Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.LameShield / Yontoo +++ HELP! [Solved]


  • This topic is locked This topic is locked

#16
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Good Monday morning.

I coached the procedure to the client by phone witch was not easy but it’s done. ;-) The 2Mb partition is gone and TDSkiller ran and rebooted. A rootkit was detected and cleaned. I rescanned after reboot and here is the report from the second scan.



09:31:57.0734 1924 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:31:57.0984 1924 ============================================================
09:31:57.0984 1924 Current date / time: 2012/09/10 09:31:57.0984
09:31:57.0984 1924 SystemInfo:
09:31:57.0984 1924
09:31:57.0984 1924 OS Version: 5.1.2600 ServicePack: 3.0
09:31:57.0984 1924 Product type: Workstation
09:31:57.0984 1924 ComputerName: RACETTE
09:31:57.0984 1924 UserName: mracette
09:31:57.0984 1924 Windows directory: C:\WINDOWS
09:31:57.0984 1924 System windows directory: C:\WINDOWS
09:31:57.0984 1924 Processor architecture: Intel x86
09:31:57.0984 1924 Number of processors: 2
09:31:57.0984 1924 Page size: 0x1000
09:31:57.0984 1924 Boot type: Normal boot
09:31:57.0984 1924 ============================================================
09:32:04.0531 1924 BG loaded
09:32:06.0593 1924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:32:06.0812 1924 ============================================================
09:32:06.0812 1924 \Device\Harddisk0\DR0:
09:32:09.0500 1924 MBR partitions:
09:32:09.0500 1924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:32:09.0500 1924 ============================================================
09:32:18.0875 1924 C: <-> \Device\Harddisk0\DR0\Partition1
09:32:18.0875 1924 ============================================================
09:32:18.0875 1924 Initialize success
09:32:18.0875 1924 ============================================================
09:32:33.0421 3788 ============================================================
09:32:33.0421 3788 Scan started
09:32:33.0421 3788 Mode: Manual; SigCheck; TDLFS;
09:32:33.0421 3788 ============================================================
09:32:37.0343 3788 ================ Scan system memory ========================
09:32:37.0343 3788 System memory - ok
09:32:37.0375 3788 ================ Scan services =============================
09:32:38.0609 3788 Abiosdsk - ok
09:32:38.0671 3788 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:32:44.0437 3788 abp480n5 - ok
09:32:44.0531 3788 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
09:32:44.0890 3788 ac97intc - ok
09:32:44.0968 3788 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
09:32:45.0125 3788 ACPI - ok
09:32:45.0328 3788 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:32:45.0515 3788 ACPIEC - ok
09:32:45.0562 3788 [ AB0D9669BAB1009E48CC91117E59912B ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:32:46.0109 3788 ADIHdAudAddService - ok
09:32:46.0218 3788 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:32:46.0765 3788 AdobeFlashPlayerUpdateSvc - ok
09:32:46.0781 3788 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:32:48.0828 3788 adpu160m - ok
09:32:48.0859 3788 [ 03BE587E90C8B37C7FF1FE2E9C1D1C90 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
09:32:49.0031 3788 AEAudio - ok
09:32:49.0046 3788 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:32:49.0359 3788 aec - ok
09:32:49.0390 3788 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:32:49.0484 3788 AFD - ok
09:32:49.0515 3788 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:32:49.0609 3788 agp440 - ok
09:32:49.0640 3788 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:32:49.0765 3788 agpCPQ - ok
09:32:49.0812 3788 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:32:49.0875 3788 Aha154x - ok
09:32:49.0890 3788 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:32:50.0015 3788 aic78u2 - ok
09:32:50.0046 3788 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:32:50.0156 3788 aic78xx - ok
09:32:50.0203 3788 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:32:50.0296 3788 Alerter - ok
09:32:50.0312 3788 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:32:50.0421 3788 ALG - ok
09:32:50.0453 3788 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:32:50.0578 3788 AliIde - ok
09:32:50.0625 3788 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:32:50.0734 3788 alim1541 - ok
09:32:50.0828 3788 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
09:32:51.0328 3788 Ambfilt - ok
09:32:51.0359 3788 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:32:51.0593 3788 amdagp - ok
09:32:51.0609 3788 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:32:51.0843 3788 amsint - ok
09:32:51.0890 3788 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:32:52.0062 3788 AppMgmt - ok
09:32:52.0093 3788 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:32:52.0234 3788 Arp1394 - ok
09:32:52.0265 3788 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:32:52.0406 3788 asc - ok
09:32:52.0437 3788 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:32:52.0500 3788 asc3350p - ok
09:32:52.0500 3788 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:32:52.0609 3788 asc3550 - ok
09:32:52.0671 3788 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:32:52.0718 3788 aspnet_state - ok
09:32:52.0734 3788 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:32:52.0843 3788 AsyncMac - ok
09:32:52.0875 3788 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
09:32:53.0015 3788 atapi - ok
09:32:53.0046 3788 Atdisk - ok
09:32:53.0109 3788 [ 9027AE586EF5F0E6A40175E92917B44C ] ati2mpaa C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
09:32:53.0265 3788 ati2mpaa - ok
09:32:53.0312 3788 [ 2D030C2F6B036CA0BC243E1B16D924D1 ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
09:32:53.0562 3788 ati2mtaa - ok
09:32:53.0578 3788 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:32:53.0718 3788 Atmarpc - ok
09:32:53.0750 3788 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:32:53.0828 3788 AudioSrv - ok
09:32:53.0859 3788 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:32:53.0953 3788 audstub - ok
09:32:53.0968 3788 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:32:54.0062 3788 Beep - ok
09:32:54.0093 3788 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:32:54.0265 3788 BITS - ok
09:32:54.0312 3788 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:32:54.0359 3788 Browser - ok
09:32:54.0390 3788 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:32:54.0515 3788 cbidf - ok
09:32:54.0531 3788 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:32:54.0625 3788 cbidf2k - ok
09:32:54.0625 3788 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:32:54.0703 3788 cd20xrnt - ok
09:32:54.0718 3788 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:32:54.0843 3788 Cdaudio - ok
09:32:54.0875 3788 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:32:54.0968 3788 Cdfs - ok
09:32:54.0984 3788 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:32:55.0093 3788 Cdrom - ok
09:32:55.0093 3788 Changer - ok
09:32:55.0109 3788 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
09:32:55.0218 3788 cisvc - ok
09:32:55.0234 3788 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:32:55.0375 3788 ClipSrv - ok
09:32:55.0406 3788 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:32:55.0515 3788 clr_optimization_v2.0.50727_32 - ok
09:32:55.0546 3788 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:32:55.0656 3788 CmdIde - ok
09:32:55.0656 3788 COMSysApp - ok
09:32:55.0687 3788 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:32:55.0796 3788 Cpqarray - ok
09:32:55.0828 3788 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:32:55.0906 3788 CryptSvc - ok
09:32:55.0937 3788 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
09:32:56.0062 3788 ctljystk - ok
09:32:56.0078 3788 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:32:56.0203 3788 dac2w2k - ok
09:32:56.0218 3788 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:32:56.0328 3788 dac960nt - ok
09:32:56.0375 3788 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:32:56.0421 3788 DcomLaunch - ok
09:32:56.0453 3788 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:32:56.0546 3788 Dhcp - ok
09:32:56.0562 3788 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:32:56.0671 3788 Disk - ok
09:32:56.0687 3788 dmadmin - ok
09:32:56.0734 3788 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:32:56.0859 3788 dmboot - ok
09:32:56.0875 3788 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:32:56.0968 3788 dmio - ok
09:32:57.0000 3788 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:32:57.0093 3788 dmload - ok
09:32:57.0140 3788 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:32:57.0234 3788 dmserver - ok
09:32:57.0234 3788 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:32:57.0328 3788 DMusic - ok
09:32:57.0359 3788 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:32:57.0437 3788 Dnscache - ok
09:32:57.0468 3788 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:32:57.0578 3788 Dot3svc - ok
09:32:57.0593 3788 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:32:57.0718 3788 dpti2o - ok
09:32:57.0750 3788 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:32:57.0843 3788 drmkaud - ok
09:32:57.0875 3788 [ A539DAAE5463F8D3ACDBCE50C7D20740 ] DSSUSBF C:\WINDOWS\system32\DRIVERS\DSSUSBF.sys
09:32:57.0906 3788 DSSUSBF ( UnsignedFile.Multi.Generic ) - warning
09:32:57.0906 3788 DSSUSBF - detected UnsignedFile.Multi.Generic (1)
09:32:57.0968 3788 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:32:58.0000 3788 E100B - ok
09:32:58.0015 3788 [ 1D4D0BD8427154963C7E0DB562D741C0 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:32:58.0156 3788 e1express - ok
09:32:58.0156 3788 [ D60759140694150360BBEFD9CAB7C920 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
09:32:58.0187 3788 e1kexpress - ok
09:32:58.0218 3788 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:32:58.0328 3788 EapHost - ok
09:32:58.0343 3788 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
09:32:58.0500 3788 emu10k - ok
09:32:58.0515 3788 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
09:32:58.0625 3788 emu10k1 - ok
09:32:58.0671 3788 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:32:58.0750 3788 ERSvc - ok
09:32:58.0796 3788 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:32:58.0828 3788 Eventlog - ok
09:32:58.0859 3788 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
09:32:58.0906 3788 EventSystem - ok
09:32:58.0921 3788 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:32:59.0031 3788 Fastfat - ok
09:32:59.0062 3788 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:32:59.0109 3788 FastUserSwitchingCompatibility - ok
09:32:59.0125 3788 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:32:59.0218 3788 Fdc - ok
09:32:59.0265 3788 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:32:59.0359 3788 Fips - ok
09:32:59.0375 3788 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:32:59.0468 3788 Flpydisk - ok
09:32:59.0500 3788 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:32:59.0609 3788 FltMgr - ok
09:32:59.0671 3788 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:32:59.0703 3788 FontCache3.0.0.0 - ok
09:32:59.0750 3788 [ 2BAF167BB033B43BB5319A3C5F111C60 ] FortiSslvpnDaemon C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
09:32:59.0812 3788 FortiSslvpnDaemon - ok
09:32:59.0828 3788 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:32:59.0937 3788 Fs_Rec - ok
09:32:59.0984 3788 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:33:00.0109 3788 Ftdisk - ok
09:33:00.0140 3788 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:33:00.0250 3788 gameenum - ok
09:33:00.0281 3788 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:33:00.0500 3788 Gpc - ok
09:33:00.0593 3788 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:33:00.0625 3788 gupdate - ok
09:33:00.0625 3788 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:33:00.0640 3788 gupdatem - ok
09:33:00.0671 3788 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:33:00.0718 3788 gusvc - ok
09:33:00.0750 3788 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:33:00.0859 3788 HDAudBus - ok
09:33:00.0890 3788 [ E4A123AD734A3731D29EBD3A01B3E535 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
09:33:00.0937 3788 HECI - ok
09:33:01.0000 3788 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:33:01.0109 3788 helpsvc - ok
09:33:01.0125 3788 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:33:01.0203 3788 HidServ - ok
09:33:01.0250 3788 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:33:01.0328 3788 hidusb - ok
09:33:01.0343 3788 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:33:01.0453 3788 hkmsvc - ok
09:33:01.0484 3788 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:33:01.0593 3788 hpn - ok
09:33:01.0593 3788 hpt3xx - ok
09:33:01.0625 3788 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:33:01.0687 3788 HTTP - ok
09:33:01.0703 3788 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:33:01.0812 3788 HTTPFilter - ok
09:33:01.0828 3788 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:33:01.0921 3788 i2omgmt - ok
09:33:01.0937 3788 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:33:02.0031 3788 i2omp - ok
09:33:02.0046 3788 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:33:02.0156 3788 i8042prt - ok
09:33:02.0265 3788 [ C56FC0970B453E68EBA1C78AE36185A8 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:33:02.0531 3788 ialm - ok
09:33:02.0609 3788 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:33:02.0703 3788 idsvc - ok
09:33:02.0703 3788 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:33:02.0812 3788 Imapi - ok
09:33:02.0828 3788 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
09:33:02.0953 3788 ImapiService - ok
09:33:02.0984 3788 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:33:03.0078 3788 ini910u - ok
09:33:03.0203 3788 [ 0C71866E54627717596E58C255815768 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:33:04.0046 3788 IntcAzAudAddService - ok
09:33:04.0078 3788 [ A58A567B601866BEE62D8DDA78E6E101 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
09:33:04.0140 3788 IntcDAud - ok
09:33:04.0187 3788 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\drivers\intelide.sys
09:33:04.0328 3788 IntelIde - ok
09:33:04.0375 3788 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:33:04.0703 3788 intelppm - ok
09:33:04.0718 3788 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:33:05.0390 3788 ip6fw - ok
09:33:05.0406 3788 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:33:07.0484 3788 IpFilterDriver - ok
09:33:07.0515 3788 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:33:07.0640 3788 IpInIp - ok
09:33:07.0671 3788 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:33:07.0828 3788 IpNat - ok
09:33:07.0875 3788 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:33:08.0031 3788 IPSec - ok
09:33:08.0078 3788 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:33:08.0234 3788 IRENUM - ok
09:33:08.0296 3788 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
09:33:08.0500 3788 isapnp - ok
09:33:08.0687 3788 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:33:08.0718 3788 JavaQuickStarterService - ok
09:33:08.0781 3788 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
09:33:08.0859 3788 JGOGO ( UnsignedFile.Multi.Generic ) - warning
09:33:08.0859 3788 JGOGO - detected UnsignedFile.Multi.Generic (1)
09:33:08.0921 3788 [ CEC10D44DC8DE67D672E62B057FDAE71 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
09:33:08.0968 3788 JRAID ( UnsignedFile.Multi.Generic ) - warning
09:33:08.0968 3788 JRAID - detected UnsignedFile.Multi.Generic (1)
09:33:09.0015 3788 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:33:09.0156 3788 Kbdclass - ok
09:33:09.0203 3788 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:33:09.0359 3788 kbdhid - ok
09:33:09.0765 3788 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:33:09.0937 3788 kmixer - ok
09:33:10.0031 3788 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:33:10.0218 3788 KSecDD - ok
09:33:10.0328 3788 [ 080CF8720A306A64F7A09D1226491791 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
09:33:10.0437 3788 L1e - ok
09:33:10.0468 3788 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:33:10.0531 3788 lanmanserver - ok
09:33:10.0640 3788 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:33:10.0843 3788 lanmanworkstation - ok
09:33:10.0843 3788 lbrtfdc - ok
09:33:10.0875 3788 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:33:11.0000 3788 LmHosts - ok
09:33:11.0250 3788 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:33:11.0375 3788 MDM ( UnsignedFile.Multi.Generic ) - warning
09:33:11.0375 3788 MDM - detected UnsignedFile.Multi.Generic (1)
09:33:11.0437 3788 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:33:11.0562 3788 Messenger - ok
09:33:11.0609 3788 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:33:11.0765 3788 mnmdd - ok
09:33:11.0843 3788 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
09:33:11.0984 3788 mnmsrvc - ok
09:33:12.0062 3788 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:33:12.0203 3788 Modem - ok
09:33:12.0406 3788 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
09:33:13.0390 3788 Monfilt - ok
09:33:14.0031 3788 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:33:14.0171 3788 Mouclass - ok
09:33:14.0203 3788 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:33:14.0328 3788 mouhid - ok
09:33:14.0375 3788 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:33:14.0500 3788 MountMgr - ok
09:33:14.0843 3788 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:33:14.0937 3788 MozillaMaintenance - ok
09:33:14.0968 3788 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:33:15.0093 3788 mraid35x - ok
09:33:15.0171 3788 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:33:15.0312 3788 MRxDAV - ok
09:33:15.0437 3788 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:33:15.0687 3788 MRxSmb - ok
09:33:15.0765 3788 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:33:15.0937 3788 MSDTC - ok
09:33:15.0953 3788 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:33:16.0078 3788 Msfs - ok
09:33:16.0078 3788 MSIServer - ok
09:33:16.0125 3788 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:33:16.0265 3788 MSKSSRV - ok
09:33:16.0328 3788 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:33:16.0453 3788 MSPCLOCK - ok
09:33:16.0468 3788 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:33:16.0703 3788 MSPQM - ok
09:33:16.0734 3788 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:33:16.0859 3788 mssmbios - ok
09:33:16.0921 3788 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:33:16.0984 3788 MTsensor - ok
09:33:17.0015 3788 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:33:17.0140 3788 Mup - ok
09:33:17.0171 3788 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:33:17.0343 3788 napagent - ok
09:33:17.0515 3788 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:33:17.0843 3788 NDIS - ok
09:33:17.0890 3788 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:33:17.0953 3788 NdisTapi - ok
09:33:18.0062 3788 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:33:18.0187 3788 Ndisuio - ok
09:33:18.0437 3788 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:33:18.0546 3788 NdisWan - ok
09:33:18.0609 3788 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:33:18.0656 3788 NDProxy - ok
09:33:18.0671 3788 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:33:18.0796 3788 NetBIOS - ok
09:33:18.0968 3788 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:33:19.0093 3788 NetBT - ok
09:33:19.0437 3788 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:33:19.0859 3788 NetDDE - ok
09:33:19.0984 3788 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:33:20.0062 3788 NetDDEdsdm - ok
09:33:20.0234 3788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
09:33:20.0375 3788 Netlogon - ok
09:33:20.0437 3788 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:33:20.0593 3788 Netman - ok
09:33:20.0718 3788 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:33:20.0812 3788 NetTcpPortSharing - ok
09:33:20.0906 3788 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:33:21.0046 3788 NIC1394 - ok
09:33:21.0093 3788 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:33:21.0140 3788 Nla - ok
09:33:21.0250 3788 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
09:33:21.0281 3788 NPF - ok
09:33:21.0296 3788 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:33:21.0421 3788 Npfs - ok
09:33:21.0828 3788 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:33:22.0218 3788 Ntfs - ok
09:33:22.0234 3788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
09:33:22.0328 3788 NtLmSsp - ok
09:33:22.0609 3788 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:33:22.0921 3788 NtmsSvc - ok
09:33:23.0625 3788 [ 32E9E017EFEAEF961BDE32D140FC8071 ] ntrtscan C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
09:33:23.0937 3788 ntrtscan - ok
09:33:23.0953 3788 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:33:24.0093 3788 Null - ok
09:33:24.0140 3788 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:33:24.0468 3788 NwlnkFlt - ok
09:33:24.0500 3788 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:33:24.0625 3788 NwlnkFwd - ok
09:33:24.0671 3788 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:33:24.0812 3788 ohci1394 - ok
09:33:24.0921 3788 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:33:24.0968 3788 ose - ok
09:33:26.0093 3788 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:33:27.0093 3788 osppsvc - ok
09:33:27.0125 3788 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:33:27.0250 3788 Parport - ok
09:33:27.0265 3788 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:33:27.0390 3788 PartMgr - ok
09:33:27.0453 3788 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:33:27.0546 3788 ParVdm - ok
09:33:27.0578 3788 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\drivers\pci.sys
09:33:27.0703 3788 PCI - ok
09:33:27.0703 3788 PCIDump - ok
09:33:27.0734 3788 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\pciide.sys
09:33:27.0843 3788 PCIIde - ok
09:33:27.0875 3788 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:33:28.0031 3788 Pcmcia - ok
09:33:28.0031 3788 PDCOMP - ok
09:33:28.0046 3788 PDFRAME - ok
09:33:28.0046 3788 PDRELI - ok
09:33:28.0046 3788 PDRFRAME - ok
09:33:28.0125 3788 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:33:28.0296 3788 perc2 - ok
09:33:28.0312 3788 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:33:28.0421 3788 perc2hib - ok
09:33:28.0468 3788 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:33:28.0531 3788 PlugPlay - ok
09:33:28.0890 3788 [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\hpzipm12.dll
09:33:28.0906 3788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:33:28.0906 3788 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:33:28.0968 3788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
09:33:29.0046 3788 PolicyAgent - ok
09:33:29.0093 3788 [ 4FB133321E33CF310B0010F7F3631536 ] pppop C:\WINDOWS\system32\DRIVERS\pppop.sys
09:33:29.0109 3788 pppop - ok
09:33:29.0156 3788 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:33:29.0265 3788 PptpMiniport - ok
09:33:29.0312 3788 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\drivers\processr.sys
09:33:29.0421 3788 Processor - ok
09:33:29.0625 3788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:33:29.0703 3788 ProtectedStorage - ok
09:33:29.0734 3788 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:33:29.0843 3788 PSched - ok
09:33:29.0921 3788 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:33:30.0062 3788 Ptilink - ok
09:33:30.0093 3788 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:33:30.0265 3788 ql1080 - ok
09:33:30.0328 3788 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:33:30.0500 3788 Ql10wnt - ok
09:33:30.0609 3788 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:33:30.0750 3788 ql12160 - ok
09:33:30.0765 3788 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:33:30.0937 3788 ql1240 - ok
09:33:31.0000 3788 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:33:31.0171 3788 ql1280 - ok
09:33:31.0234 3788 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:33:31.0359 3788 RasAcd - ok
09:33:31.0406 3788 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:33:31.0687 3788 RasAuto - ok
09:33:31.0843 3788 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:33:31.0953 3788 Rasl2tp - ok
09:33:32.0031 3788 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:33:32.0140 3788 RasMan - ok
09:33:32.0203 3788 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:33:32.0359 3788 RasPppoe - ok
09:33:32.0406 3788 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:33:32.0562 3788 Raspti - ok
09:33:32.0953 3788 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:33:33.0109 3788 Rdbss - ok
09:33:33.0109 3788 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:33:33.0234 3788 RDPCDD - ok
09:33:33.0312 3788 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:33:33.0468 3788 rdpdr - ok
09:33:33.0625 3788 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:33:33.0703 3788 RDPWD - ok
09:33:33.0796 3788 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:33:33.0968 3788 RDSessMgr - ok
09:33:34.0015 3788 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:33:34.0156 3788 redbook - ok
09:33:34.0218 3788 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:33:34.0421 3788 RemoteAccess - ok
09:33:34.0515 3788 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:33:34.0640 3788 RemoteRegistry - ok
09:33:35.0000 3788 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
09:33:35.0156 3788 RpcLocator - ok
09:33:35.0343 3788 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:33:35.0390 3788 RpcSs - ok
09:33:35.0437 3788 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
09:33:35.0703 3788 RSVP - ok
09:33:35.0765 3788 [ E47C52F0380F0950E2BC9F1BCDC0DE9B ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:33:35.0859 3788 RTLE8023xp - ok
09:33:35.0875 3788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:33:35.0984 3788 SamSs - ok
09:33:36.0031 3788 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:33:36.0156 3788 SCardSvr - ok
09:33:36.0203 3788 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:33:36.0343 3788 Schedule - ok
09:33:36.0359 3788 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:33:36.0453 3788 Secdrv - ok
09:33:36.0500 3788 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:33:36.0609 3788 seclogon - ok
09:33:36.0750 3788 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
09:33:36.0859 3788 SenFiltService - ok
09:33:36.0890 3788 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:33:37.0000 3788 SENS - ok
09:33:37.0046 3788 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:33:37.0140 3788 serenum - ok
09:33:37.0156 3788 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:33:37.0281 3788 Serial - ok
09:33:37.0312 3788 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:33:37.0406 3788 Sfloppy - ok
09:33:37.0859 3788 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
09:33:38.0062 3788 sfman - ok
09:33:38.0093 3788 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:33:38.0125 3788 ShellHWDetection - ok
09:33:38.0140 3788 Simbad - ok
09:33:38.0265 3788 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:33:38.0437 3788 sisagp - ok
09:33:38.0437 3788 SMR310 - ok
09:33:38.0578 3788 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:33:38.0703 3788 Sparrow - ok
09:33:38.0921 3788 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:33:39.0031 3788 splitter - ok
09:33:39.0093 3788 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:33:39.0156 3788 Spooler - ok
09:33:39.0250 3788 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:33:39.0437 3788 sr - ok
09:33:39.0890 3788 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
09:33:40.0015 3788 srservice - ok
09:33:40.0343 3788 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:33:40.0484 3788 Srv - ok
09:33:40.0562 3788 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:33:40.0687 3788 SSDPSRV - ok
09:33:40.0859 3788 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:33:41.0328 3788 stisvc - ok
09:33:41.0359 3788 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:33:41.0468 3788 swenum - ok
09:33:41.0906 3788 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:33:42.0015 3788 swmidi - ok
09:33:42.0031 3788 SwPrv - ok
09:33:42.0046 3788 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:33:42.0187 3788 symc810 - ok
09:33:42.0234 3788 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:33:42.0437 3788 symc8xx - ok
09:33:42.0875 3788 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:33:43.0015 3788 sym_hi - ok
09:33:43.0078 3788 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:33:43.0187 3788 sym_u3 - ok
09:33:43.0218 3788 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:33:43.0328 3788 sysaudio - ok
09:33:43.0375 3788 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:33:43.0562 3788 SysmonLog - ok
09:33:43.0718 3788 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:33:43.0828 3788 TapiSrv - ok
09:33:44.0015 3788 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:33:44.0078 3788 Tcpip - ok
09:33:44.0156 3788 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:33:44.0265 3788 TDPIPE - ok
09:33:44.0296 3788 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:33:44.0406 3788 TDTCP - ok
09:33:44.0453 3788 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:33:44.0562 3788 TermDD - ok
09:33:44.0828 3788 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:33:44.0984 3788 TermService - ok
09:33:45.0031 3788 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:33:45.0046 3788 Themes - ok
09:33:45.0062 3788 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
09:33:45.0203 3788 TlntSvr - ok
09:33:45.0250 3788 [ CA9E9C2C04A198ED345C1752222A5F3E ] tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys
09:33:45.0281 3788 tmactmon - ok
09:33:45.0437 3788 [ B365E817E398FF2AC5706EAB232EF6C1 ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
09:33:45.0484 3788 TMBMServer - ok
09:33:45.0781 3788 [ A3D20789B3FF0576A29462BEF25BCFCC ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
09:33:45.0796 3788 tmcomm - ok
09:33:45.0843 3788 [ 21F215E54770C4BF93EFAF63F58FE57E ] tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys
09:33:45.0859 3788 tmevtmgr - ok
09:33:46.0078 3788 [ 717E406972BBC07F8FB2A989416CAB73 ] TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
09:33:46.0140 3788 TmFilter - ok
09:33:46.0453 3788 [ 1125044215CBA381CFA3AF68B864C0C1 ] tmlisten C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
09:33:46.0796 3788 tmlisten - ok
09:33:47.0078 3788 [ 379C4F99994A56B66E11D1E32BB22A1C ] TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
09:33:47.0093 3788 TmPreFilter - ok
09:33:47.0765 3788 [ 0FEC6C50B2BE07C57651573CDD1C721F ] TmProxy C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
09:33:47.0953 3788 TmProxy - ok
09:33:48.0109 3788 [ 44C262C1B2412DED35078B6166D2ACC2 ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
09:33:48.0140 3788 tmtdi - ok
09:33:48.0187 3788 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:33:48.0328 3788 TosIde - ok
09:33:48.0609 3788 [ 298572A7E0D5A63A90E134BB34CCACEB ] tpm C:\WINDOWS\system32\DRIVERS\tpm.sys
09:33:48.0703 3788 tpm - ok
09:33:48.0765 3788 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:33:48.0875 3788 TrkWks - ok
09:33:48.0921 3788 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:33:49.0078 3788 Udfs - ok
09:33:49.0140 3788 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:33:49.0234 3788 ultra - ok
09:33:49.0953 3788 [ F00EC4163A11CD4015643001F983B483 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
09:33:50.0359 3788 UNS - ok
09:33:50.0687 3788 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:33:50.0859 3788 Update - ok
09:33:50.0906 3788 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:33:51.0125 3788 upnphost - ok
09:33:51.0187 3788 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:33:51.0312 3788 UPS - ok
09:33:51.0468 3788 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
09:33:51.0625 3788 usbaudio - ok
09:33:51.0718 3788 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:33:51.0828 3788 usbccgp - ok
09:33:51.0859 3788 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:33:51.0984 3788 usbehci - ok
09:33:52.0000 3788 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:33:52.0109 3788 usbhub - ok
09:33:52.0140 3788 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:33:52.0296 3788 usbprint - ok
09:33:52.0437 3788 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:33:52.0593 3788 USBSTOR - ok
09:33:52.0984 3788 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:33:53.0125 3788 usbuhci - ok
09:33:53.0234 3788 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:33:53.0343 3788 VgaSave - ok
09:33:53.0437 3788 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:33:53.0609 3788 viaagp - ok
09:33:54.0234 3788 [ 8586D10602FF4994E0F56A13A47D2B28 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
09:33:54.0437 3788 VIAHdAudAddService - ok
09:33:54.0765 3788 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:33:54.0921 3788 ViaIde - ok
09:33:54.0953 3788 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:33:55.0078 3788 VolSnap - ok
09:33:55.0843 3788 [ 642EB152CB980AD9181B2161066BE629 ] VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
09:33:56.0171 3788 VSApiNt - ok
09:33:56.0265 3788 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:33:56.0531 3788 VSS - ok
09:33:56.0781 3788 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
09:33:56.0921 3788 W32Time - ok
09:33:57.0078 3788 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files\Wajam\Updater\WajamUpdater.exe
09:33:57.0140 3788 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
09:33:57.0140 3788 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
09:33:57.0265 3788 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:33:57.0406 3788 Wanarp - ok
09:33:57.0406 3788 WDICA - ok
09:33:57.0531 3788 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:33:57.0671 3788 wdmaud - ok
09:33:57.0750 3788 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:33:57.0890 3788 WebClient - ok
09:33:58.0296 3788 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:33:58.0437 3788 winmgmt - ok
09:33:59.0265 3788 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:33:59.0593 3788 wlidsvc - ok
09:33:59.0765 3788 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:33:59.0859 3788 WmdmPmSN - ok
09:34:00.0281 3788 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:34:00.0421 3788 Wmi - ok
09:34:00.0562 3788 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:34:00.0656 3788 WmiAcpi - ok
09:34:00.0734 3788 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:34:00.0906 3788 WmiApSrv - ok
09:34:01.0359 3788 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:34:02.0203 3788 WMPNetworkSvc - ok
09:34:02.0250 3788 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:34:02.0437 3788 wscsvc - ok
09:34:02.0703 3788 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:34:02.0828 3788 wuauserv - ok
09:34:02.0906 3788 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:34:03.0046 3788 WudfPf - ok
09:34:03.0078 3788 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:34:03.0187 3788 WudfRd - ok
09:34:03.0234 3788 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:34:03.0328 3788 WudfSvc - ok
09:34:03.0562 3788 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:34:03.0718 3788 WZCSVC - ok
09:34:03.0796 3788 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:34:03.0984 3788 xmlprov - ok
09:34:04.0000 3788 ================ Scan global ===============================
09:34:04.0140 3788 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:34:04.0281 3788 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:34:04.0375 3788 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:34:04.0390 3788 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:34:04.0390 3788 [Global] - ok
09:34:04.0390 3788 ================ Scan MBR ==================================
09:34:04.0468 3788 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:34:16.0875 3788 \Device\Harddisk0\DR0 - ok
09:34:16.0875 3788 ================ Scan VBR ==================================
09:34:16.0984 3788 [ 3793D62A57B8BD1BE26BD651F1A8FF0F ] \Device\Harddisk0\DR0\Partition1
09:34:17.0062 3788 \Device\Harddisk0\DR0\Partition1 - ok
09:34:17.0062 3788 ============================================================
09:34:17.0062 3788 Scan finished
09:34:17.0062 3788 ============================================================
09:34:17.0406 3780 Detected object count: 6
09:34:17.0406 3780 Actual detected object count: 6
09:34:47.0796 3780 DSSUSBF ( UnsignedFile.Multi.Generic ) - skipped by user
09:34:47.0796 3780 DSSUSBF ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:34:47.0796 3780 JGOGO ( UnsignedFile.Multi.Generic ) - skipped by user
09:34:47.0796 3780 JGOGO ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:34:47.0796 3780 JRAID ( UnsignedFile.Multi.Generic ) - skipped by user
09:34:47.0796 3780 JRAID ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:34:47.0796 3780 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:34:47.0796 3780 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:34:47.0796 3780 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:34:47.0796 3780 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:34:47.0812 3780 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
09:34:47.0812 3780 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip

Edited by MikeBerube, 10 September 2012 - 07:40 AM.

  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now I will need to reset services which have been damaged. How is the computer behaving now ?

.
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHAREDACCESS]
    "NextInstance"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHAREDACCESS\0000]
    "Service"="SharedAccess"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000020
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="Windows Firewall/Internet Connection Sharing (ICS)"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHAREDACCESS\0000\Control]
    "ActiveService"="SharedAccess"
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Oops I pressed the post button to early and only half of the registry fix is there (just the Legacy part ) Here is the remainder of the reg

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess]
    "DependOnGroup"=hex(7):00,00
    "DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
      6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
    "Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
    "DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
    "ErrorControl"=dword:00000001
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
      6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    "ObjectName"="LocalSystem"
    "Start"=dword:00000002
    "Type"=dword:00000020
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch]
    "Epoch"=dword:00000012
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters]
    "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
      00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
      00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Setup]
    "ServiceUpgrade"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Enum]
    "0"="Root\\LEGACY_SHAREDACCESS\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001
    
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
    .

  • 0

#19
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Everything runs great now. Here is the log. Let mw know if It's all clean.




OTL logfile created on: 2012-09-10 10:09:02 - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\user\Desktop\spyware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,45% Memory free
3,84 Gb Paging File | 3,40 Gb Available in Paging File | 88,48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 442,99 Gb Free Space | 95,11% Space Free | Partition Type: NTFS
Drive E: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RACETTE | User Name: mracette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-06 13:41:29 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\spyware\OTL.exe
PRC - [2012-09-03 23:00:57 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012-06-14 11:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2010-10-26 12:27:42 | 000,703,080 | ---- | M] (Fortinet Inc.) -- C:\WINDOWS\system32\FortiSSLVPNdaemon.exe
PRC - [2010-07-06 11:12:28 | 004,613,416 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\user\Local Settings\Temp\TeamViewer\Version5\TeamViewer.exe
PRC - [2010-07-01 10:33:48 | 000,231,424 | ---- | M] (Philips Austria GmbH - Speech Processing) -- C:\Program Files\Philips Speech\Device Control Center\PDCC.exe
PRC - [2009-09-08 03:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2009-09-04 20:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2009-09-04 20:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2009-07-15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009-07-06 14:19:04 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009-04-29 05:02:01 | 000,270,336 | R--- | M] (LG Electronics) -- C:\Documents and Settings\user\Bluebirds\BlueBirds.exe
PRC - [2009-04-02 16:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2008-07-21 03:48:08 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008-07-21 03:48:02 | 000,773,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2008-04-13 20:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008-04-13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-03-11 11:55:20 | 000,376,832 | ---- | M] (Philips Speech Processing) -- C:\WINDOWS\system32\pspcontr.exe
PRC - [2002-10-11 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2002-07-29 19:34:50 | 000,094,208 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\Olympus\DeviceDetector\devdtct2.exe


========== Modules (No Company Name) ==========

MOD - [2012-07-27 16:51:38 | 000,301,056 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.FRA
MOD - [2012-06-22 12:07:47 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012-06-22 12:07:38 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012-06-22 12:07:18 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012-06-22 12:07:00 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012-05-21 12:25:46 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
MOD - [2012-05-21 12:17:41 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012-05-21 12:07:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012-05-21 12:06:40 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012-05-21 12:06:32 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012-05-21 12:06:00 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012-05-21 12:05:54 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012-05-21 12:05:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010-06-17 16:18:28 | 000,277,504 | ---- | M] () -- C:\Program Files\Common Files\Philips Speech Shared\Components\SmEXLog.dll
MOD - [2008-04-13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - [2012-09-03 23:00:57 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-08-15 05:39:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-13 20:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-06-14 11:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2010-10-26 12:27:42 | 000,703,080 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\WINDOWS\system32\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2009-09-04 20:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2009-09-04 20:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2009-07-15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009-07-06 14:19:04 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008-07-21 03:48:08 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR310.SYS -- (SMR310)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-09-03 03:32:05 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2011-07-12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011-07-12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011-07-12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010-07-19 18:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010-07-19 18:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010-07-19 18:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010-01-29 02:31:44 | 005,884,960 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010-01-18 17:50:10 | 000,235,520 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009-11-17 19:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-17 19:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-08-17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009-08-05 14:16:42 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009-07-21 17:53:06 | 000,036,384 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pppop.sys -- (pppop)
DRV - [2009-07-15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009-06-05 03:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008-08-28 07:34:44 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2008-06-19 08:44:12 | 000,013,824 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008-06-04 23:58:18 | 000,144,480 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2008-04-13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006-07-17 21:51:40 | 000,041,600 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006-03-17 06:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006-02-07 07:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2004-08-12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001-08-17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001-08-17 08:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001-01-30 17:34:38 | 000,025,381 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DSSUSBF.sys -- (DSSUSBF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...tB&cr=459309896
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {835D6662-246E-4681-AAE7-91377F3AC76B}
IE - HKLM\..\SearchScopes,DefaultScope = {835D6662-246E-4681-AAE7-91377F3AC76B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{26A35A29-31F4-80DB-C9C4-6D28839E3D49}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{835D6662-246E-4681-AAE7-91377F3AC76B}: "URL" = http://start.funmood...tB&cr=459309896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylo...000005345000000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/de...fr-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 84 7A 06 74 6F CA 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://start.funmood...tB&cr=459309896
IE - HKCU\..\SearchScopes\{26A35A29-31F4-80DB-C9C4-6D28839E3D49}: "URL" = http://search.babylo...000005345000000
IE - HKCU\..\SearchScopes\{2C272558-193B-403E-B5B2-7C733A1B99D4}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{835D6662-246E-4681-AAE7-91377F3AC76B}: "URL" = http://www.google.co...1I7ADFA_enCA455
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://start.funmood...B&cr=459309896"
FF - prefs.js..browser.search.selectedEngine: "Ask.com Search"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..keyword.URL: ""
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-08-03 11:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-08-03 09:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012-08-03 11:24:19 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5azb4otg.default\searchplugins\askcom.xml
[2012-09-04 14:12:08 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5azb4otg.default\searchplugins\askcomsearch.xml
[2012-08-03 11:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-07-13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-07-13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012-09-06 15:14:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Philips Device Control Center] C:\Program Files\Philips Speech\Device Control Center\PDCC.exe (Philips Austria GmbH - Speech Processing)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PspContr] C:\WINDOWS\System32\pspcontr.exe (Philips Speech Processing)
O4 - HKLM..\Run: [PspUsbCf] C:\WINDOWS\System32\pspusbcf.exe (Philips Speech Processing)
O4 - HKLM..\Run: [SpeechExec Startup] C:\Program Files\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe (Philips Austria GmbH - Speech Processing)
O4 - HKCU..\Run: [bluebirds] C:\Documents and Settings\user\Bluebirds\BlueBirds.exe (LG Electronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\devdtct2.exe (OLYMPUS Optical Co.,Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - mswsock.dll File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1212158786304 (WUWebControl Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09E3DB22-DFCE-4DDD-A73C-65CD67E979A7}: DhcpNameServer = 206.191.0.210 206.191.0.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB33A13-D3F8-4F6C-B046-64778A9A7D33}: DhcpNameServer = 172.16.0.20 206.191.0.140 206.191.0.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BA7B319-DF11-4C3A-82A5-7BF7D8E08CE1}: DhcpNameServer = 206.191.0.210 206.191.0.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D0CCD3B-09C7-4239-A519-EFFB2A149DD3}: DhcpNameServer = 206.191.0.210 206.191.0.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6AC5E2F-11DF-4D47-B791-CBE9A687DAE4}: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5929062-E3D0-4345-AF13-BE88F62C2A64}: DhcpNameServer = 206.191.0.210 206.191.0.140
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-05-30 10:39:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-04-29 05:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{24db74e7-fb62-11e0-ae80-00248cacc508}\Shell - "" = AutoRun
O33 - MountPoints2\{24db74e7-fb62-11e0-ae80-00248cacc508}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24db74e7-fb62-11e0-ae80-00248cacc508}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{524b1084-de30-11e0-a1e7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{524b1084-de30-11e0-a1e7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{524b1084-de30-11e0-a1e7-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe
O33 - MountPoints2\{7fee049e-f9b8-11e0-8888-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7fee049e-f9b8-11e0-8888-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7fee049e-f9b8-11e0-8888-806d6172696f}\Shell\AutoRun\command - "" = D:\BlueBirds.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009-04-29 05:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-10 09:32:31 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2012-09-10 09:29:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-09-06 15:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\RK_Quarantine
[2012-09-06 15:14:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-06 13:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\spyware
[2012-09-05 15:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\NPE
[2012-09-05 15:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012-09-05 15:07:47 | 002,892,816 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\user\Desktop\NPE.exe
[2012-09-05 14:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro OfficeScan Client
[2012-09-05 13:57:42 | 000,000,000 | ---D | C] -- C:\Avenger
[2012-09-05 13:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-09-03 23:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-09-03 23:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012-09-03 03:32:05 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012-09-03 03:32:05 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012-09-03 03:32:05 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012-08-29 12:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012-08-16 11:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2012-08-14 03:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

========== Files - Modified Within 30 Days ==========

[2012-09-10 10:13:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B0E313CD-E755-490A-B9FF-306F2013738C}.job
[2012-09-10 10:02:53 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-10 10:02:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012-09-10 10:02:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-09-10 09:45:00 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-10 09:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-10 09:34:42 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-09-10 09:26:22 | 000,004,706 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-09-08 18:34:09 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Default.rdp
[2012-09-07 14:21:04 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Word 2010.lnk
[2012-09-06 15:14:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-09-05 15:06:38 | 002,892,816 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\user\Desktop\NPE.exe
[2012-09-05 15:00:33 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012-09-05 14:55:07 | 000,191,349 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
[2012-09-05 14:55:04 | 000,131,456 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
[2012-09-05 14:48:36 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2012-09-05 14:20:58 | 000,000,002 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-09-05 14:20:58 | 000,000,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-09-05 13:44:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-03 03:32:05 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012-09-03 03:32:05 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012-09-03 03:32:05 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012-08-29 12:34:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-08-16 12:19:22 | 000,294,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012-09-06 15:30:28 | 000,002,517 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2012-09-06 15:30:28 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2012-09-06 15:30:28 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
[2012-09-06 15:30:28 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012-09-06 15:30:28 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\HD ADeck.lnk
[2012-09-06 15:30:28 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012-09-05 14:55:07 | 000,191,349 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
[2012-09-05 14:55:04 | 000,131,456 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
[2012-09-05 14:47:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
[2012-09-05 13:44:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-29 12:34:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-08-02 22:17:06 | 000,384,844 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\funmoods-speeddial.crx
[2012-08-02 18:43:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012-08-02 18:43:06 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\store-pp.jbs
[2012-07-24 11:04:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\cafe
[2012-05-31 14:31:06 | 000,180,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012-05-02 09:37:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012-02-15 23:21:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-10-19 00:07:00 | 000,016,060 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2011-09-13 14:25:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2011-09-13 13:52:03 | 000,021,247 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011-09-13 13:49:05 | 001,481,884 | R--- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011-03-28 11:26:43 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011-03-28 11:26:43 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011-03-28 11:26:40 | 000,870,560 | R--- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011-03-28 11:26:40 | 000,127,868 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2009-11-27 12:18:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PFP100JPR.{PB
[2009-11-27 12:18:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PFP100JCM.{PB
[2008-06-18 11:14:02 | 000,000,008 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== LOP Check ==========

[2012-08-03 11:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012-08-02 18:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009-09-21 13:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Safend
[2012-09-05 14:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012-08-02 18:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Babylon
[2011-03-28 11:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ICAClient
[2012-08-03 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Oracle
[2011-10-19 14:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Philips Speech
[2012-09-07 11:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer
[2011-03-28 12:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Terminotix
[2012-09-10 10:13:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B0E313CD-E755-490A-B9FF-306F2013738C}.job
[2012-09-10 10:02:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >
  • 0

#20
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
sorry, did not see your last post. New scan in progress.
  • 0

#21
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"DependOnGroup"|hex(7):00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"DependOnService"|hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"Description"|"Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"DisplayName"|"Windows Firewall/Internet Connection Sharing (ICS)" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"ObjectName"|"LocalSystem" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch\\"Epoch"|dword:00000012 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\"%windir%\Network Diagnostic\xpnetdiag.exe"|"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\"%windir%\system32\sessmgr.exe"|"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\"%windir%\Network Diagnostic\xpnetdiag.exe"|"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\"%windir%\system32\sessmgr.exe"|"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Setup\\"ServiceUpgrade"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Enum\\"0"|"Root\\LEGACY_SHAREDACCESS\\0000" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Enum\\"Count"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Enum\\"NextInstance"|dword:00000001 /E : value set successfully!

OTL by OldTimer - Version 3.2.61.0 log created on 09102012_102559
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Excellent just some bad toolbars to go now Funmoods and Babylon

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#23
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
A log was not produced after reboot but I clicked Search after reboot. Here is the log after delete, reboot and search.

# AdwCleaner v2.001 - Logfile created 09/10/2012 at 11:20:00
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mracette - RACETTE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\user\Desktop\spyware\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5azb4otg.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5azb4otg.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5azb4otg.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5azb4otg.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5azb4otg.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5azb4otg.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9574 octets] - [10/09/2012 11:12:48]
AdwCleaner[S1].txt - [9016 octets] - [10/09/2012 11:14:30]
AdwCleaner[R2].txt - [1640 octets] - [10/09/2012 11:20:00]

########## EOF - C:\AdwCleaner[R2].txt - [1700 octets] ##########
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good, any outstanding problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\SearchScopes\{835D6662-246E-4681-AAE7-91377F3AC76B}: "URL" = http://start.funmood...tB&cr=459309896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylo...000005345000000
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://start.funmood...tB&cr=459309896
    IE - HKCU\..\SearchScopes\{26A35A29-31F4-80DB-C9C4-6D28839E3D49}: "URL" = http://search.babylo...000005345000000
    FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0C0A0C0CyDtDzzzyzztC0EtN0D0Tzu0StBtCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=459309896"
    [2012-08-02 22:17:06 | 000,384,844 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\funmoods-speeddial.crx
    [2012-08-02 18:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012-09-05 14:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2012-08-02 18:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Babylon
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
    .

  • 0

#25
Putt4Dough

Putt4Dough

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
No problems, Everything is running great. Are we done?


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{835D6662-246E-4681-AAE7-91377F3AC76B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835D6662-246E-4681-AAE7-91377F3AC76B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Backup.Old.Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26A35A29-31F4-80DB-C9C4-6D28839E3D49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A35A29-31F4-80DB-C9C4-6D28839E3D49}\ not found.
Prefs.js: "http://start.funmood...B&cr=459309896" removed from browser.startup.homepage
File C:\Documents and Settings\user\Local Settings\Application Data\funmoods-speeddial.crx not found.
Folder C:\Documents and Settings\All Users\Application Data\Babylon\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Tarma Installer\ not found.
Folder C:\Documents and Settings\user\Application Data\Babylon\ not found.

OTL by OldTimer - Version 3.2.61.0 log created on 09102012_133341
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. For AdwCleaner run the programme and press uninstall

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP