Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Explorer opens random webpages! [Closed]

Started by Calamari02 , Oct 13 2012 04:59 PM

  • This topic is locked This topic is locked

#1
Calamari02
Posted 13 October 2012 - 04:59 PM

Calamari02

    New Member

  • Member
  • Pip
  • 7 posts
Hello all.

I have had an issue on my desktop for about a good year and it appears to be some form of malware. iexplorer will randomly open 4 to 5 web pages or sites each site being completely different and very random such as Wikipedia searches for the meaning of leap or a description of some remote town in Estonia.
In task manager, there are sometimes up to 15 - 20 iexplorer.exe running. sometimes, there will even be multimedia playing and there are no windows to be seen.

I have disabled third party software with iexplorer (ps i use firefox) which seemed to have worked for a few hours. then it just came right back.

I have stumbled across another thread with the same issue. The person was advised to run GMER which i also decided follow and do. The instructions specifically mention to untick IAT/EAT, the c: drive and the 'show all' tick box. i would then run the scan. i have attempted this procedure three times as during the scan, the computer will hit the 'blue screen' and restart.

I have a 32bit windows 7.

Help would be much appreciated!! thanks.
  • 0

Advertisements

#2
gringo_pr
Posted 13 October 2012 - 05:49 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo
  • 0

#3
Calamari02
Posted 13 October 2012 - 07:21 PM

Calamari02

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much Gringo.

Everything has gone smoothly so far.

Defogger Log;

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:53 on 14/10/2012 (Roberto)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-


===================================================

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1
Run by Roberto at 12:11:14 on 2012-10-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1531 [GMT 11:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Outdated* {E9467272-859A-F159-FA9E-55E7E32D7A25}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Outdated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Avid\Mbox\AudioDevMon.exe
C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe
C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Roberto\AppData\Local\TempYtbn\ytbsys.exe
C:\Users\Roberto\AppData\Local\TempYtpok\ytp.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Roberto\AppData\Local\Temp\vcheck.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Roberto\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Users\Roberto\Desktop\SecurityCheck.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={F527D2E1-E1AD-4F97-877D-4ADD460357BD}&mid=dc48575180cd47d08546d157caf3e4ce-09688da4144e2adb066db82f8eabf31b210f53f5&lang=en&ds=od011&pr=sa&d=2012-04-25%2019:15:28&v=11.0.0.9&sap=hp
uSearch Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=f6f187b6-ce2a-40b9-9729-0857745850c8&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
uSearch Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=f6f187b6-ce2a-40b9-9729-0857745850c8&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
mStart Page = hxxp://www.yahoo.com/?fr=fp-emptyloop&type=emptyloop
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-emptyloop&type=emptyloop
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=f6f187b6-ce2a-40b9-9729-0857745850c8&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} -
BHO: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO: Wondershare Video Converter Ultimate: {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - c:\program files\wondershare\video converter ultimate\SVRIEPlugin.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - LocalServer32 - <no file>
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarTlbr.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
uRun: [RegClean Expert Scheduler] "c:\program files\registry clean expert\RCHelper.exe" /startup
uRun: [vcheck] c:\users\roberto\appdata\local\temp\vcheck.exe
mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ytbsys] c:\users\roberto\appdata\local\tempytbn\ytbsys.exe
mRun: [ytp] c:\users\roberto\appdata\local\tempytpok\ytp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\users\roberto\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{9A2E2B7F-4779-4E1C-BF65-ED07E454B8D0} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9A2E2B7F-4779-4E1C-BF65-ED07E454B8D0}\D696E6463747F627D6 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\roberto\appdata\roaming\mozilla\firefox\profiles\d2wrkfyx.default\
FF - prefs.js: browser.startup.homepage - hxxps://isearch.avg.com?cid=%7Bad813e02-e6a0-4d54-8f39-3c8250303b87%7D&mid=dc48575180cd47d08546d157caf3e4ce-09688da4144e2adb066db82f8eabf31b210f53f5&ds=od011&v=12.2.5.32&lang=en&pr=sa&d=2012-04-25%2019%3A15%3A28&sap=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\roberto\appdata\roaming\mozilla\firefox\profiles\d2wrkfyx.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-31 27496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-22 218688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2011-3-3 18224]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-15 26352]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-15 493032]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-28 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-28 676936]
R2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files\avid\mbox\AudioDevMon.exe [2010-10-7 1919504]
R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files\avid\mbox mini\AudioDevMon.exe [2010-10-8 1919504]
R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files\avid\mbox pro\AudioDevMon.exe [2010-10-8 1919504]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2009-7-18 3576320]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.57\SymcPCCULaunchSvc.exe [2011-7-1 123320]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-8-31 722528]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-6-25 47104]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-10-15 35568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-28 22856]
R3 MBOX;Service for Avid Mbox;c:\windows\system32\drivers\AvidMbox.sys [2010-10-7 398224]
R3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\drivers\AvidMbox_DFU.sys [2010-10-7 23312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PCCUJobMgr;Common Client Job Manager Service;"c:\program files\norton pc checkup\engine\2.0.12.57\ccsvchst.exe" /s "pccujobmgr" /m "c:\program files\norton pc checkup\engine\2.0.12.57\dimaster.dll" /prefetch:1 --> c:\program files\norton pc checkup\engine\2.0.12.57\ccSvcHst.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 114144]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-2 1343400]
.
=============== Created Last 30 ================
.
2012-10-13 16:39:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cea809d3-066e-4363-bb63-83b7e4ca8f97}\offreg.dll
2012-10-13 01:26:43 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cea809d3-066e-4363-bb63-83b7e4ca8f97}\mpengine.dll
2012-10-11 11:07:22 -------- d-----w- c:\users\roberto\appdata\roaming\Xilisoft
2012-10-11 11:06:10 -------- d-----w- c:\programdata\Xilisoft
2012-10-11 09:36:28 -------- d-----w- c:\users\roberto\appdata\local\The Little App Factory, LLC
2012-10-09 23:14:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-09 23:12:39 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 23:12:39 1157632 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 23:12:39 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 23:12:13 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 23:12:00 541184 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 23:11:49 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 23:11:49 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-01 03:18:05 -------- d-----w- c:\programdata\xml_param
2012-10-01 03:16:27 -------- d-----w- c:\users\roberto\appdata\roaming\Wondershare Video Converter Ultimate
2012-10-01 03:16:08 -------- d-----w- c:\users\roberto\appdata\local\Wondershare
2012-10-01 03:16:05 -------- d-----w- c:\program files\common files\Wondershare
2012-10-01 03:15:51 727952 ----a-w- c:\windows\system32\WSCM64.dll
2012-10-01 03:15:51 159120 ----a-w- c:\windows\system32\WSCM32.dll
2012-10-01 03:15:44 -------- d-----w- c:\programdata\Wondershare Video Converter Ultimate
2012-10-01 03:15:36 -------- d-----w- c:\program files\Wondershare
2012-10-01 02:13:44 -------- d-----w- c:\users\roberto\appdata\local\{5626E791-1FE3-45FC-960A-41530EF51990}
2012-10-01 02:13:24 -------- d-----w- c:\users\roberto\appdata\local\{FA43FED7-B8C0-41C6-8D89-870B40792CC4}
2012-09-30 06:04:18 -------- d-----w- c:\users\roberto\appdata\roaming\Guitar Pro 6
2012-09-30 06:04:18 -------- d-----w- c:\programdata\Guitar Pro 6
2012-09-30 05:06:07 -------- d-----w- c:\users\roberto\guitarpro TABS
2012-09-30 04:47:45 -------- d-----w- c:\program files\windows movie maker
2012-09-19 17:01:01 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-10-13 10:46:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 10:46:44 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 09:08:39 16 ----a-w- c:\windows\system32\msvcsv60.dll
2012-10-02 09:08:39 16 ----a-w- c:\users\roberto\appdata\roaming\msregsvv.dll
2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-07 07:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-05 01:01:25 948012 ----a-w- c:\windows\system32\cyn.exe
2012-08-30 21:14:38 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 17:10:47 981504 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 17:08:47 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 16:01:45 386048 ----a-w- c:\windows\system32\html.iec
2012-08-24 15:27:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:05:42 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-19 07:59:47 0 ----a-w- c:\windows\system32\cypn.exe
2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys
2004-05-14 13:20:26 2166784 ----a-w- c:\program files\Topaz_Clav1.dll
.
============= FINISH: 12:11:42.33 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2011 8:04:06 PM
System Uptime: 10/14/2012 9:34:07 AM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5K SE
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | LGA775 | 2331/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 183 GiB total, 2.636 GiB free.
D: is FIXED (NTFS) - 115 GiB total, 82.399 GiB free.
E: is CDROM (UDF)
F: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is CDROM ()
I: is FIXED (NTFS) - 699 GiB total, 575.64 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1542FBD&0&09F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1542FBD&0&09F0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 9.21beta
Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AKAI professional VST Collection v1.0
AmpliTube 3 version 3.7.0
Antares Autotune VST v5.09
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVG Security Toolbar
Avid Audio Drivers (x86)
Avid Mbox Driver 1.0.19 (x86)
Avid Mbox Mini Driver 1.0.6 (x86)
Avid Mbox Pro Driver 1.0.11 (x86)
Avid Pro Tools LE 8.0.5
Babylon toolbar on IE
Bass Station 1.50
Bonjour
Broomstick Bass 1.0.0
Camel Audio Camel Phat VST v3.15
Collab
CopyTrans Suite Remove Only
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
db audioware Sidechain Compressor VST v1.1.0
dBpowerAMP FLAC Codec
dBpowerAMP Music Converter
dBpowerAMP VOC Codec
Digidesign ElevenRack Driver 1.0.8 (x86)
discoDSP Discovery Pro
dMC Power Pack
Dodo Wireless Broadband
DSP/FX v6.2a
Edirol HQ Orchestral v1.01
Electric Sheep 2.7b34
Electronisounds Ubergate VST v1.3
Elemental Audio Neodynium VST RTAS
eLicenser Control
FabFilter Pro-C VST RTAS v1.10
FL Studio 10
Flac to MP3 Converter
FLV To MP3 Converter V3.0.4
Free DigiRack Plug-Ins 8.0.5
Free WAV To MP3 Converter 2.1
Guitar Pro 5.0
Guitar Pro 6
Hardcore
IK Multimedia Authorization Manager version 1.0.5
IL Download Manager
Intel® C++ Redistributables for Windows* on IA-32
Interlok driver setup x32
iTunes
iZotope Ozone 4
iZotope RX 2
Java Auto Updater
Java™ 6 Update 30
Java™ 7 Update 4
JavaFX 2.1.0
Live 8.0.1
Lounge Lizard EP-2 v2.0
Luxonix Purity VSTi v1.1.2
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Native Instruments B4 II
Native Instruments Controller Editor
Native Instruments FM8
Native Instruments Guitar Rig 4
Native Instruments GuitarRig Mobile IO Driver
Native Instruments Kontakt 3
Native Instruments Massive
Native Instruments Reaktor 5
Native Instruments Rig Kontrol 3 Driver
Native Instruments Service Center
Native Instruments Session IO Driver
Nexon Game Manager
Ohm Force - Ohmicide VST
Ohmforce Hematohm PRO VST v1.22
Ohmforce Mobilohm PRO VST v1.12
Ohmforce Predatohm PRO VST v1.32
Paint.NET v3.5.8
PDF Viewer 0.1
PoiZone
QuadraSID 6581 VSTi v1.1
QuickTime
reFX Nexus 1.3.7
Registry Clean Expert
ReValver Mk IIIdotV
Rob Papen BLUE Version 1.8.5d
Rob Papen Predator V1.5.8 32 Bits Single Core
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype™ 5.10
Sniper Elite
Sonnox Oxford Limiter Native VST v1.1.1
SoundFonts.it GS-201 Tape Echo v1.0 VST
SoundFonts.it Milestone v1.0 VSTi
SoundFonts.it VB3 v1.0.1 VSTi
SoundFonts.it VB3 v1.1 VSTi
Steam
Studio Devil AMP 1.1
Superior Drummer Installer
Toxic Biohazard
Translator Version 2.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar
V-Station 1.50
War Rock
Waves Diamond Bundle v5.2
Waves L3 v5.2
WinArchiver
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.00 (32-bit)
Wondershare Video Converter Ultimate(Build 6.0.1.0)
WOW
Xilisoft iPod Rip
Yontoo Layers Runtime 1.10.01
ZoneAlarm Extreme Security
.
==== Event Viewer Messages From Past Week ========
.
10/8/2012 5:42:15 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/14/2012 9:34:57 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x9b372d37, 0xa98c4590, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101412-49389-01.
10/14/2012 9:34:56 AM, Error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the file specified.
10/14/2012 9:34:55 AM, Error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The system cannot find the file specified.
10/14/2012 9:23:43 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/14/2012 9:23:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8380f3d6, 0xa9ae2590, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101412-41574-01.
10/13/2012 11:36:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Disk Defragmenter service to connect.
10/13/2012 11:36:28 PM, Error: Service Control Manager [7000] - The Disk Defragmenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/13/2012 11:36:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
10/11/2012 8:21:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
10/11/2012 8:21:25 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on I: cannot be read.
10/11/2012 8:20:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/10/2012 10:11:30 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume1.
10/10/2012 10:09:59 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/10/2012 10:01:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================


Results of screen317's Security Check version 0.99.51
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Extreme Security Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.0
Java™ 6 Update 30
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Zone Labs ZoneAlarm zlclient.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#4
gringo_pr
Posted 13 October 2012 - 10:32 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#5
Calamari02
Posted 14 October 2012 - 04:32 AM

Calamari02

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Cheers Gringo!

so far so good.

Results of screen317's Security Check version 0.99.51
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Extreme Security Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.0
Java™ 6 Update 30
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Zone Labs ZoneAlarm zlclient.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
=====================================================================

# AdwCleaner v2.004 - Logfile created 10/14/2012 at 20:56:56
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Roberto - ROBERTO-PC
# Boot Mode : Normal
# Running from : C:\Users\Roberto\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\Users\Roberto\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Roberto\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Roberto\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Common Files\FreeCause
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\Pazera Toolbar
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Roberto\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Roberto\AppData\Local\Conduit
Folder Deleted : C:\Users\Roberto\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Roberto\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Roberto\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Roberto\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Roberto\AppData\Local\Temp\CT3072253
Folder Deleted : C:\Users\Roberto\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\Roberto\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\Roberto\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Roberto\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Roberto\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Roberto\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Roberto\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Roberto\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Roberto\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\Conduit
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\ConduitCommon
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\CT2786678
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\CT3072253
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\extensions\[email protected]
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\extensions\[email protected]
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\extensions\[email protected]
Folder Deleted : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\Searchqutoolbar
Folder Deleted : C:\Users\Roberto\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{093B3D46-0F87-44CF-B44B-79537F1597E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B169632-4FA6-4BE0-B980-460B5BF7FD08}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{093B3D46-0F87-44CF-B44B-79537F1597E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B169632-4FA6-4BE0-B980-460B5BF7FD08}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{18FBD679-6983-4B7D-9BB5-76A8FCB66798}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C51B0916-59FE-41D3-8D68-87E6390E18CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE7F8734-035D-4460-8DD4-609BD251E110}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A839EF3-D283-48A0-B24C-FF0911ED6A86}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05688B46-20E1-4335-90FB-194E9AF59262}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEF0640A-CD61-4021-8084-E2E4DE6648D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=f6f187b6-ce2a-40b9-9729-0857745850c8&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={F527D2E1-E1AD-4F97-877D-4ADD460357BD}&mid=dc48575180cd47d08546d157caf3e4ce-09688da4144e2adb066db82f8eabf31b210f53f5&lang=en&ds=od011&pr=sa&d=2012-04-25%2019:15:28&v=11.0.0.9&sap=hp --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=f6f187b6-ce2a-40b9-9729-0857745850c8&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={F527D2E1-E1AD-4F97-877D-4ADD460357BD}&mid=dc48575180cd47d08546d157caf3e4ce-09688da4144e2adb066db82f8eabf31b210f53f5&lang=en&ds=od011&pr=sa&d=2012-04-25 19:15:28&v=12.2.5.32&sap=nt --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=f6f187b6-ce2a-40b9-9729-0857745850c8&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=AU&userid=f6f187b6-ce2a-40b9-9729-0857745850c8&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\prefs.js

C:\Users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\user.js ... Deleted !

Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Sep 05 2011 13:58:27 GMT+1000 (AUS Eastern Stan[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129575151151403741", true);
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2786678.CurrentServerDate", "24-11-2011");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Thu Nov 24 2011 00:22:48 GMT+1100 (AUS Eastern Da[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Thu Nov 24 2011 17:09:45 GMT+1100 (AUS Eastern Dayligh[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 22:17:28 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 22:17:28 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 20:52:36 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 20:52:36 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 20:52:36 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 20:52:36 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 20:52:36 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 20:52:36 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 22:17:28 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 22:17:28 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 22:17:28 GMT+1000 (AUS Easter[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Nov 24 2011 16:44:46 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Nov 24 2011 16:44:45 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "22-4-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);
Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Fri Apr 22 2011 19:35:32 GMT+1000 (AUS Eastern Standard Time)"[...]
Deleted : user_pref("CT2786678.InvalidateCache", false);
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu Nov 24 2011 15:43:12 GMT+1100 (AUS Eastern Day[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Sat Jun 25 2011 20:45:20 GMT+1000 (AUS Eastern Standard Ti[...]
Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Mon Aug 15 2011 19:52:35 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Thu Sep 22 2011 21:24:32 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Tue Nov 08 2011 14:34:43 GMT+1100 (AUS Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.LastLogin_3.8.0.8", "Thu Nov 24 2011 14:44:47 GMT+1100 (AUS Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2786678.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2786678.SearchBoxWidth", 329);
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu Nov 24 2011 15:43:10 GMT+1100 (AUS Eastern D[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu Nov 24 2011 15:43:15 GMT+1100 (AUS Eastern Dayli[...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Thu Nov 24 2011 10:44:44 GMT+1100 (AUS Eastern Dayligh[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1314985690");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Nov 22 2011 15:23:11 GMT+1100 (AUS Eastern[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN77442514397120650");
Deleted : user_pref("CT2786678.ValidationData_Search", 2);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Thu Nov 24 2011 16:44:46 GMT+1100 (AUS Eastern Daylight Time[...]
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e.:2z527", "247E706A73744345343D4436387E4A3F422F77317D7C207[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el8:", "6E6D706F6F7471767575");
Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737675757A777C7B7B242F4B4947[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e31;cj7fk;kg#oqq;igi+vkn", "247E61393F236B25737471722A212C6[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e8x305", "247E3441402B327844393C29712B7A7C207D3027324740434[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2786678.backendstorage./9b-0?3g>d", "3E693E716E4343417A7171797620757A4C4B257E2153232A20[...]
Deleted : user_pref("CT2786678.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2786678.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "676A6D7273747576");
Deleted : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Deleted : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "663B3C6A3F6F756F7A4644714A46787B7678227C50");
Deleted : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F6F747176727770747B");
Deleted : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5765642053657020323820323031312031313A34333A35372[...]
Deleted : user_pref("CT2786678.backendstorage.for_aoi", "31333130313732303739");
Deleted : user_pref("CT2786678.backendstorage.for_ccid", "506F696E7420436F6F6B");
Deleted : user_pref("CT2786678.backendstorage.for_cdtr", "31333130313732303739");
Deleted : user_pref("CT2786678.backendstorage.for_cdtr6", "31333135353537343037");
Deleted : user_pref("CT2786678.backendstorage.for_cid", "4155");
Deleted : user_pref("CT2786678.backendstorage.for_ip", "3132332E322E33392E323435");
Deleted : user_pref("CT2786678.backendstorage.for_lcut", "31333232313133343932");
Deleted : user_pref("CT2786678.backendstorage.for_rid", "3037");
Deleted : user_pref("CT2786678.backendstorage.for_zoneid", "37383138");
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E7761746368636172746F6F6E6F6[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333232303939333139353639");
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Thu Nov 24 2011 14:44:45 GMT+1100 (AUS East[...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu Nov 24 2011 15:43:12 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon Nov 14 2011 22:18:27 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CT3072253..clientLogIsEnabled", true);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Thu May 24 2012 15:34:22 GMT+1000 (AUS Eastern Stan[...]
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129572937280362976", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "14-10-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sun Oct 14 2012 20:14:51 GMT+1100 (AUS Eastern Da[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "19-2-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.searchqu.com/406");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3072253.InstalledDate", "Sun Feb 19 2012 16:45:12 GMT+1100 (AUS Eastern Daylight Time)"[...]
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sun Oct 14 2012 20:14:49 GMT+1100 (AUS Eastern Day[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.10.0.1", "Wed Apr 18 2012 21:58:17 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.7", "Wed Apr 25 2012 22:05:49 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Wed May 30 2012 21:47:59 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 15:11:54 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Aug 28 2012 08:47:07 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Sun Oct 14 2012 17:19:37 GMT+1100 (AUS Eastern Daylight T[...]
Deleted : user_pref("CT3072253.LastLogin_3.9.0.3", "Thu Mar 08 2012 23:49:26 GMT+1100 (AUS Eastern Daylight Ti[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT3072253.SearchBoxWidth", 148);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Search Results");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sun Oct 14 2012 20:14:47 GMT+1100 (AUS Eastern D[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Sun Oct 14 2012 20:14:49 GMT+1100 (AUS Eastern Dayli[...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Sun Oct 14 2012 18:30:26 GMT+1100 (AUS Eastern Dayligh[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1349970965");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Tue Jun 05 2012 20:01:16 GMT+1000 (AUS Eastern[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN49914355315652803");
Deleted : user_pref("CT3072253.ValidationData_Search", 0);
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423536373634333634373935335F46697265666F78")[...]
Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "53756E2046656220313920323031322031363A34353A31342[...]
Deleted : user_pref("CT3072253.backendstorage.toolbar_prefs", "7B22636F6E6E5F74797065223A226C6F63616C227D");
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F75732E636F6E6669672E746F6F6C626[...]
Deleted : user_pref("CT3072253.backendstorage.youtubelang", "5553");
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Jun 09 2012 19:27:21 GMT+1000 (AUS East[...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sun Oct 14 2012 20:14:49 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Jun 11 2012 13:30:29 GMT+1000 (AUS Easte[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/AU", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1246464/1242137/AU", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/AU", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15970/15636/AU", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/3674/3663/AU", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/489709/485580/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666466/662327/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/787035/782857/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/790645/786467/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/824290/820098/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/831418/827221/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/875127/870925/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/961931/957699/AU", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"abd[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Roberto\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://artpad.art.com/artpad/painter/", "141x-3"[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://popuphtml.s3.amazonaws.com/popup-en.html"[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/MarketPlace/78/86/78d[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://tools.alphatrade.com/index.php?t1=individ[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.addisvoice.com/currency.htm", "864x11[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.breaknplay.com/apps/pokercalculator/"[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.gamez4you.com/toolbar/index.php?cat=1[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.sosforum.it/governor_of_poker.htm", "[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.versitek.com/external-content/toolbar[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v3.1.0/gadget.html", [...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 22 2011 19:35:35 GMT+10[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 03:44:38 GMT+1000 (AUS E[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 18:04:29 GMT+1000 (AUS Easte[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "60c232ca-4457-41ff-8501-85352e50389c");
Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "2.AQAAhdUzsvutIx5u.86400.1307415600.0-538168696")[...]
Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "AQBgurIU2-Rq308u");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Nov 24 2011 15:43:10 GMT+1100 (AUS[...]
Deleted : user_pref("CommunityToolbar.facebook.userId", "538168696");
Deleted : user_pref("CommunityToolbar.globalUserId", "b5f3159b-8909-45a3-9756-5c161231919d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jun 07 2012 18:00:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 11 2012 00:42:07 GMT+100[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jun 11 2012 00:41:57 GMT+1000 (A[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "01c1317b-e4cb-4628-9caf-63c89e76ea7a");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search Results");
Deleted : user_pref("CommunityToolbar.permanenceEngine", false);
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.startup.homepage", "hxxps://isearch.avg.com?cid=%7Bad813e02-e6a0-4d54-8f39-3c8250[...]
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "AU");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "72E1CD29386423694248267F2FF4B02B");
Deleted : user_pref("extensions.BabylonToolbar.id", "d2f0a987e0cc46ec9a26950537588cf7");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15157");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "24");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 24);
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 60658032);
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.sid", "d2f0a987e0cc46ec9a26950537588cf7");
Deleted : user_pref("extensions.SoccerInferno.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opens[...]
Deleted : user_pref("extensions.SoccerInferno.prevKwdURL", "hxxp://dts.search-results.com/sr?src=ffb&appid=102[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

*************************

AdwCleaner[S2].txt - [68912 octets] - [14/10/2012 20:56:56]

########## EOF - C:\AdwCleaner[S2].txt - [68973 octets] ##########
======================================================================================================================================================



RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Roberto [Admin rights]
Mode : Remove -- Date : 10/14/2012 21:26:57

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] ytbsys.exe -- C:\Users\Roberto\AppData\Local\TempYtbn\ytbsys.exe -> KILLED [TermProc]
[SUSP PATH] ytp.exe -- C:\Users\Roberto\AppData\Local\TempYtpok\ytp.exe -> KILLED [TermProc]
[SUSP PATH] vcheck.exe -- C:\Users\Roberto\AppData\Local\Temp\vcheck.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : vcheck (C:\Users\Roberto\AppData\Local\Temp\vcheck.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : ytbsys (C:\Users\Roberto\AppData\Local\TempYtbn\ytbsys.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : ytp (C:\Users\Roberto\AppData\Local\TempYtpok\ytp.exe) -> DELETED
[TASK][PREVRUN] {1C9824B6-B545-4194-A777-5F777829547C} : C:\Windows\System32\pcalua.exe -a "C:\Users\Roberto\Desktop\Install HyperControl for ProTools 8_0_5.exe" -d C:\Users\Roberto\Desktop -> DELETED
[TASK][PREVRUN] {88A6003F-1AE8-4C11-B852-C7918FCC3A36} : C:\Windows\System32\pcalua.exe -a "C:\Program Files\Dodo Wireless Broadband\uninst.exe" -> DELETED
[TASK][PREVRUN] {9712C58D-39E2-4DD2-8393-26E2C0772BDA} : C:\Windows\System32\pcalua.exe -a G:\SETUP.EXE -d G:\ -> DELETED
[TASK][PREVRUN] {B0E368BA-F392-4EAF-979C-C05540F4B2AD} : C:\Windows\System32\pcalua.exe -a G:\setup.exe -d G:\ -> DELETED
[TASK][PREVRUN] {BE338795-CF8A-4BFC-872D-9603DA87E15E} : C:\Windows\System32\pcalua.exe -a "D:\Clav_1\Topaz_Clav1 Installer.exe" -d D:\Clav_1 -> DELETED
[TASK][PREVRUN] {C44BB264-B939-4F68-B85A-1EE86F267848} : C:\Windows\System32\pcalua.exe -a C:\Windows\unvise32.exe -c C:\Program Files\XLN Audio\Addictive Drums\uninstal.log -> DELETED
[TASK][PREVRUN] {D09CD098-B364-447D-AEA4-B0AF68C95FD0} : C:\Windows\System32\pcalua.exe -a G:\SETUP.NOW.EXE -d G:\ -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-00VYA0 ATA Device +++++
--- User ---
[MBR] 2ddbe08d599f785b9eaeeae3941fc772
[BSP] 04644cc8f36bf243750c0e77740d574a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 187351 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 383696896 | Size: 117892 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#6
gringo_pr
Posted 14 October 2012 - 04:55 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
Calamari02
Posted 14 October 2012 - 05:22 AM

Calamari02

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey Gringo,

No problems yet!

nice n smooth once again.

Just before i ran Combofix there were still some iexplorer.exe running still munching my cpu. after the combofix scan, there appear to be no iexplorer.exe running. the pc is running very nicely ;)

Here is the combofix log.

ComboFix 12-10-14.03 - Roberto 10/14/2012 22:02:18.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.2102 [GMT 11:00]
Running from: c:\users\Roberto\Desktop\ComboFix.exe
FW: ZoneAlarm Extreme Security Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Outdated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roberto\06.jpg
c:\users\Roberto\129040893625628390.jpg
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Cookies\isindex.dat
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF692D.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF693E.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF694E.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF694F.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6960.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6971.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6981.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6992.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6993.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF69C3.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF69D3.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF69D4.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF69E5.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF69F5.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A06.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A07.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A18.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A19.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A29.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A3A.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A3B.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A4B.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A4C.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A5D.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A6E.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A6F.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A7F.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A90.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6A91.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6AA1.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6AB2.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6AC3.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6AC4.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6AD4.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6AF4.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6B05.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6B16.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6B36.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6B37.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6B47.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6B68.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6B88.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6B98.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6BA9.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6BC9.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6BE9.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6C0A.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6C1A.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6C2B.tmp
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Recent\SSF6C3B.tmp
c:\users\Roberto\AppData\Roaming\msregsvv.dll
c:\users\Roberto\cnet_FreeWAVToMP3ConverterSetup_exe.exe
c:\users\Roberto\g2mdlhlpx.exe
c:\windows\pthreadGC2.dll
c:\windows\system32\cypn.exe
c:\windows\system32\msvcsv60.dll
D:\AUTORUN.INF
D:\SETUP.EXE
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-14 11:11 . 2012-10-14 11:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 10:22 . 2012-10-14 10:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEA809D3-066E-4363-BB63-83B7E4CA8F97}\offreg.dll
2012-10-13 01:26 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEA809D3-066E-4363-BB63-83B7E4CA8F97}\mpengine.dll
2012-10-11 11:07 . 2012-10-11 11:07 -------- d-----w- c:\users\Roberto\AppData\Roaming\Xilisoft
2012-10-11 11:06 . 2012-10-11 11:06 -------- d-----w- c:\programdata\Xilisoft
2012-10-11 09:36 . 2012-10-11 09:36 -------- d-----w- c:\users\Roberto\AppData\Local\The Little App Factory, LLC
2012-10-09 23:14 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-09 23:12 . 2012-06-02 04:45 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 23:12 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 23:12 . 2012-06-02 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 23:12 . 2012-08-31 17:21 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 23:12 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 23:11 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 23:11 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-01 03:18 . 2012-10-01 04:00 -------- d-----w- c:\programdata\xml_param
2012-10-01 03:16 . 2012-10-01 03:16 -------- d-----w- c:\users\Roberto\AppData\Roaming\Wondershare Video Converter Ultimate
2012-10-01 03:16 . 2012-10-01 03:16 -------- d-----w- c:\users\Roberto\AppData\Local\Wondershare
2012-10-01 03:16 . 2012-10-01 03:16 -------- d-----w- c:\program files\Common Files\Wondershare
2012-10-01 03:15 . 2012-09-21 00:25 727952 ----a-w- c:\windows\system32\WSCM64.dll
2012-10-01 03:15 . 2012-09-21 00:25 159120 ----a-w- c:\windows\system32\WSCM32.dll
2012-10-01 03:15 . 2012-10-01 03:54 -------- d-----w- c:\programdata\Wondershare Video Converter Ultimate
2012-10-01 03:15 . 2012-10-01 03:15 -------- d-----w- c:\program files\Wondershare
2012-09-30 06:04 . 2012-09-30 06:04 -------- d-----w- c:\users\Roberto\AppData\Roaming\Guitar Pro 6
2012-09-30 06:04 . 2012-09-30 06:04 -------- d-----w- c:\programdata\Guitar Pro 6
2012-09-30 05:06 . 2012-09-30 05:19 -------- d-----w- c:\users\Roberto\guitarpro TABS
2012-09-30 04:47 . 2012-09-30 04:47 -------- d-----w- c:\program files\windows movie maker
2012-09-19 17:01 . 2012-09-19 17:01 -------- d-----w- c:\program files\Common Files\Skype
2012-09-19 17:01 . 2012-09-19 17:01 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 10:46 . 2012-04-17 11:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 10:46 . 2011-05-19 14:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 07:04 . 2012-08-28 06:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-05 01:01 . 2012-09-05 01:01 948012 ----a-w- c:\windows\system32\cyn.exe
2012-08-30 21:14 . 2012-08-30 21:14 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-02 17:05 . 2012-09-12 02:50 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:10 . 2012-08-15 07:18 2344448 ----a-w- c:\windows\system32\win32k.sys
2004-05-14 13:20 . 2012-07-19 09:34 2166784 ----a-w- c:\program files\Topaz_Clav1.dll
2012-09-07 09:12 . 2012-09-07 09:11 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegClean Expert Scheduler"="c:\program files\Registry Clean Expert\RCHelper.exe" [2009-11-08 605944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-28 1039360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2011-03-02 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBOX;Service for Avid Mbox;c:\windows\system32\DRIVERS\AvidMbox.sys [x]
R3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\DRIVERS\AvidMbox_DFU.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files\Avid\Mbox\AudioDevMon.exe [x]
S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files\Avid\Mbox Mini\AudioDevMon.exe [x]
S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files\Avid\Mbox Pro\AudioDevMon.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.57\SymcPCCULaunchSvc.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 10:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/?fr=fp-emptyloop&type=emptyloop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Roberto\AppData\Roaming\Mozilla\Firefox\Profiles\d2wrkfyx.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Steam App 3700 - c:\program files\Steam\steam.exe
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E} - c:\programdata\NexonUS\NGM\NGM.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.57\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.57\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2754979122-2801003134-1501326599-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E1DA5F06-A795-DC83-3D82-C7148ADF485B}*]
"padcgafpendokdjibbcckpbpgfgmhnad"=hex:6a,61,69,66,6a,70,69,6e,70,6c,6a,6d,61,
64,63,63,67,6f,65,68,00,f4
"oancinmialadkdkbfclecjambbfcgp"=hex:6a,61,68,66,62,70,62,6f,6c,6d,62,6a,62,6b,
6a,66,66,62,68,6a,00,f4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(472)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'csrss.exe'(332)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
- - - - - - - > 'csrss.exe'(408)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2012-10-14 22:15:02
ComboFix-quarantined-files.txt 2012-10-14 11:15
.
Pre-Run: 2,305,892,352 bytes free
Post-Run: 12,920,725,504 bytes free
.
- - End Of File - - 81A2083F94202001CBCD9CC2C32C3AFF
  • 0

#8
gringo_pr
Posted 14 October 2012 - 11:37 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Calamari02


That is good news that things are running better but I still want to run these in case something is in the background


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#9
Calamari02
Posted 14 October 2012 - 02:27 PM

Calamari02

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OK so i ran TDSkiller and that found no threats whatsoever. Though when i ran aswMBR, the computer went 'blue screen' on me during the scan. where should i go from here!

cheers Gringo!
  • 0

#10
Calamari02
Posted 14 October 2012 - 02:28 PM

Calamari02

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
My mistake. i did not download the window pop up. BRB!!!!
  • 0

Advertisements

#11
gringo_pr
Posted 14 October 2012 - 02:29 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
:thumbsup:
  • 0

#12
Calamari02
Posted 14 October 2012 - 10:42 PM

Calamari02

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok Gringo,


07:17:36.0671 3332 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:17:37.0681 3332 ============================================================
07:17:37.0681 3332 Current date / time: 2012/10/15 07:17:37.0681
07:17:37.0681 3332 SystemInfo:
07:17:37.0681 3332
07:17:37.0681 3332 OS Version: 6.1.7600 ServicePack: 0.0
07:17:37.0681 3332 Product type: Workstation
07:17:37.0681 3332 ComputerName: ROBERTO-PC
07:17:37.0681 3332 UserName: Roberto
07:17:37.0681 3332 Windows directory: C:\Windows
07:17:37.0681 3332 System windows directory: C:\Windows
07:17:37.0681 3332 Processor architecture: Intel x86
07:17:37.0681 3332 Number of processors: 2
07:17:37.0681 3332 Page size: 0x1000
07:17:37.0681 3332 Boot type: Normal boot
07:17:37.0681 3332 ============================================================
07:17:38.0871 3332 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:17:38.0871 3332 ============================================================
07:17:38.0871 3332 \Device\Harddisk0\DR0:
07:17:38.0871 3332 MBR partitions:
07:17:38.0871 3332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x16DEB800
07:17:38.0871 3332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x16DEC000, BlocksNum 0xE642000
07:17:38.0871 3332 ============================================================
07:17:38.0921 3332 C: <-> \Device\Harddisk0\DR0\Partition1
07:17:38.0961 3332 D: <-> \Device\Harddisk0\DR0\Partition2
07:17:38.0961 3332 ============================================================
07:17:38.0961 3332 Initialize success
07:17:38.0961 3332 ============================================================
07:17:41.0191 0844 ============================================================
07:17:41.0191 0844 Scan started
07:17:41.0191 0844 Mode: Manual;
07:17:41.0191 0844 ============================================================
07:17:43.0051 0844 ================ Scan system memory ========================
07:17:43.0051 0844 System memory - ok
07:17:43.0051 0844 ================ Scan services =============================
07:17:43.0141 0844 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
07:17:43.0151 0844 1394ohci - ok
07:17:43.0161 0844 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
07:17:43.0161 0844 ACPI - ok
07:17:43.0171 0844 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
07:17:43.0181 0844 AcpiPmi - ok
07:17:43.0271 0844 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:17:43.0271 0844 AdobeFlashPlayerUpdateSvc - ok
07:17:43.0301 0844 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:17:43.0311 0844 adp94xx - ok
07:17:43.0331 0844 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:17:43.0341 0844 adpahci - ok
07:17:43.0351 0844 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:17:43.0351 0844 adpu320 - ok
07:17:43.0371 0844 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:17:43.0371 0844 AeLookupSvc - ok
07:17:43.0401 0844 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
07:17:43.0401 0844 AFD - ok
07:17:43.0411 0844 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
07:17:43.0421 0844 agp440 - ok
07:17:43.0431 0844 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
07:17:43.0431 0844 aic78xx - ok
07:17:43.0441 0844 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
07:17:43.0451 0844 ALG - ok
07:17:43.0461 0844 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
07:17:43.0461 0844 aliide - ok
07:17:43.0471 0844 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
07:17:43.0471 0844 amdagp - ok
07:17:43.0491 0844 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
07:17:43.0491 0844 amdide - ok
07:17:43.0501 0844 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:17:43.0501 0844 AmdK8 - ok
07:17:43.0511 0844 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:17:43.0511 0844 AmdPPM - ok
07:17:43.0551 0844 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:17:43.0561 0844 amdsata - ok
07:17:43.0571 0844 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:17:43.0581 0844 amdsbs - ok
07:17:43.0591 0844 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:17:43.0591 0844 amdxata - ok
07:17:43.0601 0844 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
07:17:43.0611 0844 AppID - ok
07:17:43.0611 0844 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:17:43.0621 0844 AppIDSvc - ok
07:17:43.0621 0844 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
07:17:43.0621 0844 Appinfo - ok
07:17:43.0701 0844 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:17:43.0701 0844 Apple Mobile Device - ok
07:17:43.0721 0844 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:17:43.0731 0844 arc - ok
07:17:43.0731 0844 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:17:43.0741 0844 arcsas - ok
07:17:43.0751 0844 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:17:43.0751 0844 AsyncMac - ok
07:17:43.0761 0844 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
07:17:43.0761 0844 atapi - ok
07:17:43.0781 0844 [ 3D8880A2CF21DCC057C8D9A194C41F10 ] AtcL001 C:\Windows\system32\DRIVERS\l160x86.sys
07:17:43.0781 0844 AtcL001 - ok
07:17:43.0811 0844 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:17:43.0811 0844 AudioEndpointBuilder - ok
07:17:43.0821 0844 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:17:43.0831 0844 Audiosrv - ok
07:17:43.0891 0844 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
07:17:43.0891 0844 avgtp - ok
07:17:43.0891 0844 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:17:43.0901 0844 AxInstSV - ok
07:17:43.0921 0844 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
07:17:43.0931 0844 b06bdrv - ok
07:17:43.0941 0844 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
07:17:43.0941 0844 b57nd60x - ok
07:17:43.0981 0844 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
07:17:44.0011 0844 BCM43XX - ok
07:17:44.0011 0844 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
07:17:44.0021 0844 BDESVC - ok
07:17:44.0031 0844 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
07:17:44.0031 0844 Beep - ok
07:17:44.0061 0844 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
07:17:44.0061 0844 BFE - ok
07:17:44.0081 0844 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
07:17:44.0101 0844 BITS - ok
07:17:44.0111 0844 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:17:44.0121 0844 blbdrive - ok
07:17:44.0191 0844 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:17:44.0191 0844 Bonjour Service - ok
07:17:44.0221 0844 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:17:44.0231 0844 bowser - ok
07:17:44.0241 0844 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:17:44.0251 0844 BrFiltLo - ok
07:17:44.0271 0844 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:17:44.0271 0844 BrFiltUp - ok
07:17:44.0301 0844 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:17:44.0311 0844 BridgeMP - ok
07:17:44.0341 0844 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
07:17:44.0341 0844 Browser - ok
07:17:44.0351 0844 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:17:44.0361 0844 Brserid - ok
07:17:44.0371 0844 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:17:44.0381 0844 BrSerWdm - ok
07:17:44.0391 0844 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:17:44.0401 0844 BrUsbMdm - ok
07:17:44.0411 0844 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:17:44.0421 0844 BrUsbSer - ok
07:17:44.0441 0844 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:17:44.0441 0844 BTHMODEM - ok
07:17:44.0451 0844 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
07:17:44.0451 0844 bthserv - ok
07:17:44.0541 0844 catchme - ok
07:17:44.0551 0844 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:17:44.0561 0844 cdfs - ok
07:17:44.0571 0844 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:17:44.0581 0844 cdrom - ok
07:17:44.0601 0844 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
07:17:44.0601 0844 CertPropSvc - ok
07:17:44.0611 0844 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:17:44.0621 0844 circlass - ok
07:17:44.0641 0844 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
07:17:44.0641 0844 CLFS - ok
07:17:44.0691 0844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:17:44.0701 0844 clr_optimization_v2.0.50727_32 - ok
07:17:44.0771 0844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:17:44.0771 0844 clr_optimization_v4.0.30319_32 - ok
07:17:44.0781 0844 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:17:44.0791 0844 CmBatt - ok
07:17:44.0791 0844 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
07:17:44.0801 0844 cmdide - ok
07:17:44.0841 0844 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
07:17:44.0851 0844 CNG - ok
07:17:44.0871 0844 [ 1EF05B641E9A67DED74AC8AD40055DBF ] COMMONFX.DLL C:\Windows\system32\COMMONFX.DLL
07:17:44.0881 0844 COMMONFX.DLL - ok
07:17:44.0901 0844 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:17:44.0911 0844 Compbatt - ok
07:17:44.0921 0844 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
07:17:44.0931 0844 CompositeBus - ok
07:17:44.0931 0844 COMSysApp - ok
07:17:44.0941 0844 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:17:44.0951 0844 crcdisk - ok
07:17:44.0981 0844 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:17:44.0981 0844 CryptSvc - ok
07:17:45.0001 0844 [ 6191A973461852A09D643609E1D5F7C6 ] CT20XUT.DLL C:\Windows\system32\CT20XUT.DLL
07:17:45.0011 0844 CT20XUT.DLL - ok
07:17:45.0061 0844 [ 8AC5F77E30E37D2D11BD99EFF0C53D8C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
07:17:45.0071 0844 ctac32k - ok
07:17:45.0091 0844 [ 673241D314E932F4890509AE8EBF26DB ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
07:17:45.0101 0844 ctaud2k - ok
07:17:45.0121 0844 [ 472B82D7E549E7FAB428852E4D16F21D ] CTAUDFX.DLL C:\Windows\system32\CTAUDFX.DLL
07:17:45.0131 0844 CTAUDFX.DLL - ok
07:17:45.0151 0844 [ ED316D4C3D39C5B6C23DE067E275C183 ] ctdvda2k C:\Windows\system32\drivers\ctdvda2k.sys
07:17:45.0161 0844 ctdvda2k - ok
07:17:45.0191 0844 [ 6A57F82009563AEE8826F117E1D3C72C ] CTEAPSFX.DLL C:\Windows\system32\CTEAPSFX.DLL
07:17:45.0201 0844 CTEAPSFX.DLL - ok
07:17:45.0211 0844 [ C8AC1FFAEADD655193D7B1811A572D8D ] CTEDSPFX.DLL C:\Windows\system32\CTEDSPFX.DLL
07:17:45.0231 0844 CTEDSPFX.DLL - ok
07:17:45.0241 0844 [ 44495D9DAF675257D00B25B041EE6667 ] CTEDSPIO.DLL C:\Windows\system32\CTEDSPIO.DLL
07:17:45.0251 0844 CTEDSPIO.DLL - ok
07:17:45.0261 0844 [ 8E90B1762CB42E2FC76DAC9210C83C66 ] CTEDSPSY.DLL C:\Windows\system32\CTEDSPSY.DLL
07:17:45.0281 0844 CTEDSPSY.DLL - ok
07:17:45.0291 0844 [ D3FBD9983325435B06795F29CB57ED3D ] CTERFXFX.DLL C:\Windows\system32\CTERFXFX.DLL
07:17:45.0301 0844 CTERFXFX.DLL - ok
07:17:45.0341 0844 [ 2C48E9D8CA703964463F27AE341115B7 ] CTEXFIFX.DLL C:\Windows\system32\CTEXFIFX.DLL
07:17:45.0381 0844 CTEXFIFX.DLL - ok
07:17:45.0401 0844 [ F7657C598E7C29C6683C1E4A8DD68884 ] CTHWIUT.DLL C:\Windows\system32\CTHWIUT.DLL
07:17:45.0411 0844 CTHWIUT.DLL - ok
07:17:45.0421 0844 [ 34E7F8A499FD8361DF14FEDB724C0AD3 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
07:17:45.0431 0844 ctprxy2k - ok
07:17:45.0451 0844 [ 679AE21EB7F48A08184813AEBABDEC7C ] CTSBLFX.DLL C:\Windows\system32\CTSBLFX.DLL
07:17:45.0461 0844 CTSBLFX.DLL - ok
07:17:45.0481 0844 [ 32098497CB4DFE9EA7660FA62DD91060 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
07:17:45.0491 0844 ctsfm2k - ok
07:17:45.0511 0844 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
07:17:45.0511 0844 DcomLaunch - ok
07:17:45.0541 0844 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
07:17:45.0541 0844 defragsvc - ok
07:17:45.0581 0844 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:17:45.0581 0844 DfsC - ok
07:17:45.0601 0844 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:17:45.0601 0844 Dhcp - ok
07:17:45.0651 0844 [ F01E90FD68EC3E521FEC29817788061A ] DigiNet C:\Windows\system32\DRIVERS\diginet.sys
07:17:45.0661 0844 DigiNet - ok
07:17:45.0831 0844 DigiRefresh - ok
07:17:45.0971 0844 [ BC14A2EB17BECECE3BD3BB37F2AE682C ] digiSPTIService C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
07:17:45.0981 0844 digiSPTIService - ok
07:17:46.0001 0844 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
07:17:46.0001 0844 discache - ok
07:17:46.0021 0844 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:17:46.0021 0844 Disk - ok
07:17:46.0101 0844 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:17:46.0101 0844 Dnscache - ok
07:17:46.0131 0844 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
07:17:46.0141 0844 dot3svc - ok
07:17:46.0151 0844 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
07:17:46.0151 0844 DPS - ok
07:17:46.0171 0844 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:17:46.0171 0844 drmkaud - ok
07:17:46.0221 0844 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:17:46.0221 0844 dtsoftbus01 - ok
07:17:46.0321 0844 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:17:46.0331 0844 DXGKrnl - ok
07:17:46.0431 0844 EagleXNt - ok
07:17:46.0561 0844 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
07:17:46.0561 0844 EapHost - ok
07:17:46.0791 0844 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
07:17:46.0881 0844 ebdrv - ok
07:17:46.0921 0844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
07:17:46.0921 0844 EFS - ok
07:17:47.0031 0844 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:17:47.0181 0844 ehRecvr - ok
07:17:47.0271 0844 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
07:17:47.0291 0844 ehSched - ok
07:17:47.0371 0844 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:17:47.0421 0844 elxstor - ok
07:17:47.0481 0844 [ 2885F72D2DAFFD0329272F12E16D6579 ] emupia C:\Windows\system32\drivers\emupia2k.sys
07:17:47.0491 0844 emupia - ok
07:17:47.0541 0844 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
07:17:47.0551 0844 ErrDev - ok
07:17:47.0651 0844 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
07:17:47.0651 0844 EventSystem - ok
07:17:47.0701 0844 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
07:17:47.0801 0844 exfat - ok
07:17:47.0831 0844 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:17:47.0831 0844 fastfat - ok
07:17:47.0901 0844 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
07:17:47.0901 0844 Fax - ok
07:17:47.0931 0844 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:17:47.0941 0844 fdc - ok
07:17:47.0961 0844 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
07:17:47.0961 0844 fdPHost - ok
07:17:47.0991 0844 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
07:17:47.0991 0844 FDResPub - ok
07:17:48.0011 0844 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:17:48.0021 0844 FileInfo - ok
07:17:48.0041 0844 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:17:48.0041 0844 Filetrace - ok
07:17:48.0091 0844 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:17:48.0121 0844 flpydisk - ok
07:17:48.0131 0844 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:17:48.0141 0844 FltMgr - ok
07:17:48.0191 0844 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
07:17:48.0211 0844 FontCache - ok
07:17:48.0261 0844 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:17:48.0271 0844 FontCache3.0.0.0 - ok
07:17:48.0281 0844 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:17:48.0281 0844 FsDepends - ok
07:17:48.0321 0844 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:17:48.0331 0844 Fs_Rec - ok
07:17:48.0361 0844 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:17:48.0361 0844 fvevol - ok
07:17:48.0371 0844 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:17:48.0371 0844 gagp30kx - ok
07:17:48.0431 0844 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:17:48.0441 0844 GEARAspiWDM - ok
07:17:48.0481 0844 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
07:17:48.0501 0844 gpsvc - ok
07:17:48.0541 0844 [ DA2C735B66D2E7B739F9A46146581A9D ] ha10kx2k C:\Windows\system32\drivers\ha10kx2k.sys
07:17:48.0561 0844 ha10kx2k - ok
07:17:48.0591 0844 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
07:17:48.0601 0844 hamachi - ok
07:17:48.0611 0844 [ 5C7D6D68796E4621B4168C879908DAE0 ] hap16v2k C:\Windows\system32\drivers\hap16v2k.sys
07:17:48.0621 0844 hap16v2k - ok
07:17:48.0641 0844 [ A595B88AD16D8B5693DDF08113CAF30E ] hap17v2k C:\Windows\system32\drivers\hap17v2k.sys
07:17:48.0651 0844 hap17v2k - ok
07:17:48.0651 0844 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:17:48.0661 0844 hcw85cir - ok
07:17:48.0681 0844 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:17:48.0691 0844 HdAudAddService - ok
07:17:48.0701 0844 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:17:48.0701 0844 HDAudBus - ok
07:17:48.0701 0844 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:17:48.0711 0844 HidBatt - ok
07:17:48.0711 0844 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:17:48.0721 0844 HidBth - ok
07:17:48.0731 0844 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:17:48.0741 0844 HidIr - ok
07:17:48.0751 0844 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
07:17:48.0751 0844 hidserv - ok
07:17:48.0761 0844 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:17:48.0761 0844 HidUsb - ok
07:17:48.0771 0844 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:17:48.0771 0844 hkmsvc - ok
07:17:48.0781 0844 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:17:48.0791 0844 HomeGroupListener - ok
07:17:48.0801 0844 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:17:48.0811 0844 HomeGroupProvider - ok
07:17:48.0811 0844 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
07:17:48.0821 0844 HpSAMD - ok
07:17:48.0841 0844 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:17:48.0841 0844 HTTP - ok
07:17:48.0881 0844 [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
07:17:48.0881 0844 hwdatacard - ok
07:17:48.0891 0844 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:17:48.0891 0844 hwpolicy - ok
07:17:48.0911 0844 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:17:48.0911 0844 i8042prt - ok
07:17:48.0971 0844 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:17:48.0981 0844 iaStorV - ok
07:17:49.0041 0844 [ 66793A4CBE9B5AA07882E3F3622F4FFE ] icsak C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
07:17:49.0041 0844 icsak - ok
07:17:49.0081 0844 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:17:49.0101 0844 idsvc - ok
07:17:49.0111 0844 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:17:49.0121 0844 iirsp - ok
07:17:49.0141 0844 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
07:17:49.0151 0844 IKEEXT - ok
07:17:49.0161 0844 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
07:17:49.0161 0844 intelide - ok
07:17:49.0181 0844 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:17:49.0181 0844 intelppm - ok
07:17:49.0191 0844 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:17:49.0201 0844 IPBusEnum - ok
07:17:49.0201 0844 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:17:49.0211 0844 IpFilterDriver - ok
07:17:49.0231 0844 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:17:49.0241 0844 iphlpsvc - ok
07:17:49.0241 0844 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:17:49.0251 0844 IPMIDRV - ok
07:17:49.0251 0844 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:17:49.0261 0844 IPNAT - ok
07:17:49.0321 0844 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:17:49.0321 0844 iPod Service - ok
07:17:49.0331 0844 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:17:49.0331 0844 IRENUM - ok
07:17:49.0341 0844 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
07:17:49.0341 0844 isapnp - ok
07:17:49.0361 0844 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
07:17:49.0361 0844 iScsiPrt - ok
07:17:49.0391 0844 [ F0DEC1FDC2E67AEDD8CC00B48EEE0D43 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
07:17:49.0391 0844 ISWKL - ok
07:17:49.0421 0844 [ 0D50F54856B569302006F590F56109FA ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
07:17:49.0421 0844 IswSvc - ok
07:17:49.0431 0844 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:17:49.0441 0844 kbdclass - ok
07:17:49.0441 0844 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:17:49.0451 0844 kbdhid - ok
07:17:49.0461 0844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
07:17:49.0461 0844 KeyIso - ok
07:17:49.0491 0844 [ 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
07:17:49.0501 0844 kl1 - ok
07:17:49.0531 0844 [ 7DDE660590C459AAE9CAA3B84FF6549F ] KLIF C:\Windows\system32\DRIVERS\klif.sys
07:17:49.0541 0844 KLIF - ok
07:17:49.0581 0844 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:17:49.0581 0844 KSecDD - ok
07:17:49.0621 0844 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:17:49.0631 0844 KSecPkg - ok
07:17:49.0651 0844 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
07:17:49.0661 0844 KtmRm - ok
07:17:49.0691 0844 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
07:17:49.0701 0844 LanmanServer - ok
07:17:49.0711 0844 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:17:49.0711 0844 LanmanWorkstation - ok
07:17:49.0731 0844 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:17:49.0731 0844 lltdio - ok
07:17:49.0751 0844 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:17:49.0751 0844 lltdsvc - ok
07:17:49.0771 0844 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
07:17:49.0771 0844 lmhosts - ok
07:17:49.0791 0844 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:17:49.0801 0844 LSI_FC - ok
07:17:49.0811 0844 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:17:49.0811 0844 LSI_SAS - ok
07:17:49.0821 0844 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:17:49.0821 0844 LSI_SAS2 - ok
07:17:49.0831 0844 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:17:49.0841 0844 LSI_SCSI - ok
07:17:49.0851 0844 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
07:17:49.0851 0844 luafv - ok
07:17:49.0911 0844 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:17:49.0911 0844 MBAMProtector - ok
07:17:49.0961 0844 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:17:49.0971 0844 MBAMScheduler - ok
07:17:50.0011 0844 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:17:50.0021 0844 MBAMService - ok
07:17:50.0071 0844 [ 87B7DFE7E831186FFA6438B3DE1235D9 ] MBOX C:\Windows\system32\DRIVERS\AvidMbox.sys
07:17:50.0081 0844 MBOX - ok
07:17:50.0151 0844 [ 61E67854128C13FBEA71C7FAC3B822C9 ] MboxAudioDevMon C:\Program Files\Avid\Mbox\AudioDevMon.exe
07:17:50.0171 0844 MboxAudioDevMon - ok
07:17:50.0181 0844 [ EB1867DEC24977FE8FD273A0EF06F87F ] MBOXDFU C:\Windows\system32\DRIVERS\AvidMbox_DFU.sys
07:17:50.0181 0844 MBOXDFU - ok
07:17:50.0231 0844 [ F53519F56E9BC133753D444B930775DA ] MboxMiniAudioDevMon C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe
07:17:50.0241 0844 MboxMiniAudioDevMon - ok
07:17:50.0321 0844 [ B4A6BCEC84AC9C1AADEDB24E2FE531D8 ] MboxProAudioDevMon C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe
07:17:50.0331 0844 MboxProAudioDevMon - ok
07:17:50.0411 0844 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
07:17:50.0421 0844 McComponentHostService - ok
07:17:50.0441 0844 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:17:50.0441 0844 Mcx2Svc - ok
07:17:50.0451 0844 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:17:50.0461 0844 megasas - ok
07:17:50.0481 0844 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:17:50.0491 0844 MegaSR - ok
07:17:50.0541 0844 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:17:50.0551 0844 Microsoft Office Groove Audit Service - ok
07:17:50.0582 0844 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
07:17:50.0582 0844 MMCSS - ok
07:17:50.0592 0844 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
07:17:50.0592 0844 Modem - ok
07:17:50.0612 0844 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:17:50.0612 0844 monitor - ok
07:17:50.0622 0844 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:17:50.0622 0844 mouclass - ok
07:17:50.0632 0844 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:17:50.0632 0844 mouhid - ok
07:17:50.0652 0844 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:17:50.0652 0844 mountmgr - ok
07:17:50.0712 0844 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:17:50.0712 0844 MozillaMaintenance - ok
07:17:50.0732 0844 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
07:17:50.0732 0844 mpio - ok
07:17:50.0752 0844 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:17:50.0752 0844 mpsdrv - ok
07:17:50.0772 0844 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
07:17:50.0782 0844 MpsSvc - ok
07:17:50.0792 0844 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:17:50.0802 0844 MRxDAV - ok
07:17:50.0842 0844 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:17:50.0842 0844 mrxsmb - ok
07:17:50.0882 0844 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:17:50.0882 0844 mrxsmb10 - ok
07:17:50.0922 0844 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:17:50.0932 0844 mrxsmb20 - ok
07:17:50.0942 0844 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
07:17:50.0952 0844 msahci - ok
07:17:50.0952 0844 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
07:17:50.0962 0844 msdsm - ok
07:17:50.0972 0844 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
07:17:50.0992 0844 MSDTC - ok
07:17:51.0002 0844 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:17:51.0012 0844 Msfs - ok
07:17:51.0022 0844 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:17:51.0022 0844 mshidkmdf - ok
07:17:51.0032 0844 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
07:17:51.0032 0844 msisadrv - ok
07:17:51.0052 0844 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:17:51.0062 0844 MSiSCSI - ok
07:17:51.0072 0844 msiserver - ok
07:17:51.0092 0844 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:17:51.0092 0844 MSKSSRV - ok
07:17:51.0102 0844 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:17:51.0102 0844 MSPCLOCK - ok
07:17:51.0122 0844 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:17:51.0122 0844 MSPQM - ok
07:17:51.0142 0844 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:17:51.0152 0844 MsRPC - ok
07:17:51.0162 0844 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:17:51.0162 0844 mssmbios - ok
07:17:51.0172 0844 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:17:51.0182 0844 MSTEE - ok
07:17:51.0192 0844 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:17:51.0192 0844 MTConfig - ok
07:17:51.0232 0844 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
07:17:51.0242 0844 MTsensor - ok
07:17:51.0242 0844 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
07:17:51.0252 0844 Mup - ok
07:17:51.0272 0844 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
07:17:51.0282 0844 napagent - ok
07:17:51.0292 0844 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:17:51.0302 0844 NativeWifiP - ok
07:17:51.0332 0844 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:17:51.0342 0844 NDIS - ok
07:17:51.0342 0844 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:17:51.0352 0844 NdisCap - ok
07:17:51.0362 0844 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:17:51.0362 0844 NdisTapi - ok
07:17:51.0372 0844 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:17:51.0372 0844 Ndisuio - ok
07:17:51.0382 0844 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:17:51.0392 0844 NdisWan - ok
07:17:51.0402 0844 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:17:51.0402 0844 NDProxy - ok
07:17:51.0442 0844 [ 7AFD0E39AB15CB355487B7CC19F4E2C5 ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
07:17:51.0442 0844 Netaapl - ok
07:17:51.0452 0844 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:17:51.0462 0844 NetBIOS - ok
07:17:51.0472 0844 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:17:51.0472 0844 NetBT - ok
07:17:51.0492 0844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
07:17:51.0492 0844 Netlogon - ok
07:17:51.0512 0844 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
07:17:51.0512 0844 Netman - ok
07:17:51.0532 0844 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
07:17:51.0532 0844 netprofm - ok
07:17:51.0562 0844 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:17:51.0562 0844 NetTcpPortSharing - ok
07:17:51.0572 0844 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:17:51.0582 0844 nfrd960 - ok
07:17:51.0722 0844 [ 25C774E9C3AB49C741FD413857CCE6C6 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
07:17:51.0742 0844 NIHardwareService - ok
07:17:51.0762 0844 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
07:17:51.0762 0844 NlaSvc - ok
07:17:51.0802 0844 Norton PC Checkup Application Launcher - ok
07:17:51.0842 0844 [ 9865516D33BC66FDDAC9DB4087D4B6AA ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
07:17:51.0842 0844 nosGetPlusHelper - ok
07:17:51.0852 0844 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:17:51.0862 0844 Npfs - ok
07:17:51.0872 0844 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
07:17:51.0882 0844 nsi - ok
07:17:51.0882 0844 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:17:51.0882 0844 nsiproxy - ok
07:17:51.0942 0844 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:17:51.0992 0844 Ntfs - ok
07:17:52.0002 0844 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
07:17:52.0002 0844 Null - ok
07:17:52.0212 0844 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:17:52.0452 0844 nvlddmkm - ok
07:17:52.0482 0844 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:17:52.0492 0844 nvraid - ok
07:17:52.0532 0844 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:17:52.0542 0844 nvstor - ok
07:17:52.0552 0844 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
07:17:52.0562 0844 nv_agp - ok
07:17:52.0622 0844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:17:52.0632 0844 odserv - ok
07:17:52.0632 0844 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
07:17:52.0642 0844 ohci1394 - ok
07:17:52.0662 0844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:17:52.0672 0844 ose - ok
07:17:52.0682 0844 [ 61C85AFEAA6EF0C1B32D43F84F7BFBCF ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
07:17:52.0692 0844 ossrv - ok
07:17:52.0722 0844 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:17:52.0722 0844 p2pimsvc - ok
07:17:52.0732 0844 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
07:17:52.0742 0844 p2psvc - ok
07:17:52.0762 0844 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:17:52.0762 0844 Parport - ok
07:17:52.0802 0844 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:17:52.0812 0844 partmgr - ok
07:17:52.0822 0844 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
07:17:52.0822 0844 Parvdm - ok
07:17:52.0842 0844 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:17:52.0842 0844 PcaSvc - ok
07:17:52.0842 0844 PCCUJobMgr - ok
07:17:52.0862 0844 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
07:17:52.0862 0844 pci - ok
07:17:52.0872 0844 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
07:17:52.0882 0844 pciide - ok
07:17:52.0882 0844 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:17:52.0892 0844 pcmcia - ok
07:17:52.0912 0844 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
07:17:52.0912 0844 pcw - ok
07:17:52.0932 0844 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:17:52.0962 0844 PEAUTH - ok
07:17:53.0002 0844 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
07:17:53.0052 0844 pla - ok
07:17:53.0102 0844 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:17:53.0112 0844 PlugPlay - ok
07:17:53.0122 0844 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:17:53.0132 0844 PNRPAutoReg - ok
07:17:53.0172 0844 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:17:53.0182 0844 PNRPsvc - ok
07:17:53.0262 0844 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:17:53.0272 0844 PolicyAgent - ok
07:17:53.0292 0844 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
07:17:53.0292 0844 Power - ok
07:17:53.0302 0844 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:17:53.0312 0844 PptpMiniport - ok
07:17:53.0322 0844 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:17:53.0332 0844 Processor - ok
07:17:53.0372 0844 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
07:17:53.0372 0844 ProfSvc - ok
07:17:53.0382 0844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:17:53.0382 0844 ProtectedStorage - ok
07:17:53.0392 0844 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:17:53.0392 0844 Psched - ok
07:17:53.0442 0844 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:17:53.0482 0844 ql2300 - ok
07:17:53.0502 0844 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:17:53.0512 0844 ql40xx - ok
07:17:53.0522 0844 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
07:17:53.0532 0844 QWAVE - ok
07:17:53.0542 0844 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:17:53.0552 0844 QWAVEdrv - ok
07:17:53.0562 0844 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:17:53.0562 0844 RasAcd - ok
07:17:53.0582 0844 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:17:53.0592 0844 RasAgileVpn - ok
07:17:53.0602 0844 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
07:17:53.0612 0844 RasAuto - ok
07:17:53.0622 0844 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:17:53.0632 0844 Rasl2tp - ok
07:17:53.0652 0844 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
07:17:53.0662 0844 RasMan - ok
07:17:53.0672 0844 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:17:53.0682 0844 RasPppoe - ok
07:17:53.0682 0844 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:17:53.0692 0844 RasSstp - ok
07:17:53.0702 0844 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:17:53.0712 0844 rdbss - ok
07:17:53.0732 0844 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:17:53.0732 0844 rdpbus - ok
07:17:53.0752 0844 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:17:53.0752 0844 RDPCDD - ok
07:17:53.0752 0844 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:17:53.0762 0844 RDPENCDD - ok
07:17:53.0762 0844 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:17:53.0762 0844 RDPREFMP - ok
07:17:53.0802 0844 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:17:53.0812 0844 RDPWD - ok
07:17:53.0822 0844 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:17:53.0832 0844 rdyboost - ok
07:17:53.0852 0844 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
07:17:53.0862 0844 RemoteAccess - ok
07:17:53.0862 0844 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:17:53.0872 0844 RemoteRegistry - ok
07:17:53.0882 0844 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:17:53.0882 0844 RpcEptMapper - ok
07:17:53.0902 0844 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
07:17:53.0912 0844 RpcLocator - ok
07:17:53.0932 0844 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
07:17:53.0932 0844 RpcSs - ok
07:17:53.0942 0844 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:17:53.0952 0844 rspndr - ok
07:17:53.0962 0844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
07:17:53.0962 0844 SamSs - ok
07:17:53.0982 0844 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
07:17:53.0982 0844 sbp2port - ok
07:17:53.0992 0844 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:17:54.0002 0844 SCardSvr - ok
07:17:54.0012 0844 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:17:54.0022 0844 scfilter - ok
07:17:54.0072 0844 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
07:17:54.0092 0844 Schedule - ok
07:17:54.0102 0844 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:17:54.0102 0844 SCPolicySvc - ok
07:17:54.0112 0844 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:17:54.0122 0844 SDRSVC - ok
07:17:54.0132 0844 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:17:54.0142 0844 secdrv - ok
07:17:54.0152 0844 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
07:17:54.0152 0844 seclogon - ok
07:17:54.0162 0844 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
07:17:54.0172 0844 SENS - ok
07:17:54.0192 0844 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:17:54.0192 0844 SensrSvc - ok
07:17:54.0202 0844 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:17:54.0212 0844 Serenum - ok
07:17:54.0222 0844 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:17:54.0232 0844 Serial - ok
07:17:54.0242 0844 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:17:54.0242 0844 sermouse - ok
07:17:54.0272 0844 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
07:17:54.0272 0844 SessionEnv - ok
07:17:54.0282 0844 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
07:17:54.0282 0844 sffdisk - ok
07:17:54.0302 0844 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:17:54.0302 0844 sffp_mmc - ok
07:17:54.0312 0844 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
07:17:54.0322 0844 sffp_sd - ok
07:17:54.0332 0844 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:17:54.0332 0844 sfloppy - ok
07:17:54.0372 0844 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:17:54.0382 0844 SharedAccess - ok
07:17:54.0402 0844 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:17:54.0412 0844 ShellHWDetection - ok
07:17:54.0422 0844 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
07:17:54.0432 0844 sisagp - ok
07:17:54.0442 0844 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:17:54.0442 0844 SiSRaid2 - ok
07:17:54.0452 0844 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:17:54.0452 0844 SiSRaid4 - ok
07:17:54.0502 0844 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:17:54.0502 0844 SkypeUpdate - ok
07:17:54.0512 0844 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:17:54.0512 0844 Smb - ok
07:17:54.0532 0844 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:17:54.0542 0844 SNMPTRAP - ok
07:17:54.0542 0844 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
07:17:54.0542 0844 spldr - ok
07:17:54.0582 0844 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
07:17:54.0593 0844 Spooler - ok
07:17:54.0653 0844 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
07:17:54.0673 0844 sppsvc - ok
07:17:54.0693 0844 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:17:54.0703 0844 sppuinotify - ok
07:17:54.0743 0844 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:17:54.0753 0844 srv - ok
07:17:54.0783 0844 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:17:54.0793 0844 srv2 - ok
07:17:54.0823 0844 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:17:54.0833 0844 srvnet - ok
07:17:54.0843 0844 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:17:54.0853 0844 SSDPSRV - ok
07:17:54.0863 0844 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:17:54.0863 0844 SstpSvc - ok
07:17:54.0873 0844 Steam Client Service - ok
07:17:54.0883 0844 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:17:54.0893 0844 stexstor - ok
07:17:54.0923 0844 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
07:17:54.0943 0844 StiSvc - ok
07:17:54.0953 0844 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:17:54.0963 0844 swenum - ok
07:17:54.0983 0844 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
07:17:54.0993 0844 swprv - ok
07:17:55.0023 0844 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
07:17:55.0033 0844 SysMain - ok
07:17:55.0053 0844 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:17:55.0053 0844 TabletInputService - ok
07:17:55.0063 0844 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
07:17:55.0073 0844 TapiSrv - ok
07:17:55.0093 0844 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
07:17:55.0093 0844 TBS - ok
07:17:55.0153 0844 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:17:55.0193 0844 Tcpip - ok
07:17:55.0223 0844 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:17:55.0223 0844 TCPIP6 - ok
07:17:55.0243 0844 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:17:55.0243 0844 tcpipreg - ok
07:17:55.0263 0844 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:17:55.0263 0844 TDPIPE - ok
07:17:55.0303 0844 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:17:55.0303 0844 TDTCP - ok
07:17:55.0323 0844 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:17:55.0323 0844 tdx - ok
07:17:55.0333 0844 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:17:55.0343 0844 TermDD - ok
07:17:55.0373 0844 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
07:17:55.0373 0844 TermService - ok
07:17:55.0383 0844 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
07:17:55.0393 0844 Themes - ok
07:17:55.0403 0844 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
07:17:55.0403 0844 THREADORDER - ok
07:17:55.0433 0844 [ 409A577FD5781C717E55A28717514C58 ] TPkd C:\Windows\system32\drivers\TPkd.sys
07:17:55.0433 0844 TPkd - ok
07:17:55.0443 0844 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
07:17:55.0443 0844 TrkWks - ok
07:17:55.0483 0844 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:17:55.0483 0844 TrustedInstaller - ok
07:17:55.0493 0844 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:17:55.0503 0844 tssecsrv - ok
07:17:55.0513 0844 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:17:55.0513 0844 tunnel - ok
07:17:55.0533 0844 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:17:55.0533 0844 uagp35 - ok
07:17:55.0553 0844 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:17:55.0563 0844 udfs - ok
07:17:55.0573 0844 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:17:55.0583 0844 UI0Detect - ok
07:17:55.0603 0844 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
07:17:55.0603 0844 uliagpkx - ok
07:17:55.0633 0844 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:17:55.0633 0844 umbus - ok
07:17:55.0643 0844 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:17:55.0653 0844 UmPass - ok
07:17:55.0673 0844 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
07:17:55.0673 0844 upnphost - ok
07:17:55.0703 0844 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
07:17:55.0713 0844 USBAAPL - ok
07:17:55.0743 0844 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
07:17:55.0753 0844 usbaudio - ok
07:17:55.0783 0844 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:17:55.0783 0844 usbccgp - ok
07:17:55.0793 0844 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
07:17:55.0793 0844 usbcir - ok
07:17:55.0833 0844 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:17:55.0843 0844 usbehci - ok
07:17:55.0853 0844 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:17:55.0863 0844 usbhub - ok
07:17:55.0883 0844 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:17:55.0883 0844 usbohci - ok
07:17:55.0893 0844 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:17:55.0903 0844 usbprint - ok
07:17:55.0933 0844 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:17:55.0943 0844 usbscan - ok
07:17:55.0953 0844 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:17:55.0963 0844 USBSTOR - ok
07:17:55.0973 0844 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:17:55.0983 0844 usbuhci - ok
07:17:56.0033 0844 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
07:17:56.0043 0844 usbvideo - ok
07:17:56.0053 0844 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
07:17:56.0053 0844 UxSms - ok
07:17:56.0063 0844 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
07:17:56.0063 0844 VaultSvc - ok
07:17:56.0073 0844 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
07:17:56.0083 0844 vdrvroot - ok
07:17:56.0093 0844 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
07:17:56.0113 0844 vds - ok
07:17:56.0123 0844 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:17:56.0123 0844 vga - ok
07:17:56.0133 0844 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:17:56.0133 0844 VgaSave - ok
07:17:56.0143 0844 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
07:17:56.0153 0844 vhdmp - ok
07:17:56.0153 0844 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
07:17:56.0163 0844 viaagp - ok
07:17:56.0163 0844 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
07:17:56.0173 0844 ViaC7 - ok
07:17:56.0173 0844 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
07:17:56.0183 0844 viaide - ok
07:17:56.0193 0844 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
07:17:56.0193 0844 volmgr - ok
07:17:56.0213 0844 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:17:56.0213 0844 volmgrx - ok
07:17:56.0233 0844 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
07:17:56.0243 0844 volsnap - ok
07:17:56.0293 0844 [ E7ABA26A028A78C1AA759BB794F6E9EE ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
07:17:56.0293 0844 Vsdatant - ok
07:17:56.0303 0844 vsmon - ok
07:17:56.0313 0844 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:17:56.0323 0844 vsmraid - ok
07:17:56.0363 0844 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
07:17:56.0403 0844 VSS - ok
07:17:56.0523 0844 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
07:17:56.0523 0844 vToolbarUpdater12.2.6 - ok
07:17:56.0533 0844 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:17:56.0533 0844 vwifibus - ok
07:17:56.0543 0844 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:17:56.0553 0844 vwififlt - ok
07:17:56.0563 0844 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
07:17:56.0573 0844 W32Time - ok
07:17:56.0583 0844 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:17:56.0593 0844 WacomPen - ok
07:17:56.0613 0844 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:17:56.0613 0844 WANARP - ok
07:17:56.0623 0844 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:17:56.0623 0844 Wanarpv6 - ok
07:17:56.0683 0844 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:17:56.0683 0844 WatAdminSvc - ok
07:17:56.0723 0844 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
07:17:56.0783 0844 wbengine - ok
07:17:56.0793 0844 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:17:56.0803 0844 WbioSrvc - ok
07:17:56.0843 0844 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:17:56.0853 0844 wcncsvc - ok
07:17:56.0853 0844 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:17:56.0863 0844 WcsPlugInService - ok
07:17:56.0873 0844 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:17:56.0873 0844 Wd - ok
07:17:56.0893 0844 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:17:56.0903 0844 Wdf01000 - ok
07:17:56.0913 0844 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:17:56.0913 0844 WdiServiceHost - ok
07:17:56.0923 0844 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:17:56.0923 0844 WdiSystemHost - ok
07:17:56.0963 0844 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
07:17:56.0973 0844 WebClient - ok
07:17:56.0993 0844 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:17:57.0003 0844 Wecsvc - ok
07:17:57.0013 0844 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:17:57.0013 0844 wercplsupport - ok
07:17:57.0023 0844 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
07:17:57.0033 0844 WerSvc - ok
07:17:57.0053 0844 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:17:57.0063 0844 WfpLwf - ok
07:17:57.0063 0844 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:17:57.0073 0844 WIMMount - ok
07:17:57.0113 0844 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:17:57.0133 0844 WinDefend - ok
07:17:57.0133 0844 WinHttpAutoProxySvc - ok
07:17:57.0173 0844 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:17:57.0183 0844 Winmgmt - ok
07:17:57.0213 0844 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
07:17:57.0223 0844 WinRM - ok
07:17:57.0253 0844 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:17:57.0263 0844 WinUsb - ok
07:17:57.0293 0844 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:17:57.0313 0844 Wlansvc - ok
07:17:57.0413 0844 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:17:57.0423 0844 wlidsvc - ok
07:17:57.0443 0844 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:17:57.0443 0844 WmiAcpi - ok
07:17:57.0463 0844 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:17:57.0473 0844 wmiApSrv - ok
07:17:57.0513 0844 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:17:57.0523 0844 WMPNetworkSvc - ok
07:17:57.0533 0844 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:17:57.0543 0844 WPCSvc - ok
07:17:57.0553 0844 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:17:57.0553 0844 WPDBusEnum - ok
07:17:57.0563 0844 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:17:57.0573 0844 ws2ifsl - ok
07:17:57.0603 0844 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
07:17:57.0603 0844 wscsvc - ok
07:17:57.0603 0844 WSearch - ok
07:17:57.0683 0844 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
07:17:57.0723 0844 wuauserv - ok
07:17:57.0743 0844 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:17:57.0743 0844 WudfPf - ok
07:17:57.0763 0844 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:17:57.0773 0844 WUDFRd - ok
07:17:57.0793 0844 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:17:57.0793 0844 wudfsvc - ok
07:17:57.0813 0844 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
07:17:57.0823 0844 WwanSvc - ok
07:17:57.0853 0844 YahooAUService - ok
07:17:57.0863 0844 ================ Scan global ===============================
07:17:57.0883 0844 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
07:17:57.0923 0844 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
07:17:57.0923 0844 [ 43B34CADB516800794BDF486E493ED32 ] C:\Windows\system32\winsrv.dll
07:17:57.0953 0844 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:17:57.0973 0844 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:17:57.0973 0844 [Global] - ok
07:17:57.0973 0844 ================ Scan MBR ==================================
07:17:57.0983 0844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:17:58.0163 0844 \Device\Harddisk0\DR0 - ok
07:17:58.0163 0844 ================ Scan VBR ==================================
07:17:58.0173 0844 [ 55DB899A98CAD73C9EE829A169BB632E ] \Device\Harddisk0\DR0\Partition1
07:17:58.0173 0844 \Device\Harddisk0\DR0\Partition1 - ok
07:17:58.0193 0844 [ 47CC45CABC05B137C1869DB1740C9F2A ] \Device\Harddisk0\DR0\Partition2
07:17:58.0193 0844 \Device\Harddisk0\DR0\Partition2 - ok
07:17:58.0193 0844 ============================================================
07:17:58.0193 0844 Scan finished
07:17:58.0193 0844 ============================================================
07:17:58.0203 2324 Detected object count: 0
07:17:58.0203 2324 Actual detected object count: 0
07:18:26.0135 3888 Deinitialize success
====================================================================================================================================


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 07:28:32
-----------------------------
07:28:32.593 OS Version: Windows 6.1.7600
07:28:32.593 Number of processors: 2 586 0xF0B
07:28:32.593 ComputerName: ROBERTO-PC UserName: Roberto
07:28:33.092 Initialize success
07:35:45.974 AVAST engine defs: 12101401
07:36:15.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:36:15.336 Disk 0 Vendor: WDC_WD3200AAKS-00VYA0 12.01B02 Size: 305245MB BusType: 3
07:36:15.351 Disk 0 MBR read successfully
07:36:15.351 Disk 0 MBR scan
07:36:15.351 Disk 0 Windows 7 default MBR code
07:36:15.367 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 187351 MB offset 2048
07:36:15.382 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 117892 MB offset 383696896
07:36:15.398 Disk 0 scanning sectors +625139712
07:36:15.460 Disk 0 scanning C:\Windows\system32\drivers
07:36:25.288 Service scanning
07:36:41.263 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
07:36:44.227 Modules scanning
07:36:50.327 Disk 0 trace - called modules:
07:36:50.342 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
07:36:50.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86597740]
07:36:50.358 3 CLASSPNP.SYS[8b59a59e] -> nt!IofCallDriver -> [0x860d2918]
07:36:50.373 5 ACPI.sys[83a3a3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x864c0030]
07:36:51.278 AVAST engine scan C:\Windows
07:36:55.818 AVAST engine scan C:\Windows\system32
07:39:49.746 AVAST engine scan C:\Windows\system32\drivers
07:40:03.084 AVAST engine scan C:\Users\Roberto
07:42:32.158 File: C:\Users\Roberto\AppData\Local\TempBu\pinit.exe **INFECTED** Win32:Malware-gen
07:42:32.314 File: C:\Users\Roberto\AppData\Local\TempGgc\ggck.exe **INFECTED** Win32:Malware-gen
07:42:33.656 File: C:\Users\Roberto\AppData\Local\TempNd\ndck.exe **INFECTED** Win32:Malware-gen
07:42:33.781 File: C:\Users\Roberto\AppData\Local\TempWf\MyFunCards.exe **INFECTED** Win32:Adware-gen [Adw]
07:42:33.890 File: C:\Users\Roberto\AppData\Local\TempWf\wfchecker.exe **INFECTED** Win32:Malware-gen
07:42:34.935 File: C:\Users\Roberto\AppData\Local\TempYtpk\ytock.exe **INFECTED** Win32:Malware-gen
07:47:28.418 File: C:\Users\Roberto\Downloads\Plug-Ins\StudioDevil.Amp.Modeler.Pro.VST.RTAS.v1.1.Incl.Keygen-AiR\StudioDevil.Amp.Modeler.Pro.VST.RTAS.v1.1.Incl\a-amp11\Keygen.exe **INFECTED** Win32:Malware-gen
07:50:17.133 AVAST engine scan C:\ProgramData
07:51:30.546 Scan finished successfully
15:40:09.096 Disk 0 MBR has been saved successfully to "C:\Users\Roberto\Desktop\MBR.dat"
15:40:09.103 The log file has been saved successfully to "C:\Users\Roberto\Desktop\aswMBR.txt"
  • 0

#13
gringo_pr
Posted 14 October 2012 - 10:54 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

File::
C:\Users\Roberto\AppData\Local\TempBu\pinit.exe
C:\Users\Roberto\AppData\Local\TempGgc\ggck.exe
C:\Users\Roberto\AppData\Local\TempNd\ndck.exe
C:\Users\Roberto\AppData\Local\TempWf\MyFunCards.exe
C:\Users\Roberto\AppData\Local\TempWf\wfchecker.exe
C:\Users\Roberto\AppData\Local\TempYtpk\ytock.exe
C:\Users\Roberto\Downloads\Plug-Ins\StudioDevil.Amp.Modeler.Pro.VST.RTAS.v1.1.Incl.Keygen-AiR\StudioDevil.Amp.Modeler.Pro.VST.RTAS.v1.1.Incl\a-amp11\Keygen.exe
c:\windows\system32\cyn.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#14
gringo_pr
Posted 18 October 2012 - 06:21 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#15
gringo_pr
Posted 20 October 2012 - 10:53 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP