Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Trying to collect Bank info / possibly Java related, need Help

Started by jason richards , Mar 01 2012 07:14 PM

  • This topic is locked This topic is locked

#1
jason richards
Posted 01 March 2012 - 07:14 PM

jason richards

    Member

  • Member
  • PipPip
  • 10 posts
First and foremost thank you for allocating time to possibly help me.
My son has terorized this PC and now not only slowing down issue has come up,
but today after I signed in to my online banking website, a new window came up on the main screen
with Cash Edge logo (unknown to me) stating new security measures for me to enter additional personal information.
Somehow this 'malware' knew when to collect information.

I also have redirecting websites at times, as I realize status bar trying to load even a website I am on is static.
ALSO when I look up on TASK MANAGER on win 7, there are several svchost.exe files running, is this also an indication of also some sort of Virus or Malware?

I have done couple of things myself before writing this note:
*I have uninstalled Java from this computer
*I have deleted some of the registry entries relating to Java Runtime (as far as I could tell)
*When I was listing files as per newly created files, this file running as a process called "rizote.exe" got my attention
I stopped the process from Task Manager, and then found any associated entries in REGISTRY and deleted them, I also deleted the actual
file from its physical location in the computer (RELATING TO THIS I AM ALSO ATTACHING A SCREEN SHOT OF THE INFO)
*I use old version of ATF cleaner, although it's not a 64bit version I used that to clean some of the Temp files.

Anyways here is my OTL LOG
-------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 3/1/2012 5:02:57 PM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Arda\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.57 Gb Available Physical Memory | 82.81% Memory free
15.93 Gb Paging File | 14.55 Gb Available in Paging File | 91.34% Paging File free
Paging file location(s): f:\pagefile.sys 8192 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.92 Gb Total Space | 23.84 Gb Free Space | 16.80% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 31.37 Gb Free Space | 10.52% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 295.64 Gb Free Space | 99.18% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 106.81 Gb Free Space | 11.47% Space Free | Partition Type: NTFS

Computer Name: ATILIO | User Name: Arda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 17:02:23 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTL.exe
PRC - [2012/01/26 09:39:06 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgtray.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/30 01:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files (x86)\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2011/01/05 09:52:43 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgcsrvx.exe
PRC - [2010/09/22 03:00:06 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/18 04:11:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgemc.exe
PRC - [2010/09/18 04:11:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgwdsvc.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/07/29 03:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\MAFWTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 11:41:38 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/09/22 03:00:06 | 001,016,280 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/07 15:12:04 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/18 04:11:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/18 04:11:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 02:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/23 15:07:24 | 000,153,088 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/09/14 16:36:10 | 000,057,480 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\networx.sys -- (networx)
DRV:64bit: - [2011/09/12 08:50:33 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/07/07 08:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/05 07:21:08 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/03/30 01:13:00 | 000,033,656 | ---- | M] (KORG INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2011/01/05 09:52:43 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/09/19 04:31:40 | 000,502,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/18 01:46:04 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/03/10 05:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/11/18 21:43:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009/07/29 03:28:24 | 000,231,944 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mafw.sys -- (MAFW)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 16:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 12:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/13 00:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tr.msn.com/iat/us_tr.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 3D F1 64 19 57 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {5109A31D-1C4D-42AB-84D7-E50331A0460B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5109A31D-1C4D-42AB-84D7-E50331A0460B}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2818425
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/06 18:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/06 18:18:26 | 000,000,000 | ---D | M]

[2011/01/07 16:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arda\AppData\Roaming\mozilla\Extensions
[2011/01/07 16:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arda\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/01 12:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions
[2011/09/06 10:48:05 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2012/02/08 09:58:15 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2012/02/08 10:20:54 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/02/08 10:14:05 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2012/02/21 22:37:39 | 000,000,000 | ---D | M] (DeSopa) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\[email protected]
[2011/09/17 11:53:50 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\[email protected]
[2012/03/01 13:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/05 19:47:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/09 03:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

O1 HOSTS File: ([2012/03/01 16:44:05 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vshare.tv Bar Toolbar) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Users\Arda\AppData\Local\Temp\E_S1DA6.tmp" /EF "HKCU" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2012/02/29 12:28:58 | 000,000,000 | ---D | M]
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DBE389-51AE-429E-9D3B-63A380DA6574}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\system32\OGPDFLoader.dll) - C:\Windows\SysWOW64\OGPDFLoader.dll (Armjisoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1061926c-c596-11df-bd03-001cc01db0f9}\Shell - "" = AutoRun
O33 - MountPoints2\{1061926c-c596-11df-bd03-001cc01db0f9}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{10619286-c596-11df-bd03-001cc01db0f9}\Shell - "" = AutoRun
O33 - MountPoints2\{10619286-c596-11df-bd03-001cc01db0f9}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 17:02:23 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTL.exe
[2012/03/01 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\tdsskiller
[2012/03/01 16:51:01 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\GooredFix Backups
[2012/03/01 16:50:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Arda\Desktop\GooredFix.exe
[2012/03/01 16:44:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/03/01 16:42:40 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTM.exe
[2012/03/01 16:42:15 | 000,000,000 | ---D | C] -- C:\REGISTRY BACKUP 2012
[2012/03/01 16:41:24 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\erunt
[2012/03/01 12:43:36 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\Malwarebytes
[2012/03/01 12:43:31 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/01 12:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/01 12:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/01 12:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/01 12:42:52 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Arda\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/29 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\CutePDF
[2012/02/29 22:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2012/02/29 22:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CutePDF Pro
[2012/02/29 22:23:55 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\portfolio
[2012/02/29 12:28:54 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\2
[2012/02/29 12:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armjisoft
[2012/02/29 12:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Armjisoft
[2012/02/29 12:23:14 | 009,519,348 | ---- | C] (Armjisoft Corporation) -- C:\Users\Arda\Desktop\PDFOwnerguardPersonalSetup.exe
[2012/02/29 11:20:58 | 015,644,488 | ---- | C] (Solid Documents, LLC) -- C:\Users\Arda\Desktop\solidpdfcreator.exe
[2012/02/29 01:07:54 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\elegant-cv-resume-html-template
[2012/02/28 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\Fonts
[2012/02/28 17:13:19 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\Collection Of Nick's Fonts
[2012/02/28 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\Topaz Star Effects 1.1 for Adobe Photoshop
[2012/02/28 17:07:25 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\MediaLoot Graphic Design - Huge Bundle
[2012/02/28 08:30:31 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\{6F96A69C-D429-4480-887C-171B47DE9623}
[2012/02/28 08:30:20 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\{91F2303A-537D-4961-82AB-C9B5C0C45228}
[2012/02/27 06:14:23 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\{1E2A3DD1-8AE9-49F1-AA7E-2F8AFA61B255}
[2012/02/27 06:14:11 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\{137F6546-CB3F-4CF9-A09D-81E9D2F89612}
[2012/02/27 05:39:10 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\Fonts
[2012/02/27 05:37:36 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\FontCreator
[2012/02/27 05:37:17 | 001,078,504 | ---- | C] (High-Logic B.V.) -- C:\Windows\SysWow64\FontInstaller2.dll
[2012/02/27 05:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High-Logic FontCreator
[2012/02/27 05:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\High-Logic FontCreator
[2012/02/27 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\FontCreator
[2012/02/27 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\FontCreator
[2012/02/24 12:58:58 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\TechSmith
[2012/02/24 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\Camtasia Studio
[2012/02/24 12:58:01 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2012/02/24 12:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2012/02/24 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\BR
[2012/02/23 19:06:16 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\Adobe Mini Bridge CS5
[2012/02/23 15:23:37 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\Studio One
[2012/02/23 15:18:19 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/02/23 15:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/02/23 14:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/02/23 13:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PreSonus
[2012/02/23 13:48:34 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\PreSonus
[2012/02/23 13:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2012/02/23 13:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\PreSonus
[2012/02/22 13:13:14 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\TEMP
[2012/02/17 10:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/02/06 18:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KORG USB-MIDI Driver
[2012/02/06 18:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KORG

========== Files - Modified Within 30 Days ==========

[2012/03/01 17:02:23 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTL.exe
[2012/03/01 16:54:35 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 16:54:35 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 16:52:17 | 002,045,015 | ---- | M] () -- C:\Users\Arda\Desktop\tdsskiller.zip
[2012/03/01 16:50:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Arda\Desktop\GooredFix.exe
[2012/03/01 16:47:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 16:44:05 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/01 16:42:40 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTM.exe
[2012/03/01 16:40:58 | 000,513,320 | ---- | M] () -- C:\Users\Arda\Desktop\erunt.zip
[2012/03/01 16:27:37 | 000,002,248 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/03/01 15:50:04 | 000,027,032 | ---- | M] () -- C:\Users\Arda\Desktop\March 1st, 2012 AVG SCAN.csv
[2012/03/01 14:24:03 | 000,363,344 | ---- | M] () -- C:\Users\Arda\Desktop\restore.jpg
[2012/03/01 13:54:57 | 000,658,465 | ---- | M] () -- C:\Users\Arda\Desktop\rizote.jpg
[2012/03/01 12:43:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 12:42:55 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Arda\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/01 08:08:31 | 093,721,623 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/02/29 23:04:20 | 000,072,472 | ---- | M] () -- C:\Users\Arda\Desktop\Brogan Terrell Resume.pdf
[2012/02/29 22:59:32 | 001,979,694 | ---- | M] () -- C:\Users\Arda\Desktop\Brogan Terrell portfolio copy.pdf
[2012/02/29 14:43:18 | 000,199,512 | ---- | M] () -- C:\Users\Arda\Desktop\Filepost 29 Feb 2012.pdf
[2012/02/29 12:40:05 | 000,030,100 | ---- | M] () -- C:\Users\Arda\Desktop\Brogan Terrell.pdf
[2012/02/29 12:36:22 | 026,136,068 | ---- | M] () -- C:\Users\Arda\Desktop\Solid.PDF.Creator.Plus.v7.2.build.633.incl.patch.DA.zip
[2012/02/29 12:23:48 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\PDF OwnerGuard Personal.lnk
[2012/02/29 12:23:27 | 009,519,348 | ---- | M] (Armjisoft Corporation) -- C:\Users\Arda\Desktop\PDFOwnerguardPersonalSetup.exe
[2012/02/29 11:21:07 | 015,644,488 | ---- | M] (Solid Documents, LLC) -- C:\Users\Arda\Desktop\solidpdfcreator.exe
[2012/02/29 10:58:34 | 000,239,930 | ---- | M] () -- C:\Users\Arda\Desktop\2.ai
[2012/02/29 10:32:04 | 004,987,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/29 01:20:47 | 005,047,136 | ---- | M] () -- C:\Users\Arda\Desktop\moondog.psd
[2012/02/28 22:04:05 | 001,900,400 | ---- | M] () -- C:\Users\Arda\Desktop\elegant-cv-resume-html-template.zip
[2012/02/27 05:37:18 | 000,001,224 | ---- | M] () -- C:\Users\Arda\Desktop\High-Logic FontCreator.lnk
[2012/02/27 05:34:27 | 009,921,906 | ---- | M] () -- C:\Users\Arda\Desktop\High-Logic.FontCreator.Professional.Edition.6.5.rar
[2012/02/24 18:39:30 | 003,740,744 | ---- | M] () -- C:\Users\Arda\Desktop\moondog font.psd
[2012/02/23 19:31:25 | 009,625,925 | ---- | M] () -- C:\Users\Arda\Desktop\IMG_2279.psd
[2012/02/23 18:07:44 | 000,001,072 | ---- | M] () -- C:\Users\Arda\Desktop\Documents.lnk
[2012/02/23 17:32:25 | 000,284,803 | ---- | M] () -- C:\Users\Arda\Desktop\Stanislavski. system.pdf
[2012/02/23 15:32:48 | 000,001,002 | ---- | M] () -- C:\Users\Arda\Desktop\Sandboxed Web Browser.lnk
[2012/02/23 15:28:01 | 000,000,016 | ---- | M] () -- C:\Users\Arda\AppData\Roaming\msregsvv.dll
[2012/02/23 15:28:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\autobk.inc
[2012/02/23 15:23:13 | 000,307,987 | ---- | M] () -- C:\Users\Arda\Desktop\presonus install 2.jpg
[2012/02/23 15:22:49 | 000,318,298 | ---- | M] () -- C:\Users\Arda\Desktop\presonus install 1.jpg
[2012/02/23 15:19:25 | 000,000,624 | ---- | M] () -- C:\Users\Arda\Desktop\Studio One 2 Professional.license
[2012/02/23 14:50:01 | 001,786,766 | ---- | M] () -- C:\Users\Arda\Desktop\IMG_2279.JPG
[2012/02/23 13:47:48 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Studio One 2 x64.lnk
[2012/02/23 00:15:02 | 000,359,760 | ---- | M] () -- C:\Users\Arda\Desktop\bill Arda.pdf
[2012/02/17 10:33:53 | 000,002,037 | ---- | M] () -- C:\Users\Arda\Desktop\JDownloader.lnk
[2012/02/17 10:33:53 | 000,002,001 | ---- | M] () -- C:\Users\Arda\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/02/08 16:51:29 | 000,001,440 | ---- | M] () -- C:\Users\Arda\Desktop\Firefox - Profiles.lnk
[2012/02/06 12:49:32 | 000,000,146 | ---- | M] () -- C:\Users\Arda\Desktop\SOUND.lnk
[2012/02/05 19:48:46 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/05 19:48:46 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/05 19:48:46 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/01 19:00:25 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Defrag Winner Schedule.job

========== Files Created - No Company Name ==========

[2012/03/01 16:52:00 | 002,045,015 | ---- | C] () -- C:\Users\Arda\Desktop\tdsskiller.zip
[2012/03/01 16:40:54 | 000,513,320 | ---- | C] () -- C:\Users\Arda\Desktop\erunt.zip
[2012/03/01 14:29:03 | 000,027,032 | ---- | C] () -- C:\Users\Arda\Desktop\March 1st, 2012 AVG SCAN.csv
[2012/03/01 14:24:03 | 000,363,344 | ---- | C] () -- C:\Users\Arda\Desktop\restore.jpg
[2012/03/01 13:54:56 | 000,658,465 | ---- | C] () -- C:\Users\Arda\Desktop\rizote.jpg
[2012/03/01 12:43:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/29 23:04:20 | 000,072,472 | ---- | C] () -- C:\Users\Arda\Desktop\Brogan Terrell Resume.pdf
[2012/02/29 23:03:20 | 001,979,694 | ---- | C] () -- C:\Users\Arda\Desktop\Brogan Terrell portfolio copy.pdf
[2012/02/29 14:43:18 | 000,199,512 | ---- | C] () -- C:\Users\Arda\Desktop\Filepost 29 Feb 2012.pdf
[2012/02/29 12:23:48 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\PDF OwnerGuard Personal.lnk
[2012/02/29 11:38:08 | 026,136,068 | ---- | C] () -- C:\Users\Arda\Desktop\Solid.PDF.Creator.Plus.v7.2.build.633.incl.patch.DA.zip
[2012/02/29 01:03:45 | 000,030,100 | ---- | C] () -- C:\Users\Arda\Desktop\Brogan Terrell.pdf
[2012/02/28 23:05:02 | 000,239,930 | ---- | C] () -- C:\Users\Arda\Desktop\2.ai
[2012/02/28 22:03:58 | 001,900,400 | ---- | C] () -- C:\Users\Arda\Desktop\elegant-cv-resume-html-template.zip
[2012/02/27 05:37:18 | 000,001,224 | ---- | C] () -- C:\Users\Arda\Desktop\High-Logic FontCreator.lnk
[2012/02/27 05:33:21 | 009,921,906 | ---- | C] () -- C:\Users\Arda\Desktop\High-Logic.FontCreator.Professional.Edition.6.5.rar
[2012/02/24 18:30:52 | 003,740,744 | ---- | C] () -- C:\Users\Arda\Desktop\moondog font.psd
[2012/02/23 19:31:25 | 009,625,925 | ---- | C] () -- C:\Users\Arda\Desktop\IMG_2279.psd
[2012/02/23 19:03:55 | 005,047,136 | ---- | C] () -- C:\Users\Arda\Desktop\moondog.psd
[2012/02/23 18:20:09 | 001,786,766 | ---- | C] () -- C:\Users\Arda\Desktop\IMG_2279.JPG
[2012/02/23 18:07:44 | 000,001,072 | ---- | C] () -- C:\Users\Arda\Desktop\Documents.lnk
[2012/02/23 17:32:25 | 000,284,803 | ---- | C] () -- C:\Users\Arda\Desktop\Stanislavski. system.pdf
[2012/02/23 15:23:13 | 000,307,987 | ---- | C] () -- C:\Users\Arda\Desktop\presonus install 2.jpg
[2012/02/23 15:22:49 | 000,318,298 | ---- | C] () -- C:\Users\Arda\Desktop\presonus install 1.jpg
[2012/02/23 15:19:25 | 000,000,624 | ---- | C] () -- C:\Users\Arda\Desktop\Studio One 2 Professional.license
[2012/02/23 14:53:35 | 000,001,002 | ---- | C] () -- C:\Users\Arda\Desktop\Sandboxed Web Browser.lnk
[2012/02/23 14:53:33 | 000,002,248 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/02/23 13:47:48 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio One 2 x64.lnk
[2012/02/23 13:47:48 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Studio One 2 x64.lnk
[2012/02/23 00:15:02 | 000,359,760 | ---- | C] () -- C:\Users\Arda\Desktop\bill Arda.pdf
[2012/02/17 10:33:53 | 000,002,037 | ---- | C] () -- C:\Users\Arda\Desktop\JDownloader.lnk
[2012/02/17 10:33:53 | 000,002,001 | ---- | C] () -- C:\Users\Arda\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/02/17 10:33:48 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012/02/17 10:33:48 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/02/17 10:33:48 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012/02/08 16:51:29 | 000,001,440 | ---- | C] () -- C:\Users\Arda\Desktop\Firefox - Profiles.lnk
[2012/02/06 19:01:32 | 000,002,299 | ---- | C] () -- C:\Users\Arda\Desktop\Vyzex MPK25.lnk
[2012/02/06 12:49:32 | 000,000,146 | ---- | C] () -- C:\Users\Arda\Desktop\SOUND.lnk
[2012/01/09 17:17:28 | 000,005,632 | ---- | C] () -- C:\Users\Arda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/09 17:13:44 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2012/01/09 17:13:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2012/01/06 18:25:25 | 000,000,016 | ---- | C] () -- C:\Users\Arda\AppData\Roaming\msregsvv.dll
[2012/01/06 18:25:25 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2011/12/08 13:41:04 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/14 07:42:35 | 000,001,189 | ---- | C] () -- C:\Users\Arda\AppData\Roaming\vso_ts_preview.xml
[2011/06/21 11:18:32 | 000,001,456 | ---- | C] () -- C:\Users\Arda\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/01/13 20:54:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/01/13 20:54:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/01/13 20:54:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/01/13 20:54:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/01/13 20:54:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/01/13 20:54:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/01/13 20:54:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/01/13 20:54:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/01/13 20:54:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/01/13 20:54:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/01/13 20:54:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/01/13 20:54:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/01/13 20:54:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/01/13 20:54:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/01/13 20:54:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/01/13 20:54:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/01/13 20:52:05 | 000,000,079 | ---- | C] () -- C:\Windows\ENX625.ini
[2010/09/21 04:22:44 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2010/09/19 03:31:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== LOP Check ==========

[2010/09/18 04:14:54 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\AVG9
[2011/02/11 09:37:17 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/19 04:37:12 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\DAEMON Tools Lite
[2011/03/16 19:01:42 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Epson
[2010/09/21 04:23:29 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Final Draft
[2012/02/27 05:39:41 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\FontCreator
[2011/01/07 16:04:31 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Greyfirst
[2012/01/06 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\IK Multimedia
[2011/01/13 20:59:08 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Leadertech
[2012/01/06 15:33:25 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\NCH Swift Sound
[2011/01/29 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\PACE Anti-Piracy
[2012/02/23 13:48:34 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\PreSonus
[2012/01/17 16:36:07 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Sports Interactive
[2011/01/29 14:48:17 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/06 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Steinberg
[2010/09/26 07:45:48 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\TeraCopy
[2012/01/10 10:35:26 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Total Media Converter
[2012/02/29 22:32:28 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\uTorrent
[2012/01/31 16:39:22 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Vso
[2011/10/06 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\VST3 Presets
[2011/12/20 11:33:42 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Windows Live Writer
[2012/02/01 19:00:25 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\Defrag Winner Schedule.job
[2012/03/01 16:24:01 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Thumbnails

  • rizote.jpg

Edited by jason richards, 01 March 2012 - 08:17 PM.

  • 0

Advertisements

#2
jason richards
Posted 05 March 2012 - 01:18 PM

jason richards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
no help for me? its been about 4 days now...
Did I do something wrong I did post the OTL LOG
  • 0

#3
Essexboy
Posted 05 March 2012 - 03:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118
    [2010/09/21 04:22:44 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

Re-run OTL with the following custom scan

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt .
  • Post All logs

  • 0

#4
jason richards
Posted 05 March 2012 - 05:52 PM

jason richards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
essexboy thanks for the reply,
I am at work now, its 3:50 afternoon here, in about an hour or so I will be home to do those steps you directed,
and will reply to here ASAP.

Thank you.
  • 0

#5
jason richards
Posted 05 March 2012 - 09:35 PM

jason richards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
essex:


First log:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\ProgramData\.811261211181235583101118113995 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Arda\Desktop\cmd.bat deleted successfully.
C:\Users\Arda\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Arda
->Temp folder emptied: 44815 bytes
->Temporary Internet Files folder emptied: 125000 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46638777 bytes
->Flash cache emptied: 1805 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.35.1 log created on 03052012_191725

Files\Folders moved on Reboot...
C:\Users\Arda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
-------------------------------------------------------------------------------------------------------------------------------------------------------
second log from SCAN:
********* BY THE WAY THIS SECOND SCAN OFFERED TO DOWNLOAD A VIRUS SCANNER FROM AVAST PRIOR TO SCAN, I DECLINED THAT and JUST DID aswMBR SCAN without downloading anything extra.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-05 19:21:07
-----------------------------
19:21:07.159 OS Version: Windows x64 6.1.7600
19:21:07.159 Number of processors: 2 586 0xF0B
19:21:07.159 ComputerName: ATILIO UserName: Arda
19:21:07.718 Initialize success
19:21:24.065 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:21:24.066 Disk 0 Vendor: ST316081 3.AA Size: 152627MB BusType: 8
19:21:24.067 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
19:21:24.068 Disk 1 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 8
19:21:24.069 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2
19:21:24.070 Disk 2 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 8
19:21:24.071 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-3
19:21:24.072 Disk 3 Vendor: ST310005 CC46 Size: 953869MB BusType: 8
19:21:24.121 Disk 0 MBR read successfully
19:21:24.122 Disk 0 MBR scan
19:21:24.124 Disk 0 Windows 7 default MBR code
19:21:24.128 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145330 MB offset 63
19:21:24.151 Disk 0 Partition 2 00 BC BCFS 7295 MB offset 297636255
19:21:24.195 Disk 0 scanning C:\Windows\system32\drivers
19:21:30.307 Service scanning
19:21:40.366 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:21:43.589 Modules scanning
19:21:43.596 Disk 0 trace - called modules:
19:21:43.611 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800691f2c0]<<sptd.sys iaStorV.sys hal.dll
19:21:43.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80084c0740]
19:21:43.617 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007f18050]
19:21:43.620 \Driver\iaStorV[0xfffffa8007618aa0] -> IRP_MJ_CREATE -> 0xfffffa800691f2c0
19:21:43.624 Scan finished successfully
19:23:30.415 Disk 0 MBR has been saved successfully to "C:\Users\Arda\Desktop\MBR.dat"
19:23:30.418 The log file has been saved successfully to "C:\Users\Arda\Desktop\aswMBR.txt"


--------------------------------------------------------------------------------------------------------------
Third Last Log named OTL.txt
OTL logfile created on: 3/5/2012 7:24:21 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Arda\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 83.71% Memory free
15.93 Gb Paging File | 14.63 Gb Available in Paging File | 91.80% Paging File free
Paging file location(s): f:\pagefile.sys 8192 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.92 Gb Total Space | 101.42 Gb Free Space | 71.46% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 31.37 Gb Free Space | 10.52% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 44.73 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 28.15 Gb Free Space | 3.02% Space Free | Partition Type: NTFS
Drive I: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 27.43 Gb Free Space | 2.95% Space Free | Partition Type: NTFS

Computer Name: ATILIO | User Name: Arda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 19:16:33 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTL.exe
PRC - [2012/01/26 09:39:06 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgtray.exe
PRC - [2011/03/30 01:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files (x86)\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2011/01/05 09:52:43 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgcsrvx.exe
PRC - [2010/09/22 03:00:06 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/18 04:11:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgemc.exe
PRC - [2010/09/18 04:11:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG9\avgwdsvc.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/07/29 03:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\MAFWTray.exe


========== Modules (No Company Name) ==========

MOD - [2010/09/22 03:00:06 | 001,016,280 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/07 15:12:04 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/18 04:11:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/18 04:11:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 02:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/23 15:07:24 | 000,153,088 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/02/07 17:13:32 | 000,149,640 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/09/14 16:36:10 | 000,057,480 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\networx.sys -- (networx)
DRV:64bit: - [2011/09/12 08:50:33 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/07/07 08:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/05 07:21:08 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/03/30 01:13:00 | 000,033,656 | ---- | M] (KORG INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2011/01/05 09:52:43 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/09/19 04:31:40 | 000,502,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/18 01:46:04 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/03/10 05:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/11/18 21:43:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009/07/29 03:28:24 | 000,231,944 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mafw.sys -- (MAFW)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 16:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 12:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/13 00:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://tr.msn.com/iat/us_tr.aspx
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 3D F1 64 19 57 CB 01 [binary data]
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\..\SearchScopes,DefaultScope = {5109A31D-1C4D-42AB-84D7-E50331A0460B}
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\..\SearchScopes\{5109A31D-1C4D-42AB-84D7-E50331A0460B}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2818425
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/06 18:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/06 18:18:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Arda\AppData\Roaming\IDM\idmmzcc5 [2012/03/02 18:05:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Arda\AppData\Roaming\IDM\idmmzcc5 [2012/03/02 18:05:48 | 000,000,000 | ---D | M]

[2011/01/07 16:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arda\AppData\Roaming\mozilla\Extensions
[2011/01/07 16:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arda\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/04 20:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions
[2011/09/06 10:48:05 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2012/02/08 09:58:15 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2012/02/08 10:20:54 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/02/08 10:14:05 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2012/02/21 22:37:39 | 000,000,000 | ---D | M] (DeSopa) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\[email protected]
[2011/09/17 11:53:50 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Arda\AppData\Roaming\mozilla\Firefox\Profiles\5yuxskvy.default\extensions\[email protected]
[2012/03/01 18:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/01 18:31:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/01/07 16:03:42 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/03/01 18:31:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/09 03:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

O1 HOSTS File: ([2012/03/05 19:17:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\IDM\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\IDM\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-166818136-2829842862-2999586312-1000\..\Toolbar\WebBrowser: (vshare.tv Bar Toolbar) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-166818136-2829842862-2999586312-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-166818136-2829842862-2999586312-1000..\Run: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Users\Arda\AppData\Local\Temp\E_S1DA6.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\IDM\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\IDM\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\IDM\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\IDM\IEExt.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DBE389-51AE-429E-9D3B-63A380DA6574}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\system32\OGPDFLoader.dll) - C:\Windows\SysWOW64\OGPDFLoader.dll (Armjisoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 13:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1061926c-c596-11df-bd03-001cc01db0f9}\Shell - "" = AutoRun
O33 - MountPoints2\{1061926c-c596-11df-bd03-001cc01db0f9}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{10619286-c596-11df-bd03-001cc01db0f9}\Shell - "" = AutoRun
O33 - MountPoints2\{10619286-c596-11df-bd03-001cc01db0f9}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- [2009/11/13 11:25:22 | 003,280,672 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 19:17:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/05 19:16:39 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTL.exe
[2012/03/05 19:14:16 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Arda\Desktop\aswMBR.exe
[2012/03/05 19:12:31 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTM.exe
[2012/03/02 18:05:43 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\IDM
[2012/03/02 18:05:43 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\DMCache
[2012/03/02 18:04:26 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/03/02 18:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/03/02 18:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM
[2012/03/01 18:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/01 17:20:40 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Arda\Desktop\TFC.exe
[2012/03/01 16:51:01 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\GooredFix Backups
[2012/03/01 16:50:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Arda\Desktop\GooredFix.exe
[2012/03/01 16:42:15 | 000,000,000 | ---D | C] -- C:\REGISTRY BACKUP 2012
[2012/03/01 16:41:24 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\erunt
[2012/03/01 12:43:36 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\Malwarebytes
[2012/03/01 12:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/01 12:42:52 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Arda\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/29 22:44:58 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\CutePDF
[2012/02/29 22:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2012/02/29 22:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CutePDF Pro
[2012/02/29 22:23:55 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\Brogan Portfolio
[2012/02/29 12:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armjisoft
[2012/02/29 12:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Armjisoft
[2012/02/29 12:23:14 | 009,519,348 | ---- | C] (Armjisoft Corporation) -- C:\Users\Arda\Desktop\PDFOwnerguardPersonalSetup.exe
[2012/02/29 11:20:58 | 015,644,488 | ---- | C] (Solid Documents, LLC) -- C:\Users\Arda\Desktop\solidpdfcreator.exe
[2012/02/28 08:30:31 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\{6F96A69C-D429-4480-887C-171B47DE9623}
[2012/02/28 08:30:20 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\{91F2303A-537D-4961-82AB-C9B5C0C45228}
[2012/02/27 06:14:23 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\{1E2A3DD1-8AE9-49F1-AA7E-2F8AFA61B255}
[2012/02/27 06:14:11 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\{137F6546-CB3F-4CF9-A09D-81E9D2F89612}
[2012/02/27 05:39:10 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\Fonts
[2012/02/27 05:37:36 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\FontCreator
[2012/02/27 05:37:17 | 001,078,504 | ---- | C] (High-Logic B.V.) -- C:\Windows\SysWow64\FontInstaller2.dll
[2012/02/27 05:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High-Logic FontCreator
[2012/02/27 05:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\High-Logic FontCreator
[2012/02/27 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\FontCreator
[2012/02/27 05:37:17 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\FontCreator
[2012/02/24 12:58:58 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Local\TechSmith
[2012/02/24 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\Camtasia Studio
[2012/02/24 12:58:01 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2012/02/24 12:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2012/02/24 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\Arda\Desktop\BR
[2012/02/23 19:06:16 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\Adobe Mini Bridge CS5
[2012/02/23 15:23:37 | 000,000,000 | ---D | C] -- C:\Users\Arda\Documents\Studio One
[2012/02/23 15:18:19 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/02/23 15:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/02/23 14:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/02/23 13:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PreSonus
[2012/02/23 13:48:34 | 000,000,000 | ---D | C] -- C:\Users\Arda\AppData\Roaming\PreSonus
[2012/02/23 13:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2012/02/23 13:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\PreSonus
[2012/02/23 07:12:58 | 000,149,640 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/02/17 10:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/02/06 18:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KORG USB-MIDI Driver
[2012/02/06 18:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KORG

========== Files - Modified Within 30 Days ==========

[2012/03/05 19:26:42 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 19:26:42 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 19:23:30 | 000,000,512 | ---- | M] () -- C:\Users\Arda\Desktop\MBR.dat
[2012/03/05 19:19:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 19:17:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/05 19:16:33 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTL.exe
[2012/03/05 19:14:15 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Arda\Desktop\aswMBR.exe
[2012/03/05 19:12:33 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Arda\Desktop\OTM.exe
[2012/03/05 18:35:26 | 093,913,724 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/03/05 18:14:16 | 000,225,125 | ---- | M] () -- C:\Users\Arda\Desktop\Turkiye Ligi Gol Kralligi.jpg
[2012/03/05 13:40:03 | 000,000,016 | ---- | M] () -- C:\Users\Arda\AppData\Roaming\msregsvv.dll
[2012/03/05 13:40:03 | 000,000,016 | ---- | M] () -- C:\ProgramData\autobk.inc
[2012/03/05 11:22:52 | 000,001,246 | ---- | M] () -- C:\Users\Arda\Desktop\Roaming.lnk
[2012/03/02 08:09:12 | 012,079,631 | ---- | M] () -- C:\Users\Arda\Desktop\LucisArt.3.02.ED.SE.PS.rar
[2012/03/01 19:00:06 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Defrag Winner Schedule.job
[2012/03/01 18:33:32 | 000,001,600 | ---- | M] () -- C:\Users\Arda\Desktop\javacpl.lnk
[2012/03/01 17:20:42 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Arda\Desktop\TFC.exe
[2012/03/01 16:50:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Arda\Desktop\GooredFix.exe
[2012/03/01 16:40:58 | 000,513,320 | ---- | M] () -- C:\Users\Arda\Desktop\erunt.zip
[2012/03/01 16:27:37 | 000,002,248 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/03/01 15:50:04 | 000,027,032 | ---- | M] () -- C:\Users\Arda\Desktop\March 1st, 2012 AVG SCAN.csv
[2012/03/01 14:24:03 | 000,363,344 | ---- | M] () -- C:\Users\Arda\Desktop\restore.jpg
[2012/03/01 13:54:57 | 000,658,465 | ---- | M] () -- C:\Users\Arda\Desktop\rizote.jpg
[2012/03/01 12:42:55 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Arda\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/29 23:04:20 | 000,072,472 | ---- | M] () -- C:\Users\Arda\Desktop\Brogan Terrell Resume.pdf
[2012/02/29 22:59:32 | 001,979,694 | ---- | M] () -- C:\Users\Arda\Desktop\Brogan Terrell portfolio copy.pdf
[2012/02/29 14:43:18 | 000,199,512 | ---- | M] () -- C:\Users\Arda\Desktop\Filepost 29 Feb 2012.pdf
[2012/02/29 12:40:05 | 000,030,100 | ---- | M] () -- C:\Users\Arda\Desktop\Brogan Terrell.pdf
[2012/02/29 12:36:22 | 026,136,068 | ---- | M] () -- C:\Users\Arda\Desktop\Solid.PDF.Creator.Plus.v7.2.build.633.incl.patch.DA.zip
[2012/02/29 12:23:48 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\PDF OwnerGuard Personal.lnk
[2012/02/29 12:23:27 | 009,519,348 | ---- | M] (Armjisoft Corporation) -- C:\Users\Arda\Desktop\PDFOwnerguardPersonalSetup.exe
[2012/02/29 11:21:07 | 015,644,488 | ---- | M] (Solid Documents, LLC) -- C:\Users\Arda\Desktop\solidpdfcreator.exe
[2012/02/29 10:58:34 | 000,239,930 | ---- | M] () -- C:\Users\Arda\Desktop\2.ai
[2012/02/29 10:32:04 | 004,987,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/29 01:20:47 | 005,047,136 | ---- | M] () -- C:\Users\Arda\Desktop\moondog.psd
[2012/02/28 22:04:05 | 001,900,400 | ---- | M] () -- C:\Users\Arda\Desktop\elegant-cv-resume-html-template.zip
[2012/02/27 05:37:18 | 000,001,224 | ---- | M] () -- C:\Users\Arda\Desktop\High-Logic FontCreator.lnk
[2012/02/24 18:39:30 | 003,740,744 | ---- | M] () -- C:\Users\Arda\Desktop\moondog font.psd
[2012/02/23 19:31:25 | 009,625,925 | ---- | M] () -- C:\Users\Arda\Desktop\IMG_2279.psd
[2012/02/23 18:07:44 | 000,001,072 | ---- | M] () -- C:\Users\Arda\Desktop\Documents.lnk
[2012/02/23 17:32:25 | 000,284,803 | ---- | M] () -- C:\Users\Arda\Desktop\Stanislavski. system.pdf
[2012/02/23 15:32:48 | 000,001,002 | ---- | M] () -- C:\Users\Arda\Desktop\Sandboxed Web Browser.lnk
[2012/02/23 15:23:13 | 000,307,987 | ---- | M] () -- C:\Users\Arda\Desktop\presonus install 2.jpg
[2012/02/23 15:22:49 | 000,318,298 | ---- | M] () -- C:\Users\Arda\Desktop\presonus install 1.jpg
[2012/02/23 15:19:25 | 000,000,624 | ---- | M] () -- C:\Users\Arda\Desktop\Studio One 2 Professional.license
[2012/02/23 14:50:01 | 001,786,766 | ---- | M] () -- C:\Users\Arda\Desktop\IMG_2279.JPG
[2012/02/23 13:47:48 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Studio One 2 x64.lnk
[2012/02/23 00:15:02 | 000,359,760 | ---- | M] () -- C:\Users\Arda\Desktop\bill Arda.pdf
[2012/02/17 10:33:53 | 000,002,037 | ---- | M] () -- C:\Users\Arda\Desktop\JDownloader.lnk
[2012/02/17 10:33:53 | 000,002,001 | ---- | M] () -- C:\Users\Arda\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/02/08 16:51:29 | 000,001,440 | ---- | M] () -- C:\Users\Arda\Desktop\Firefox - Profiles.lnk
[2012/02/07 17:13:32 | 000,149,640 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/02/06 12:49:32 | 000,000,146 | ---- | M] () -- C:\Users\Arda\Desktop\SOUND.lnk
[2012/02/05 19:48:46 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/05 19:48:46 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/05 19:48:46 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/03/05 19:23:30 | 000,000,512 | ---- | C] () -- C:\Users\Arda\Desktop\MBR.dat
[2012/03/05 18:14:15 | 000,225,125 | ---- | C] () -- C:\Users\Arda\Desktop\Turkiye Ligi Gol Kralligi.jpg
[2012/03/05 11:22:52 | 000,001,246 | ---- | C] () -- C:\Users\Arda\Desktop\Roaming.lnk
[2012/03/02 08:07:08 | 012,079,631 | ---- | C] () -- C:\Users\Arda\Desktop\LucisArt.3.02.ED.SE.PS.rar
[2012/03/01 18:33:32 | 000,001,600 | ---- | C] () -- C:\Users\Arda\Desktop\javacpl.lnk
[2012/03/01 16:40:54 | 000,513,320 | ---- | C] () -- C:\Users\Arda\Desktop\erunt.zip
[2012/03/01 14:29:03 | 000,027,032 | ---- | C] () -- C:\Users\Arda\Desktop\March 1st, 2012 AVG SCAN.csv
[2012/03/01 14:24:03 | 000,363,344 | ---- | C] () -- C:\Users\Arda\Desktop\restore.jpg
[2012/03/01 13:54:56 | 000,658,465 | ---- | C] () -- C:\Users\Arda\Desktop\rizote.jpg
[2012/02/29 23:04:20 | 000,072,472 | ---- | C] () -- C:\Users\Arda\Desktop\Brogan Terrell Resume.pdf
[2012/02/29 23:03:20 | 001,979,694 | ---- | C] () -- C:\Users\Arda\Desktop\Brogan Terrell portfolio copy.pdf
[2012/02/29 14:43:18 | 000,199,512 | ---- | C] () -- C:\Users\Arda\Desktop\Filepost 29 Feb 2012.pdf
[2012/02/29 12:23:48 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\PDF OwnerGuard Personal.lnk
[2012/02/29 11:38:08 | 026,136,068 | ---- | C] () -- C:\Users\Arda\Desktop\Solid.PDF.Creator.Plus.v7.2.build.633.incl.patch.DA.zip
[2012/02/29 01:03:45 | 000,030,100 | ---- | C] () -- C:\Users\Arda\Desktop\Brogan Terrell.pdf
[2012/02/28 23:05:02 | 000,239,930 | ---- | C] () -- C:\Users\Arda\Desktop\2.ai
[2012/02/28 22:03:58 | 001,900,400 | ---- | C] () -- C:\Users\Arda\Desktop\elegant-cv-resume-html-template.zip
[2012/02/27 05:37:18 | 000,001,224 | ---- | C] () -- C:\Users\Arda\Desktop\High-Logic FontCreator.lnk
[2012/02/24 18:30:52 | 003,740,744 | ---- | C] () -- C:\Users\Arda\Desktop\moondog font.psd
[2012/02/23 19:31:25 | 009,625,925 | ---- | C] () -- C:\Users\Arda\Desktop\IMG_2279.psd
[2012/02/23 19:03:55 | 005,047,136 | ---- | C] () -- C:\Users\Arda\Desktop\moondog.psd
[2012/02/23 18:20:09 | 001,786,766 | ---- | C] () -- C:\Users\Arda\Desktop\IMG_2279.JPG
[2012/02/23 18:07:44 | 000,001,072 | ---- | C] () -- C:\Users\Arda\Desktop\Documents.lnk
[2012/02/23 17:32:25 | 000,284,803 | ---- | C] () -- C:\Users\Arda\Desktop\Stanislavski. system.pdf
[2012/02/23 15:23:13 | 000,307,987 | ---- | C] () -- C:\Users\Arda\Desktop\presonus install 2.jpg
[2012/02/23 15:22:49 | 000,318,298 | ---- | C] () -- C:\Users\Arda\Desktop\presonus install 1.jpg
[2012/02/23 15:19:25 | 000,000,624 | ---- | C] () -- C:\Users\Arda\Desktop\Studio One 2 Professional.license
[2012/02/23 14:53:35 | 000,001,002 | ---- | C] () -- C:\Users\Arda\Desktop\Sandboxed Web Browser.lnk
[2012/02/23 14:53:33 | 000,002,248 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/02/23 13:47:48 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio One 2 x64.lnk
[2012/02/23 13:47:48 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Studio One 2 x64.lnk
[2012/02/23 00:15:02 | 000,359,760 | ---- | C] () -- C:\Users\Arda\Desktop\bill Arda.pdf
[2012/02/17 10:33:53 | 000,002,037 | ---- | C] () -- C:\Users\Arda\Desktop\JDownloader.lnk
[2012/02/17 10:33:53 | 000,002,001 | ---- | C] () -- C:\Users\Arda\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012/02/17 10:33:48 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012/02/17 10:33:48 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/02/17 10:33:48 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012/02/08 16:51:29 | 000,001,440 | ---- | C] () -- C:\Users\Arda\Desktop\Firefox - Profiles.lnk
[2012/02/06 19:01:32 | 000,002,299 | ---- | C] () -- C:\Users\Arda\Desktop\Vyzex MPK25.lnk
[2012/02/06 12:49:32 | 000,000,146 | ---- | C] () -- C:\Users\Arda\Desktop\SOUND.lnk
[2012/01/09 17:17:28 | 000,005,632 | ---- | C] () -- C:\Users\Arda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/09 17:13:44 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2012/01/09 17:13:44 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2012/01/06 18:25:25 | 000,000,016 | ---- | C] () -- C:\Users\Arda\AppData\Roaming\msregsvv.dll
[2012/01/06 18:25:25 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2011/12/08 13:41:04 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/14 07:42:35 | 000,001,189 | ---- | C] () -- C:\Users\Arda\AppData\Roaming\vso_ts_preview.xml
[2011/06/21 11:18:32 | 000,001,456 | ---- | C] () -- C:\Users\Arda\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/01/13 20:54:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/01/13 20:54:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/01/13 20:54:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/01/13 20:54:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/01/13 20:54:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/01/13 20:54:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/01/13 20:54:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/01/13 20:54:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/01/13 20:54:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/01/13 20:54:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/01/13 20:54:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/01/13 20:54:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/01/13 20:54:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/01/13 20:54:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/01/13 20:54:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/01/13 20:54:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/01/13 20:52:05 | 000,000,079 | ---- | C] () -- C:\Windows\ENX625.ini
[2010/09/19 03:31:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== LOP Check ==========

[2010/09/18 04:14:54 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\AVG9
[2011/02/11 09:37:17 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/19 04:37:12 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\DAEMON Tools Lite
[2012/03/05 19:14:25 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\DMCache
[2011/03/16 19:01:42 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Epson
[2010/09/21 04:23:29 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Final Draft
[2012/02/27 05:39:41 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\FontCreator
[2011/01/07 16:04:31 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Greyfirst
[2012/03/05 18:21:49 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\IDM
[2012/01/06 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\IK Multimedia
[2011/01/13 20:59:08 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Leadertech
[2012/01/06 15:33:25 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\NCH Swift Sound
[2011/01/29 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\PACE Anti-Piracy
[2012/02/23 13:48:34 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\PreSonus
[2012/01/17 16:36:07 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Sports Interactive
[2011/01/29 14:48:17 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/06 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Steinberg
[2010/09/26 07:45:48 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\TeraCopy
[2012/01/10 10:35:26 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Total Media Converter
[2012/02/29 22:32:28 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\uTorrent
[2012/01/31 16:39:22 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Vso
[2011/10/06 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\VST3 Presets
[2011/12/20 11:33:42 | 000,000,000 | ---D | M] -- C:\Users\Arda\AppData\Roaming\Windows Live Writer
[2012/03/01 19:00:06 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\Defrag Winner Schedule.job
[2012/03/01 16:24:01 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{D6DBE389-51AE-429E-9D3B-63A380DA6574}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 03 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/09/22 03:00:08 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/09/22 03:00:08 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/09/22 03:00:08 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/09/22 03:00:06 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/09/22 03:00:06 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/09/22 03:00:06 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 17:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/03 21:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/03 21:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2010/09/22 03:00:08 | 000,552,160 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2010/09/22 03:00:08 | 000,552,160 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2010/09/22 03:00:08 | 000,552,160 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2010/09/22 03:00:06 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2010/09/22 03:00:06 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2010/09/22 03:00:06 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 17:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 17:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 17:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/03 21:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/03 21:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

------------------

****That last 3rd step I think also produced another LOG called Extras.txt I am not going to paste that here since I couldn't see it in the instructions.
****There is also a MBR.dat file created on the desktop - I am guessing one of these scans or actions was a result of that not anything related to malware etc?
  • 0

#6
jason richards
Posted 06 March 2012 - 10:16 AM

jason richards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
is it looking any bad? :)
  • 0

#7
Essexboy
Posted 06 March 2012 - 02:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
AYe that is my tools doing their thing :lol:

I would like to run another check on the MBR as aswMBR is not totally happy about it

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#8
jason richards
Posted 06 March 2012 - 06:49 PM

jason richards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
There we are, this is the log it generated after scan, there were 2 suspicious threats but no 'Cure' options so I just said SKIP like you have pointed it out.

16:44:18.0061 3000 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
16:44:18.0514 3000 ============================================================
16:44:18.0514 3000 Current date / time: 2012/03/06 16:44:18.0514
16:44:18.0514 3000 SystemInfo:
16:44:18.0514 3000
16:44:18.0514 3000 OS Version: 6.1.7600 ServicePack: 0.0
16:44:18.0514 3000 Product type: Workstation
16:44:18.0514 3000 ComputerName: ATILIO
16:44:18.0515 3000 UserName: Arda
16:44:18.0515 3000 Windows directory: C:\Windows
16:44:18.0515 3000 System windows directory: C:\Windows
16:44:18.0515 3000 Running under WOW64
16:44:18.0515 3000 Processor architecture: Intel x64
16:44:18.0515 3000 Number of processors: 2
16:44:18.0515 3000 Page size: 0x1000
16:44:18.0515 3000 Boot type: Normal boot
16:44:18.0515 3000 ============================================================
16:44:19.0041 3000 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:19.0059 3000 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:19.0073 3000 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:19.0099 3000 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:19.0103 3000 Drive \Device\Harddisk4\DR4 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:44:26.0546 3000 \Device\Harddisk0\DR0:
16:44:26.0554 3000 MBR used
16:44:26.0554 3000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11BD9160
16:44:26.0554 3000 \Device\Harddisk1\DR1:
16:44:26.0554 3000 MBR used
16:44:26.0555 3000 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
16:44:26.0555 3000 \Device\Harddisk2\DR2:
16:44:26.0555 3000 MBR used
16:44:26.0555 3000 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
16:44:26.0555 3000 \Device\Harddisk3\DR3:
16:44:26.0555 3000 MBR used
16:44:26.0555 3000 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:44:26.0555 3000 \Device\Harddisk4\DR4:
16:44:26.0555 3000 MBR used
16:44:26.0555 3000 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
16:44:26.0666 3000 Initialize success
16:44:26.0666 3000 ============================================================
16:45:37.0222 3204 ============================================================
16:45:37.0222 3204 Scan started
16:45:37.0222 3204 Mode: Manual; SigCheck; TDLFS;
16:45:37.0222 3204 ============================================================
16:45:38.0180 3204 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:45:38.0294 3204 1394ohci - ok
16:45:38.0396 3204 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:45:38.0410 3204 ACPI - ok
16:45:38.0434 3204 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:45:38.0493 3204 AcpiPmi - ok
16:45:38.0567 3204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:45:38.0582 3204 adp94xx - ok
16:45:38.0603 3204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:45:38.0615 3204 adpahci - ok
16:45:38.0643 3204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:45:38.0654 3204 adpu320 - ok
16:45:38.0707 3204 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
16:45:38.0815 3204 AFD - ok
16:45:38.0857 3204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:45:38.0865 3204 agp440 - ok
16:45:38.0921 3204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:45:38.0929 3204 aliide - ok
16:45:38.0941 3204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:45:38.0949 3204 amdide - ok
16:45:38.0964 3204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:45:38.0989 3204 AmdK8 - ok
16:45:39.0007 3204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:45:39.0024 3204 AmdPPM - ok
16:45:39.0046 3204 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:45:39.0055 3204 amdsata - ok
16:45:39.0067 3204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:45:39.0077 3204 amdsbs - ok
16:45:39.0109 3204 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:45:39.0117 3204 amdxata - ok
16:45:39.0160 3204 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:45:39.0243 3204 AppID - ok
16:45:39.0295 3204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:45:39.0303 3204 arc - ok
16:45:39.0336 3204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:45:39.0345 3204 arcsas - ok
16:45:39.0382 3204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:45:39.0420 3204 AsyncMac - ok
16:45:39.0451 3204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:45:39.0458 3204 atapi - ok
16:45:39.0531 3204 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
16:45:39.0569 3204 AvgLdx64 - ok
16:45:39.0614 3204 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\system32\Drivers\avgmfx64.sys
16:45:39.0620 3204 AvgMfx64 - ok
16:45:39.0667 3204 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys
16:45:39.0677 3204 AvgTdiA - ok
16:45:39.0742 3204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:45:39.0789 3204 b06bdrv - ok
16:45:39.0825 3204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:45:39.0847 3204 b57nd60a - ok
16:45:39.0889 3204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:45:39.0923 3204 Beep - ok
16:45:39.0973 3204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:45:39.0999 3204 blbdrive - ok
16:45:40.0048 3204 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
16:45:40.0083 3204 bowser - ok
16:45:40.0111 3204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:45:40.0133 3204 BrFiltLo - ok
16:45:40.0156 3204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:45:40.0166 3204 BrFiltUp - ok
16:45:40.0192 3204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:45:40.0228 3204 Brserid - ok
16:45:40.0250 3204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:45:40.0273 3204 BrSerWdm - ok
16:45:40.0305 3204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:45:40.0326 3204 BrUsbMdm - ok
16:45:40.0342 3204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:45:40.0364 3204 BrUsbSer - ok
16:45:40.0400 3204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:45:40.0422 3204 BTHMODEM - ok
16:45:40.0453 3204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:45:40.0494 3204 cdfs - ok
16:45:40.0543 3204 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:45:40.0566 3204 cdrom - ok
16:45:40.0619 3204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:45:40.0644 3204 circlass - ok
16:45:40.0671 3204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:45:40.0685 3204 CLFS - ok
16:45:40.0749 3204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:45:40.0770 3204 CmBatt - ok
16:45:40.0802 3204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:45:40.0810 3204 cmdide - ok
16:45:40.0836 3204 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:45:40.0883 3204 CNG - ok
16:45:40.0933 3204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:45:40.0941 3204 Compbatt - ok
16:45:40.0963 3204 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:45:40.0985 3204 CompositeBus - ok
16:45:41.0018 3204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:45:41.0026 3204 crcdisk - ok
16:45:41.0081 3204 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
16:45:41.0118 3204 CSC - ok
16:45:41.0167 3204 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
16:45:41.0202 3204 DfsC - ok
16:45:41.0242 3204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:45:41.0278 3204 discache - ok
16:45:41.0340 3204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:45:41.0349 3204 Disk - ok
16:45:41.0404 3204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:45:41.0429 3204 drmkaud - ok
16:45:41.0491 3204 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
16:45:41.0528 3204 DXGKrnl - ok
16:45:41.0572 3204 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
16:45:41.0593 3204 e1express - ok
16:45:41.0684 3204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:45:41.0789 3204 ebdrv - ok
16:45:41.0843 3204 EfiVariable - ok
16:45:41.0944 3204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:45:41.0960 3204 elxstor - ok
16:45:42.0000 3204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:45:42.0025 3204 ErrDev - ok
16:45:42.0081 3204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:45:42.0116 3204 exfat - ok
16:45:42.0153 3204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:45:42.0196 3204 fastfat - ok
16:45:42.0258 3204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:45:42.0275 3204 fdc - ok
16:45:42.0310 3204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:45:42.0319 3204 FileInfo - ok
16:45:42.0354 3204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:45:42.0391 3204 Filetrace - ok
16:45:42.0452 3204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:45:42.0460 3204 flpydisk - ok
16:45:42.0499 3204 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:45:42.0510 3204 FltMgr - ok
16:45:42.0532 3204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:45:42.0540 3204 FsDepends - ok
16:45:42.0564 3204 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:45:42.0572 3204 Fs_Rec - ok
16:45:42.0631 3204 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:45:42.0644 3204 fvevol - ok
16:45:42.0668 3204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:45:42.0676 3204 gagp30kx - ok
16:45:42.0774 3204 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:45:42.0779 3204 GEARAspiWDM - ok
16:45:42.0820 3204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:45:42.0845 3204 hcw85cir - ok
16:45:42.0877 3204 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:45:42.0899 3204 HDAudBus - ok
16:45:42.0978 3204 HECIx64 (3ce9668e4ad154424b39efac30c49deb) C:\Windows\system32\DRIVERS\HECIx64.sys
16:45:42.0986 3204 HECIx64 - ok
16:45:43.0015 3204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:45:43.0032 3204 HidBatt - ok
16:45:43.0065 3204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:45:43.0089 3204 HidBth - ok
16:45:43.0107 3204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:45:43.0126 3204 HidIr - ok
16:45:43.0149 3204 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:45:43.0159 3204 HidUsb - ok
16:45:43.0241 3204 hotcore3 (9104b5c25f45116655a665ace0b92886) C:\Windows\system32\DRIVERS\hotcore3.sys
16:45:43.0247 3204 hotcore3 - ok
16:45:43.0282 3204 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:45:43.0291 3204 HpSAMD - ok
16:45:43.0338 3204 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:45:43.0397 3204 HTTP - ok
16:45:43.0439 3204 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:45:43.0447 3204 hwpolicy - ok
16:45:43.0494 3204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:45:43.0504 3204 i8042prt - ok
16:45:43.0703 3204 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:45:43.0713 3204 iaStorV - ok
16:45:43.0786 3204 IDMWFP (5534e14ef27ebe8563cdbce6b88501a3) C:\Windows\system32\DRIVERS\idmwfp.sys
16:45:43.0794 3204 IDMWFP - ok
16:45:43.0835 3204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:45:43.0843 3204 iirsp - ok
16:45:43.0862 3204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:45:43.0870 3204 intelide - ok
16:45:43.0895 3204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:45:43.0919 3204 intelppm - ok
16:45:43.0999 3204 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:45:44.0037 3204 IpFilterDriver - ok
16:45:44.0066 3204 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:45:44.0077 3204 IPMIDRV - ok
16:45:44.0092 3204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:45:44.0130 3204 IPNAT - ok
16:45:44.0179 3204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:45:44.0214 3204 IRENUM - ok
16:45:44.0240 3204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:45:44.0247 3204 isapnp - ok
16:45:44.0274 3204 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:45:44.0286 3204 iScsiPrt - ok
16:45:44.0326 3204 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
16:45:44.0332 3204 ivusb - ok
16:45:44.0375 3204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:45:44.0382 3204 kbdclass - ok
16:45:44.0402 3204 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:45:44.0432 3204 kbdhid - ok
16:45:44.0535 3204 KORGUMDS (b3f33ead5e5ad0704c4ae8d9cb2d4a2e) C:\Windows\system32\Drivers\KORGUM64.SYS
16:45:44.0552 3204 KORGUMDS - ok
16:45:44.0583 3204 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:45:44.0592 3204 KSecDD - ok
16:45:44.0620 3204 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
16:45:44.0629 3204 KSecPkg - ok
16:45:44.0652 3204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:45:44.0692 3204 ksthunk - ok
16:45:44.0759 3204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:45:44.0796 3204 lltdio - ok
16:45:44.0843 3204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:45:44.0853 3204 LSI_FC - ok
16:45:44.0888 3204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:45:44.0897 3204 LSI_SAS - ok
16:45:44.0920 3204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:45:44.0928 3204 LSI_SAS2 - ok
16:45:44.0940 3204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:45:44.0949 3204 LSI_SCSI - ok
16:45:44.0985 3204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:45:45.0026 3204 luafv - ok
16:45:45.0066 3204 MAFW (3404abc72d1075b171231d4169207312) C:\Windows\system32\DRIVERS\mafw.sys
16:45:45.0083 3204 MAFW - ok
16:45:45.0126 3204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:45:45.0134 3204 megasas - ok
16:45:45.0157 3204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:45:45.0169 3204 MegaSR - ok
16:45:45.0216 3204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:45:45.0250 3204 Modem - ok
16:45:45.0291 3204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:45:45.0317 3204 monitor - ok
16:45:45.0364 3204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:45:45.0372 3204 mouclass - ok
16:45:45.0399 3204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:45:45.0409 3204 mouhid - ok
16:45:45.0438 3204 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:45:45.0447 3204 mountmgr - ok
16:45:45.0483 3204 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:45:45.0493 3204 mpio - ok
16:45:45.0514 3204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:45:45.0554 3204 mpsdrv - ok
16:45:45.0619 3204 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:45:45.0640 3204 MRxDAV - ok
16:45:45.0712 3204 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:45:45.0742 3204 mrxsmb - ok
16:45:45.0775 3204 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:45:45.0794 3204 mrxsmb10 - ok
16:45:45.0810 3204 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:45:45.0820 3204 mrxsmb20 - ok
16:45:45.0857 3204 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:45:45.0865 3204 msahci - ok
16:45:45.0899 3204 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:45:45.0909 3204 msdsm - ok
16:45:45.0927 3204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:45:45.0954 3204 Msfs - ok
16:45:45.0972 3204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:45:46.0008 3204 mshidkmdf - ok
16:45:46.0037 3204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:45:46.0043 3204 msisadrv - ok
16:45:46.0073 3204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:45:46.0110 3204 MSKSSRV - ok
16:45:46.0144 3204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:45:46.0169 3204 MSPCLOCK - ok
16:45:46.0199 3204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:45:46.0233 3204 MSPQM - ok
16:45:46.0268 3204 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:45:46.0282 3204 MsRPC - ok
16:45:46.0298 3204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:45:46.0305 3204 mssmbios - ok
16:45:46.0333 3204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:45:46.0370 3204 MSTEE - ok
16:45:46.0395 3204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:45:46.0416 3204 MTConfig - ok
16:45:46.0458 3204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:45:46.0465 3204 Mup - ok
16:45:46.0504 3204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:45:46.0536 3204 NativeWifiP - ok
16:45:46.0616 3204 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:45:46.0653 3204 NDIS - ok
16:45:46.0844 3204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:45:46.0877 3204 NdisCap - ok
16:45:46.0911 3204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:45:46.0950 3204 NdisTapi - ok
16:45:46.0973 3204 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:45:47.0008 3204 Ndisuio - ok
16:45:47.0105 3204 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:45:47.0144 3204 NdisWan - ok
16:45:47.0176 3204 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:45:47.0203 3204 NDProxy - ok
16:45:47.0237 3204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:45:47.0274 3204 NetBIOS - ok
16:45:47.0320 3204 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:45:47.0361 3204 NetBT - ok
16:45:47.0442 3204 networx (abaecc5481ccf72fab3b44f8d7f1993b) C:\Windows\system32\drivers\networx.sys
16:45:47.0459 3204 networx - ok
16:45:47.0483 3204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:45:47.0492 3204 nfrd960 - ok
16:45:47.0509 3204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:45:47.0543 3204 Npfs - ok
16:45:47.0564 3204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:45:47.0600 3204 nsiproxy - ok
16:45:47.0644 3204 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:45:47.0695 3204 Ntfs - ok
16:45:47.0709 3204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:45:47.0747 3204 Null - ok
16:45:48.0020 3204 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:45:48.0350 3204 nvlddmkm - ok
16:45:48.0458 3204 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:45:48.0467 3204 nvraid - ok
16:45:48.0498 3204 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:45:48.0507 3204 nvstor - ok
16:45:48.0560 3204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:45:48.0570 3204 nv_agp - ok
16:45:48.0605 3204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:45:48.0615 3204 ohci1394 - ok
16:45:48.0705 3204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:45:48.0714 3204 Parport - ok
16:45:48.0732 3204 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:45:48.0741 3204 partmgr - ok
16:45:48.0801 3204 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:45:48.0812 3204 pci - ok
16:45:48.0831 3204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:45:48.0922 3204 pciide - ok
16:45:49.0155 3204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:45:49.0166 3204 pcmcia - ok
16:45:49.0203 3204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:45:49.0211 3204 pcw - ok
16:45:49.0235 3204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:45:49.0280 3204 PEAUTH - ok
16:45:49.0334 3204 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:45:49.0375 3204 PptpMiniport - ok
16:45:49.0397 3204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:45:49.0418 3204 Processor - ok
16:45:49.0530 3204 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:45:49.0569 3204 Psched - ok
16:45:49.0617 3204 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:45:49.0624 3204 PxHlpa64 - ok
16:45:49.0676 3204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:45:49.0726 3204 ql2300 - ok
16:45:49.0748 3204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:45:49.0757 3204 ql40xx - ok
16:45:49.0784 3204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:45:49.0805 3204 QWAVEdrv - ok
16:45:49.0820 3204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:45:49.0856 3204 RasAcd - ok
16:45:49.0901 3204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:45:49.0928 3204 RasAgileVpn - ok
16:45:49.0960 3204 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:45:49.0999 3204 Rasl2tp - ok
16:45:50.0080 3204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:45:50.0108 3204 RasPppoe - ok
16:45:50.0152 3204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:45:50.0193 3204 RasSstp - ok
16:45:50.0234 3204 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:45:50.0271 3204 rdbss - ok
16:45:50.0306 3204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:45:50.0320 3204 rdpbus - ok
16:45:50.0338 3204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:45:50.0375 3204 RDPCDD - ok
16:45:50.0442 3204 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
16:45:50.0471 3204 RDPDR - ok
16:45:50.0512 3204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:45:50.0549 3204 RDPENCDD - ok
16:45:50.0565 3204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:45:50.0590 3204 RDPREFMP - ok
16:45:50.0616 3204 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:45:50.0654 3204 RDPWD - ok
16:45:50.0686 3204 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:45:50.0697 3204 rdyboost - ok
16:45:50.0743 3204 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:45:50.0791 3204 RimUsb - ok
16:45:50.0887 3204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:45:50.0926 3204 rspndr - ok
16:45:50.0970 3204 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
16:45:50.0999 3204 s3cap - ok
16:45:51.0086 3204 SbieDrv (1ed4c4fd51cc1bf02941dcad4495b447) C:\Program Files\Sandboxie\SbieDrv.sys
16:45:51.0114 3204 SbieDrv ( UnsignedFile.Multi.Generic ) - warning
16:45:51.0114 3204 SbieDrv - detected UnsignedFile.Multi.Generic (1)
16:45:51.0207 3204 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:45:51.0215 3204 sbp2port - ok
16:45:51.0246 3204 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:45:51.0283 3204 scfilter - ok
16:45:51.0332 3204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:45:51.0373 3204 secdrv - ok
16:45:51.0421 3204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:45:51.0431 3204 Serenum - ok
16:45:51.0463 3204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:45:51.0489 3204 Serial - ok
16:45:51.0524 3204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:45:51.0544 3204 sermouse - ok
16:45:51.0579 3204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:45:51.0601 3204 sffdisk - ok
16:45:51.0628 3204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:45:51.0641 3204 sffp_mmc - ok
16:45:51.0681 3204 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:45:51.0690 3204 sffp_sd - ok
16:45:51.0734 3204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:45:51.0743 3204 sfloppy - ok
16:45:51.0759 3204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:45:51.0767 3204 SiSRaid2 - ok
16:45:51.0787 3204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:45:51.0795 3204 SiSRaid4 - ok
16:45:51.0831 3204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:45:51.0875 3204 Smb - ok
16:45:51.0931 3204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:45:51.0939 3204 spldr - ok
16:45:51.0995 3204 sptd (c1f1e964d5fa733f7a4e641f07d6c8b5) C:\Windows\system32\Drivers\sptd.sys
16:45:51.0995 3204 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c1f1e964d5fa733f7a4e641f07d6c8b5
16:45:51.0996 3204 sptd ( LockedFile.Multi.Generic ) - warning
16:45:51.0996 3204 sptd - detected LockedFile.Multi.Generic (1)
16:45:52.0049 3204 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
16:45:52.0101 3204 srv - ok
16:45:52.0141 3204 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
16:45:52.0170 3204 srv2 - ok
16:45:52.0224 3204 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
16:45:52.0259 3204 srvnet - ok
16:45:52.0337 3204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:45:52.0345 3204 stexstor - ok
16:45:52.0403 3204 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:45:52.0412 3204 storflt - ok
16:45:52.0430 3204 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
16:45:52.0438 3204 storvsc - ok
16:45:52.0467 3204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:45:52.0474 3204 swenum - ok
16:45:52.0590 3204 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
16:45:52.0643 3204 Tcpip - ok
16:45:52.0707 3204 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
16:45:52.0733 3204 TCPIP6 - ok
16:45:52.0777 3204 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:45:52.0816 3204 tcpipreg - ok
16:45:52.0837 3204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:45:52.0873 3204 TDPIPE - ok
16:45:52.0962 3204 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:45:52.0988 3204 TDTCP - ok
16:45:53.0030 3204 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:45:53.0069 3204 tdx - ok
16:45:53.0091 3204 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:45:53.0100 3204 TermDD - ok
16:45:53.0184 3204 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:45:53.0218 3204 tssecsrv - ok
16:45:53.0268 3204 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:45:53.0301 3204 tunnel - ok
16:45:53.0326 3204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:45:53.0333 3204 uagp35 - ok
16:45:53.0367 3204 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:45:53.0407 3204 udfs - ok
16:45:53.0468 3204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:45:53.0476 3204 uliagpkx - ok
16:45:53.0514 3204 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:45:53.0535 3204 umbus - ok
16:45:53.0561 3204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:45:53.0579 3204 UmPass - ok
16:45:53.0645 3204 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:45:53.0679 3204 usbaudio - ok
16:45:53.0711 3204 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:45:53.0730 3204 usbccgp - ok
16:45:53.0765 3204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:45:53.0778 3204 usbcir - ok
16:45:53.0810 3204 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:45:53.0819 3204 usbehci - ok
16:45:53.0843 3204 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:45:53.0871 3204 usbhub - ok
16:45:53.0931 3204 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:45:53.0941 3204 usbohci - ok
16:45:53.0976 3204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:45:53.0996 3204 usbprint - ok
16:45:54.0044 3204 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:45:54.0070 3204 usbscan - ok
16:45:54.0099 3204 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:45:54.0124 3204 USBSTOR - ok
16:45:54.0171 3204 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:45:54.0181 3204 usbuhci - ok
16:45:54.0212 3204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:45:54.0220 3204 vdrvroot - ok
16:45:54.0245 3204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:45:54.0255 3204 vga - ok
16:45:54.0273 3204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:45:54.0313 3204 VgaSave - ok
16:45:54.0349 3204 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:45:54.0360 3204 vhdmp - ok
16:45:54.0415 3204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:45:54.0422 3204 viaide - ok
16:45:54.0470 3204 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
16:45:54.0481 3204 vmbus - ok
16:45:54.0508 3204 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:45:54.0532 3204 VMBusHID - ok
16:45:54.0563 3204 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:45:54.0571 3204 volmgr - ok
16:45:54.0602 3204 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:45:54.0615 3204 volmgrx - ok
16:45:54.0639 3204 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:45:54.0653 3204 volsnap - ok
16:45:54.0683 3204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:45:54.0693 3204 vsmraid - ok
16:45:54.0713 3204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:45:54.0725 3204 vwifibus - ok
16:45:54.0751 3204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:45:54.0760 3204 WacomPen - ok
16:45:54.0822 3204 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:45:54.0863 3204 WANARP - ok
16:45:54.0867 3204 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:45:54.0892 3204 Wanarpv6 - ok
16:45:54.0998 3204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:45:55.0004 3204 Wd - ok
16:45:55.0055 3204 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:45:55.0088 3204 WDC_SAM - ok
16:45:55.0140 3204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:45:55.0166 3204 Wdf01000 - ok
16:45:55.0222 3204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:45:55.0250 3204 WfpLwf - ok
16:45:55.0273 3204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:45:55.0281 3204 WIMMount - ok
16:45:55.0402 3204 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:45:55.0414 3204 WinUsb - ok
16:45:55.0460 3204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:45:55.0484 3204 WmiAcpi - ok
16:45:55.0546 3204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:45:55.0572 3204 ws2ifsl - ok
16:45:55.0607 3204 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:45:55.0642 3204 WudfPf - ok
16:45:55.0668 3204 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:45:55.0708 3204 WUDFRd - ok
16:45:55.0730 3204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:45:55.0810 3204 \Device\Harddisk0\DR0 - ok
16:45:55.0813 3204 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:45:55.0866 3204 \Device\Harddisk1\DR1 - ok
16:45:55.0868 3204 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
16:45:55.0919 3204 \Device\Harddisk2\DR2 - ok
16:45:55.0946 3204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
16:45:56.0006 3204 \Device\Harddisk3\DR3 - ok
16:45:56.0009 3204 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
16:45:56.0566 3204 \Device\Harddisk4\DR4 - ok
16:45:56.0568 3204 Boot (0x1200) (768ba2310147361166f1984718991a02) \Device\Harddisk0\DR0\Partition0
16:45:56.0569 3204 \Device\Harddisk0\DR0\Partition0 - ok
16:45:56.0572 3204 Boot (0x1200) (da803a0fe0cd5d4ab58b1b6ec4cc084c) \Device\Harddisk1\DR1\Partition0
16:45:56.0572 3204 \Device\Harddisk1\DR1\Partition0 - ok
16:45:56.0575 3204 Boot (0x1200) (cb531906fb46bcbae31692badbe3d729) \Device\Harddisk2\DR2\Partition0
16:45:56.0575 3204 \Device\Harddisk2\DR2\Partition0 - ok
16:45:56.0578 3204 Boot (0x1200) (a06b8ea1b4472e45bf52c6ad2c549855) \Device\Harddisk3\DR3\Partition0
16:45:56.0578 3204 \Device\Harddisk3\DR3\Partition0 - ok
16:45:56.0581 3204 Boot (0x1200) (93c5a307945bfda13eacdeaa394fba6c) \Device\Harddisk4\DR4\Partition0
16:45:56.0583 3204 \Device\Harddisk4\DR4\Partition0 - ok
16:45:56.0583 3204 ============================================================
16:45:56.0583 3204 Scan finished
16:45:56.0583 3204 ============================================================
16:45:56.0590 5036 Detected object count: 2
16:45:56.0590 5036 Actual detected object count: 2
16:48:05.0299 5036 SbieDrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:05.0299 5036 SbieDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:05.0300 5036 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:48:05.0300 5036 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:48:16.0433 3336 Deinitialize success
  • 0

#9
Essexboy
Posted 07 March 2012 - 01:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm 'tis not an MBR problem so that is good

But I still feel something is amiss

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#10
jason richards
Posted 07 March 2012 - 07:04 PM

jason richards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you again,

Just did the Combo scan, and here is the attached Log.
by the way the computer is very very slow now (although with 8gb ram)
its getting slower, and I haven't installed any programs. I am really suspicious

-------------------------------------------------------------------------------------------


ComboFix 12-03-07.05 - Arda 03/07/2012 16:51:50.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8125.4646 [GMT -8:00]
Running from: c:\users\Arda\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Arda\AppData\Roaming\Microsoft\Windows\Cookies\isindex.dat
c:\users\Arda\AppData\Roaming\msregsvv.dll
c:\users\Arda\AppData\Roaming\vso_ts_preview.xml
c:\users\Arda\Desktop\Setup.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 00:56 . 2012-03-08 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 17:41 . 2012-03-07 17:41 -------- d-----w- c:\windows\LastGood.Tmp
2012-03-07 06:53 . 2012-03-07 06:56 -------- d-----w- C:\MARCH DOWNLOAD TEMP
2012-03-07 02:03 . 2009-07-11 00:50 145920 ----a-w- c:\windows\SysWow64\OBroker.exe
2012-03-07 02:03 . 2012-03-07 02:04 -------- d-----w- c:\program files (x86)\VirtualAccountNumbers
2012-03-06 17:01 . 2012-03-06 17:01 -------- d-----w- c:\users\Arda\AppData\Local\CutePDF Writer
2012-03-06 16:49 . 2012-03-06 16:49 -------- d-----w- c:\program files\QuickSFV
2012-03-06 03:17 . 2012-03-06 03:17 -------- d-----w- C:\_OTL
2012-03-03 02:05 . 2012-03-08 00:48 -------- d-----w- c:\users\Arda\AppData\Roaming\DMCache
2012-03-03 02:05 . 2012-03-06 02:21 -------- d-----w- c:\users\Arda\AppData\Roaming\IDM
2012-03-03 02:04 . 2012-03-03 02:05 -------- d-----w- c:\program files (x86)\IDM
2012-03-02 02:32 . 2012-03-02 02:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-02 00:42 . 2012-03-02 00:42 -------- d-----w- C:\REGISTRY BACKUP 2012
2012-03-01 20:43 . 2012-03-01 20:43 -------- d-----w- c:\users\Arda\AppData\Roaming\Malwarebytes
2012-03-01 20:43 . 2012-03-01 20:43 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 06:44 . 2012-03-01 06:44 -------- d-----w- c:\program files (x86)\CutePDF Pro
2012-02-29 20:23 . 2012-02-29 20:23 -------- d-----w- c:\program files (x86)\Armjisoft
2012-02-27 13:37 . 2012-02-27 13:37 -------- d-----w- c:\users\Arda\AppData\Local\FontCreator
2012-02-27 13:37 . 2012-02-27 13:39 -------- d-----w- c:\users\Arda\AppData\Roaming\FontCreator
2012-02-27 13:37 . 2012-02-27 13:37 -------- d-----w- c:\program files (x86)\High-Logic FontCreator
2012-02-27 13:37 . 2010-04-07 21:42 1078504 ----a-w- c:\windows\SysWow64\FontInstaller2.dll
2012-02-24 20:58 . 2012-02-24 20:58 -------- d-----w- c:\users\Arda\AppData\Local\TechSmith
2012-02-24 20:58 . 2012-02-24 20:58 -------- d-----w- c:\program files (x86)\Xenocode
2012-02-24 03:06 . 2012-02-24 03:06 -------- d-----w- c:\users\Arda\AppData\Roaming\Adobe Mini Bridge CS5
2012-02-23 23:18 . 2012-02-23 23:18 -------- d-----r- C:\Sandbox
2012-02-23 22:53 . 2012-02-23 22:53 -------- d-----w- c:\program files\Sandboxie
2012-02-23 21:48 . 2012-02-23 23:20 -------- d-----w- c:\programdata\PreSonus
2012-02-23 21:48 . 2012-02-23 21:48 -------- d-----w- c:\users\Arda\AppData\Roaming\PreSonus
2012-02-23 21:47 . 2011-07-07 16:42 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-23 21:47 . 2012-02-23 21:47 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-02-23 21:47 . 2012-02-23 21:47 -------- d-----w- c:\program files\PreSonus
2012-02-23 15:12 . 2012-02-08 01:13 149640 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-02-17 18:33 . 2012-03-07 03:14 -------- d-----w- c:\program files (x86)\JDownloader
2012-02-07 02:48 . 2012-02-07 02:48 -------- d-----w- c:\program files (x86)\KORG USB-MIDI Driver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 02:31 . 2011-07-22 16:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-08 09:54 . 2012-01-08 09:54 760832 ----a-w- c:\windows\SysWow64\LockPDFu.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~2\AVG9\avgtray.exe" [2012-01-26 2077536]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-11 372736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi4"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EfiVariable;Efi Variable Service;c:\users\Arda\Desktop\IIA_1.1.7.872a\variable64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S1 networx;networx;c:\windows\system32\drivers\networx.sys [x]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG9\avgemc.exe [2010-09-18 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG9\avgwdsvc.exe [2010-09-18 308136]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS [x]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\Defrag Winner Schedule.job
- c:\program files (x86)\Defrag Winner\DefragWinner.exe [2011-10-08 17:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\IDM\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2011-09-15 2871808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi4"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\IDM\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\IDM\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Arda\AppData\Roaming\Mozilla\Firefox\Profiles\5yuxskvy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: View Cookies: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21} - %profile%\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
FF - Ext: Cookies Manager+: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - %profile%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF - Ext: DeSopa: [email protected] - %profile%\extensions\[email protected]
FF - Ext: IDM CC: [email protected] - c:\users\Arda\AppData\Roaming\IDM\idmmzcc5
FF - Ext: Virtual Account Numbers: citius@orbiscom - c:\program files (x86)\VirtualAccountNumbers
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-166818136-2829842862-2999586312-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Arda\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="c:\\Users\\Arda\\Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Arda\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Arda\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\Program Files (x86)\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\Program Files (x86)\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Arda\\Documents\\Sports Interactive\\Football Manager 2011\\games\\2028 - non compress.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009fba
"VersionOf"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="E4-E300-EC2F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000000
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000000
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG9\avgcsrvx.exe
c:\program files (x86)\AVG9\avgtray.exe
c:\windows\SysWOW64\MAFWTray.exe
c:\program files (x86)\AVG9\avgupd.exe
.
**************************************************************************
.
Completion time: 2012-03-07 17:01:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 01:01
.
Pre-Run: 107,391,664,128 bytes free
Post-Run: 107,141,615,616 bytes free
.
- - End Of File - - 843327A2E8C7CDE1C968E06BF2E0C99B
  • 0

#11
jason richards
Posted 07 March 2012 - 07:09 PM

jason richards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
essexboy: I use WIN 7 and when I watch over Task Manager,
in the PROCESSES window, without starting any programs after windows reboot, There are about 11-12 instances of "svchost.exe" running
is that suspicious at all?

attaching a print screen to show with this message.

I am all ears :)Task Manager.jpg
  • 0

#12
Essexboy
Posted 08 March 2012 - 01:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still get the phony bank page and redirects ?

This is my svchost running order - so it is not a great deal



With regards the speed it may just be that the drive needs a defrag and the temp files emptied
  • 0

#13
jason richards
Posted 08 March 2012 - 02:55 PM

jason richards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I actually deleted that bank online account as a precaution, so I didn't have a chance to re-test it again.

except with the occasional programs that uses Java script, I get random Java module starting up, when I am in regular websites like Google, that makes me suspicious, but I am guessing you couldn't see anything suspicious?

if there is anything that I should keep an eye on, Let me know,

I really appreciate your follow up and time essex, hello to Cornwall :)

and I will be keeping an eye on my son from now on, he won't be seeing much of this Desktop.
  • 0

#14
Essexboy
Posted 08 March 2012 - 03:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What we could do is totally uninstall all Java versions and ensure you are updated to the latest version

Download JavaRa from here

Instructions are on the page.. I myself do not have Java on my system

Once done let me know if you still get the java start on unexpected pages
  • 0

#15
Essexboy
Posted 12 March 2012 - 01:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP