok
17:39:15.0637 0xcddc  VMBusHID - ok
17:39:15.0637 0xcddc  volmgr - ok
17:39:15.0653 0xcddc  volmgrx - ok
17:39:15.0653 0xcddc  volsnap - ok
17:39:15.0653 0xcddc  vrtam - ok
17:39:15.0668 0xcddc  vsmraid - ok
17:39:15.0668 0xcddc  VSS - ok
17:39:15.0684 0xcddc  vwifibus - ok
17:39:15.0684 0xcddc  vwififlt - ok
17:39:15.0684 0xcddc  vwifimp - ok
17:39:15.0684 0xcddc  W32Time - ok
17:39:15.0699 0xcddc  WacomPen - ok
17:39:15.0699 0xcddc  WANARP - ok
17:39:15.0715 0xcddc  Wanarpv6 - ok
17:39:15.0715 0xcddc  wbengine - ok
17:39:15.0715 0xcddc  WbioSrvc - ok
17:39:15.0731 0xcddc  wcncsvc - ok
17:39:15.0731 0xcddc  WcsPlugInService - ok
17:39:15.0731 0xcddc  Wd - ok
17:39:15.0746 0xcddc  Wdf01000 - ok
17:39:15.0746 0xcddc  WdiServiceHost - ok
17:39:15.0762 0xcddc  WdiSystemHost - ok
17:39:15.0762 0xcddc  WDP - ok
17:39:15.0762 0xcddc  WebClient - ok
17:39:15.0777 0xcddc  Wecsvc - ok
17:39:15.0777 0xcddc  wercplsupport - ok
17:39:15.0777 0xcddc  WerSvc - ok
17:39:15.0793 0xcddc  WfpLwf - ok
17:39:15.0793 0xcddc  WIMMount - ok
17:39:15.0809 0xcddc  WinDefend - ok
17:39:15.0809 0xcddc  WinHttpAutoProxySvc - ok
17:39:15.0809 0xcddc  WinMagic SecureDoc Service - ok
17:39:15.0824 0xcddc  Winmgmt - ok
17:39:15.0824 0xcddc  WinRM - ok
17:39:15.0840 0xcddc  Wlansvc - ok
17:39:15.0840 0xcddc  WmiAcpi - ok
17:39:15.0840 0xcddc  wmiApSrv - ok
17:39:15.0840 0xcddc  WMPNetworkSvc - ok
17:39:15.0855 0xcddc  WPCSvc - ok
17:39:15.0855 0xcddc  WPDBusEnum - ok
17:39:15.0855 0xcddc  WPS - ok
17:39:15.0855 0xcddc  WpsHelper - ok
17:39:15.0871 0xcddc  ws2ifsl - ok
17:39:15.0871 0xcddc  wscsvc - ok
17:39:15.0871 0xcddc  WSearch - ok
17:39:15.0887 0xcddc  wuauserv - ok
17:39:15.0887 0xcddc  WudfPf - ok
17:39:15.0887 0xcddc  WUDFRd - ok
17:39:15.0902 0xcddc  wudfsvc - ok
17:39:15.0902 0xcddc  WwanSvc - ok
17:39:15.0918 0xcddc  ================ Scan global ===============================
17:39:15.0918 0xcddc  [ Global ] - ok
17:39:15.0918 0xcddc  ================ Scan MBR ==================================
17:39:15.0918 0xcddc  [ 5631B502B49263BF15C30C2DA841C818 ] \Device\Harddisk0\DR0
17:39:15.0918 0xcddc  Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:39:16.0339 0xcddc  \Device\Harddisk0\DR0 - ok
17:39:16.0339 0xcddc  ================ Scan VBR ==================================
17:39:16.0355 0xcddc  [ F04E5C8F645448C02C3BAAE885F8104F ] \Device\Harddisk0\DR0\Partition1
17:39:16.0355 0xcddc  \Device\Harddisk0\DR0\Partition1 - ok
17:39:16.0370 0xcddc  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\WSCSavNotifier.exe ( 11.0.6300.541 ), 0x71000 ( enabled : updated )
17:39:16.0370 0xcddc  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe ( 11.0.6300.552 ), 0x41010 ( enabled )
17:39:19.0007 0xcddc  ============================================================
17:39:19.0007 0xcddc  Scan finished
17:39:19.0007 0xcddc  ============================================================
17:39:19.0022 0xcd80  Detected object count: 0
17:39:19.0022 0xcd80  Actual detected object count: 0
 


  • 0

#37
Pyxis
Posted 20 April 2014 - 06:45 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. :thumbsup: Below are a few more steps you have to complete to ensure the good working condition of your system.

Remove Special Tools with OTL by OldTimer

Using this tool will remove all temporary, and unnecessary files still in your computer after using the tools I asked you to run earlier.
  • Double-click OTL.exe to run it. For Windows Vista and Windows 7 users, please run it as an administrator.
    • As seen on the interface, click the CleanUp button.
    • You will be asked to reboot after. Please allow it to do so by clicking Yes on the next prompt.
Set a Clean Restore Point

Doing this will prevent you from a possible reinfection. You see, malicious files try to save a copy of themselves in the System Volume Information storage. The latter is a protected directory; the best way to get rid of these possible copies is to do the step below. Since your system is now clean, it is essential to set a clean and working backup.
  • Navigate to Start, right-click Computer and click Properties.
    • On the left, click System protection.
    • Click Create.... Input any title and press Create.
    • Once done, press Close > OK.
    • Click Start > All Programs > Accessories > System Tools.
    • Right-click on Disk Cleanup. Run it as an administrator.
    • If you have more than one drive, select your default one (C:). Otherwise, wait for its initialization to finish.
    • Check the following boxes (you may choose to add more):
      • Temporary Internet Files
      • Recycle Bin
      • Temporary Files
    • Navigate to the More Options tab.
    • Under System Restore and Shadow Copies, click Cleanup... > Delete > OK.
I will now proceed to giving to tips on how to maintain your system as it is. You can do the following as a routine to ensure that your system will work properly. Anytime you encounter an infection again, please do not hesitate to go back here at Geeks to Go. :)

Keep Your Computer Updated

Your current Windows operating system needs to install additional updates which are important, one of which is the Service Pack. The latter and other updates contain fixes and patches to prevent attackers from compromising your system. It is imperative that you keep your system up-to-date by obtaining free updates whenever they are available.
  • Install the latest Service Pack by going 'here'. If you already have, continually visit the official 'Microsoft Windows Update' site to keep your system up-to-date.
Update Java

One of the programs you use every day unknowingly is Java. It is necessary for a lot of applications thus you should make sure it is always up-to-date. Older versions may be prone to exploits and vulnerabilities.
  • Download the latest 'Java' installation and save it to your desktop.
    • You need to uninstall any previous Java installations.
      • For Windows XP: Navigate to Start > Control Panel > Add or Remove Programs.
      • For Windows Vista: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
      • For Windows 7: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
    • Search the list for previous installations of Java such as all versions below:
      • Java™ 7 Update 51
    • Proceed to uninstalling the old versions and install the one you've just downloaded.
Update Your Anti-Virus Every Day
  • Updating
Ensuring that you have one anti-virus installed in your system is a good way to prevent being infected. You must always make sure to update your anti-virus every day; anti-virus companies see to to it that the latest definition updates are distributed to be in par with the growing advancement and propagation of malware. Your anti-virus is useless if you do not update it.
  • Scanning
Set a scanning routine. Ensure that you do a full scan with your anti-virus monthly. This is part of maintaining a clean system--a scanning routine proves to be effective. You can never be sure when your computer has caught an infection.

Surf Safe

Alongside your anti-virus and firewall, various programs such as SpywareBlaster can be obtained to help you avoid malicious sites. Don't worry as it poses no conflict to your current installation. Please find the download link in the program's name below.SpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. Unlike other programs, it does not have to remain running in the background. It works alongside the programs you have to ensure safe surfing.
  • Just like your regular security programs, SpywareBlaster needs to be updated every day.
    • Open the program by clicking the icon.
    • Click Updates > Check For Updates.
    • If there happens to be an update, a Enable All Protection button will appear. Please click that button.
If you have any unresolved issues with regard to this thread or you need more :help: please ask me. I would assist you further, should it be required. Otherwise, enjoy your clean system.

:cheers:

Thank you.
  • 0

#38
t5403cg
Posted 20 April 2014 - 04:18 PM

t5403cg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Thanks Pyxis....wonderful job you did....!

GeeksToGo provides an invaluable service to us folks....twice in 5 years you have been able to fix issues that pay-for dudes couldn't....


  • 0

#39
Essexboy
Posted 21 April 2014 - 09:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#40
Essexboy
Posted 21 April 2014 - 09:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP