Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lagging internet eg. video streaming [Solved]

Started by mmblvanna , Nov 11 2012 11:59 PM

  • This topic is locked This topic is locked

#1
mmblvanna
Posted 11 November 2012 - 11:59 PM

mmblvanna

    Member

  • Member
  • PipPip
  • 43 posts
hello there fellow geeks, i've been having trouble with my internet (video streaming) lagging!

I've been through the network forum and i have been directed here to see if i can get any extra help :help: please?

Video streaming via youtube in firefox, seems to be lagging, every couple of seconds the video lags but the audio plays perfect then the video jumps to where it should be and making my viewing so annoying! and within these few seconds it will lag for 2 to 4 seconds then a big lag comes along and pause for 5 to 10 seconds, but if i use IE it works perfectly! until i move the mouse then it starts to lag...?

So i've been directed here to sus out if i have a malware infection?

here is the link to my topic i made earlier to find the problem! http://www.geekstogo...gging-internet/

and also here is my OTL report! Do i need to post the 'Extras.txt' log too?

OTL logfile created on: 11/12/2012 4:37:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 38.27% Memory free
8.00 Gb Paging File | 5.40 Gb Available in Paging File | 67.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.44 Gb Total Space | 119.48 Gb Free Space | 12.98% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/12 16:37:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2012/11/05 15:26:13 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/31 09:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 09:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/25 04:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/10 17:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/04/04 16:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 23:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/10/15 10:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/05 15:26:12 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/25 04:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/31 09:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/09/08 16:29:57 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/07/04 17:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/04 02:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/03/05 12:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 12:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/05 15:26:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/25 04:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 16:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/04 00:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/13 04:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 10:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/31 09:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/31 09:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/31 09:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/31 09:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/31 09:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/16 02:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/04 17:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 16:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 16:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/05 17:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 01:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011/12/08 15:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/23 03:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 08:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/01 21:16:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/15 09:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 09:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/12 19:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/04 22:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/18 09:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/16 01:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2010/07/15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3765E138-6F23-4491-9F08-937AC5391C1C}
IE:64bit: - HKLM\..\SearchScopes\{3765E138-6F23-4491-9F08-937AC5391C1C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CCAFB190-2D71-4AEB-A46B-E873C1F20946}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FE275E0F-F725-463F-A1A1-96FBF47D9195}: "URL" = http://au.search.yah...psg&type=CPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE - HKLM\..\SearchScopes,DefaultScope = {3765E138-6F23-4491-9F08-937AC5391C1C}
IE - HKLM\..\SearchScopes\{3765E138-6F23-4491-9F08-937AC5391C1C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{CCAFB190-2D71-4AEB-A46B-E873C1F20946}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{FE275E0F-F725-463F-A1A1-96FBF47D9195}: "URL" = http://au.search.yah...psg&type=CPDTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3765E138-6F23-4491-9F08-937AC5391C1C}
IE - HKCU\..\SearchScopes\{3765E138-6F23-4491-9F08-937AC5391C1C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{CCAFB190-2D71-4AEB-A46B-E873C1F20946}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{FE275E0F-F725-463F-A1A1-96FBF47D9195}: "URL" = http://au.search.yah...psg&type=CPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Chambers (UK)"
FF - prefs.js..browser.startup.homepage: "http://www.xbox360iso.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:3.8.12
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.9
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.19
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: [email protected]:4.0.2
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledAddons: Noia4Options@ArisT2:1.7.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.40
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.6
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.16.0.3
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.6
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1474
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.556
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.556
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/09 14:09:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/05 10:58:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/07 17:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/05 11:07:07 | 000,000,000 | ---D | M]

[2011/05/18 21:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2012/11/08 19:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions
[2012/11/07 17:21:27 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/10/04 18:21:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/04 12:26:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/02 21:52:52 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/11/04 11:48:25 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/10/20 09:24:17 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/10/11 19:25:34 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/11/04 11:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\chrome\content\extensionCode
[2012/08/28 18:52:24 | 000,070,902 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/08/18 09:32:52 | 000,237,291 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/10/26 17:54:13 | 000,154,926 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/11/05 13:32:54 | 000,065,957 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/05/26 18:42:20 | 000,009,880 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/11/08 19:09:37 | 000,342,379 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/11/05 09:46:13 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/05 13:26:42 | 002,278,298 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2012/10/01 17:07:48 | 000,061,406 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/10/26 17:54:13 | 000,377,191 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/08/31 20:47:00 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/07/25 21:10:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/26 17:50:57 | 001,556,566 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2012/11/07 17:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/05 11:07:05 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/11/05 11:07:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/11/05 10:58:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/10/25 04:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/10 04:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/10/25 04:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/25 04:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: AVG Safe Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Coupon Companion = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\crossrider
CHR - Extension: Coupon Companion = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: OneClickDownload = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.1_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Download with x-iphone-magic-platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Download with x-iphone-magic-platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7764AD97-E3EF-4470-9C26-51025DBBF768}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7764AD97-E3EF-4470-9C26-51025DBBF768}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/08 19:04:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/11/08 19:01:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/08 19:00:27 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/11/08 18:56:30 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/11/08 18:56:12 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/11/08 18:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/11/08 18:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/11/07 17:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/05 15:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/11/05 11:26:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/05 11:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/05 10:59:16 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/11/05 10:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/05 10:59:15 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/11/05 10:59:07 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/11/05 10:59:03 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/11/05 10:59:00 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/11/05 10:58:58 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/11/05 10:58:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/05 10:58:17 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/11/05 10:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/05 10:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/05 10:43:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2012/11/04 11:48:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Coupon Companion
[2012/11/04 11:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion
[2012/11/04 11:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/01 21:16:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/12 16:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/12 16:01:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/11 19:36:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 19:36:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/11 19:34:38 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/11 19:34:38 | 000,628,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/11 19:34:38 | 000,110,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/11 19:33:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/11 19:29:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/11 19:29:28 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/09 17:42:56 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuser.job
[2012/11/08 19:01:47 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/11/08 18:57:12 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-USER-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/11/08 18:56:05 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/11/08 04:35:41 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/07 17:08:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/05 10:59:16 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/05 10:58:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/31 09:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/31 09:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/31 09:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/31 09:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/31 09:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/31 09:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/31 09:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/31 09:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/16 02:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/08 18:57:12 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-USER-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/11/08 18:56:05 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/11/07 17:08:28 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/07 17:08:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/05 15:26:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 10:59:16 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/04 16:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/04 16:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/06/10 11:56:47 | 000,007,598 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2012/04/29 15:10:21 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/04/23 15:31:59 | 000,074,703 | ---- | C] () -- C:\Windows\SysWOW64mfc45.dll
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/25 14:07:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/24 21:13:14 | 000,008,192 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 18:03:27 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/13 09:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/17 21:48:32 | 000,000,000 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
[2011/06/13 10:07:42 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/06/13 10:07:42 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/06/13 10:07:42 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/06/13 10:07:42 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/06/13 10:07:42 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/06/12 17:54:30 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2011/06/12 17:54:30 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE
[2011/06/12 17:54:19 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/06/01 21:18:00 | 000,001,044 | ---- | C] () -- C:\Users\user\AppData\Roaming\vso_ts_preview.xml
[2011/06/01 21:16:58 | 000,099,384 | ---- | C] () -- C:\Users\user\AppData\Roaming\inst.exe
[2011/06/01 21:16:58 | 000,007,859 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2011/06/01 21:16:58 | 000,001,167 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf
[2011/06/01 21:11:28 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/05/22 18:21:21 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/07 00:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010/11/26 16:22:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/22 10:18:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\abgx360
[2011/06/19 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2012/11/09 17:41:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
[2011/05/08 22:42:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BoneTown
[2011/10/24 19:09:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CompanionLink
[2011/04/05 15:18:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FloodLightGames
[2011/04/19 10:01:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\funkitron
[2011/06/26 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GARMIN
[2011/06/12 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2011/05/02 18:39:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Guitar Pro 6
[2011/06/10 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2011/06/03 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MPEG Streamclip
[2011/04/23 10:47:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011/03/02 07:32:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PictureMover
[2012/08/22 21:06:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Remote PC Server
[2011/04/22 10:58:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RipIt4Me
[2011/10/24 18:42:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2012/04/23 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2011/05/22 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
[2012/11/04 11:20:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vso
[2011/12/25 19:52:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2011/04/11 10:44:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangentv1002
[2011/04/04 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinBatch
[2011/06/02 22:32:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2011/06/19 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xbins
[2012/07/22 20:46:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xilisoft
[2011/10/10 17:30:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:30FD0CBD

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 12 November 2012 - 11:01 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 1

#3
mmblvanna
Posted 13 November 2012 - 02:06 AM

mmblvanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello fellow ringo, thank you for your time to help me, here is what i have this far

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````





# AdwCleaner v2.007 - Logfile created 11/13/2012 at 18:56:03
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - USER-HP
# Boot Mode : Normal
# Running from : C:\Users\user\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dlQUE
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[R1].txt - [2420 octets] - [13/11/2012 18:54:29]
AdwCleaner[S1].txt - [2403 octets] - [13/11/2012 18:56:03]

########## EOF - C:\AdwCleaner[S1].txt - [2463 octets] ##########






RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 11/13/2012 19:01:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SCSI Disk Device +++++
--- User ---
[MBR] 4fdb8e4f7bdf0d45e422b0fb26779d33
[BSP] f00e6f2f4ce95e968a214487b1feae02 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942533 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930502144 | Size: 11247 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Multiple Card Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11132012_02d1901.txt >>
RKreport[1]_S_11132012_02d1901.txt ; RKreport[2]_D_11132012_02d1901.txt
  • 0

#4
gringo_pr
Posted 13 November 2012 - 03:15 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 1

#5
mmblvanna
Posted 13 November 2012 - 05:25 AM

mmblvanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ok ran program, and it did its thing smoothly!

computer seems a lil better, video streaming improved only minor but still annoying me :angry:

I hope this is the report it put out?

ComboFix 12-11-12.03 - user 13/11/2012 21:42:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4095.2792 [GMT 11:00]
Running from: C:\Users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1964.lnk
C:\ProgramData\xml12CC.tmp
C:\ProgramData\xml3BE.tmp
C:\Users\user\AppData\Roaming\inst.exe
C:\Users\user\AppData\Roaming\vso_ts_preview.xml
C:\Users\user\AppData\Roaming\Xbins
C:\Users\user\AppData\Roaming\Xbins\dict
C:\Users\user\AppData\Roaming\Xbins\FileZilla.xml
C:\Users\user\AppData\Roaming\Xbins\icon.ico
C:\Users\user\AppData\Roaming\Xbins\xbinsftp.exe
C:\Windows\RazorDOX
C:\Windows\RazorDOX\RazorDOX.dll
C:\Windows\SysWow64\muzapp.exe
C:\Windows\SysWow64\System32\MASetupCleaner.exe
C:\Windows\SysWow64\System32\muzapp.exe
C:\Windows\SysWOW64mfc45.dll
C:\Windows\wt
C:\Windows\wt\data.wts
C:\Windows\wt\updater\SmallUpdater.exe
C:\Windows\wt\updater\wt.ini
C:\Windows\wt\webdriver.dll
C:\Windows\wt\webdriver\4.1.1\actorobject.dll
C:\Windows\wt\webdriver\4.1.1\dx5drv.dll
C:\Windows\wt\webdriver\4.1.1\dx7drv.dll
C:\Windows\wt\webdriver\4.1.1\objectbundle.dll
C:\Windows\wt\webdriver\4.1.1\sound.dll
C:\Windows\wt\webdriver\4.1.1\wdcaps.ded
C:\Windows\wt\webdriver\4.1.1\wdengine.dll
C:\Windows\wt\webdriver\4.1.1\webdriver.dll
C:\Windows\wt\webdriver\4.1.1\wthost.exe
C:\Windows\wt\webdriver\4.1.1\wthostctl.dll
C:\Windows\wt\webdriver\4.1.1\wtmulti.dll
C:\Windows\wt\webdriver\4.1.1\wtmulti.jar
C:\Windows\wt\webdriver\4.1.1\wtwmplug.ax
C:\Windows\wt\webdriver\4.1.1\wtwmplug.ini
C:\Windows\wt\webdriver\jdriver.dll
C:\Windows\wt\webdriver\rdriver.dll
C:\Windows\wt\webdriver\wildtangent.jar
C:\Windows\wt\webdriver\wtdmmp.dll
C:\Windows\wt\webdriver\wtdmmpi.jar
C:\Windows\wt\webdriver\wtdmmpv.dll
C:\Windows\wt\wt3d.dll
C:\Windows\wt\wt3d.ini
C:\Windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html
C:\Windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts
C:\Windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
C:\Windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar
C:\Windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
C:\Windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo
C:\Windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas
C:\Windows\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html
C:\Windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
C:\Windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
C:\Windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
C:\Windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
C:\Windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto
C:\Windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
C:\Windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
C:\Windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html
C:\Windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts
C:\Windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt
C:\Windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo
C:\Windows\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas
C:\Windows\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas
C:\Windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini
C:\Windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe
C:\Windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax
C:\Windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini
C:\Windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo
C:\Windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
C:\Windows\wt\wtupdates\wtdmmp\update_info\data.wts
C:\Windows\wt\wtupdates\wtupdater\appinfo.dat
C:\Windows\wt\wtupdates\wtwebdriver\update_info\data.wts
C:\Windows\wt\wtvh.dll


((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))


2012-11-09 15:33:19 . 2012-10-16 15:31:24 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D61893D7-65F9-4E71-868C-D2B6F672CD79}\mpengine.dll
2012-11-08 08:04:33 . 2012-11-12 06:06:25 -------- d-----w- C:\Windows\system32\catroot2
2012-11-08 08:00:27 . 2012-11-08 08:01:47 181064 ----a-w- C:\Windows\PSEXESVC.EXE
2012-11-08 07:56:30 . 2012-11-08 07:56:30 -------- d-----w- C:\RegBackup
2012-11-08 07:56:12 . 2012-11-08 08:00:27 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-08 07:56:03 . 2012-11-08 07:56:03 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-11-07 06:08:26 . 2012-11-07 06:08:28 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-05 04:27:27 . 2012-11-05 04:27:27 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-11-05 04:26:12 . 2012-11-12 06:11:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-05 04:26:12 . 2012-11-12 06:11:35 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-04 23:59:16 . 2012-10-30 22:51:53 25232 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-11-04 23:59:15 . 2012-10-30 22:51:55 370288 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-11-04 23:59:07 . 2012-10-15 15:59:28 54072 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2012-11-04 23:59:03 . 2012-10-30 22:51:56 59728 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-11-04 23:59:00 . 2012-10-30 22:51:55 984144 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-11-04 23:58:58 . 2012-10-30 22:51:55 71600 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-11-04 23:58:18 . 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-11-04 23:58:17 . 2012-10-30 22:50:59 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2012-11-04 23:58:06 . 2012-11-04 23:58:06 -------- d-----w- C:\ProgramData\AVAST Software
2012-11-04 23:58:06 . 2012-11-04 23:58:06 -------- d-----w- C:\Program Files\AVAST Software
2012-11-04 23:43:53 . 2012-11-04 23:43:53 -------- d-----w- C:\Users\user\AppData\Local\Avg2013
2012-11-04 00:48:25 . 2012-11-04 00:48:25 -------- d-----w- C:\Users\user\AppData\Local\Coupon Companion
2012-11-04 00:48:23 . 2012-11-04 00:48:51 -------- d-----w- C:\Program Files (x86)\Coupon Companion
2012-11-04 00:16:59 . 2012-11-05 03:16:51 -------- d-----w- C:\Program Files\CCleaner
2012-10-20 07:16:15 . 2012-10-20 07:16:05 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-10-30 22:50:30 . 2011-05-18 10:40:32 285328 ----a-w- C:\Windows\system32\aswBoot.exe
2012-10-20 07:16:04 . 2012-08-22 10:03:05 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-20 07:16:04 . 2011-05-21 03:06:07 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-10 16:03:05 . 2011-05-21 02:38:37 65309168 ----a-w- C:\Windows\system32\MRT.exe
2012-09-29 08:54:26 . 2012-03-12 05:58:25 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-09-14 19:19:29 . 2012-10-10 07:43:46 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-09-14 18:28:53 . 2012-10-10 07:43:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 . 2012-10-10 07:44:50 1659760 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2012-08-30 18:03:45 . 2012-10-10 07:44:49 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-08-30 17:12:02 . 2012-10-10 07:44:48 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 . 2012-10-10 07:44:48 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 . 2012-10-10 07:44:07 220160 ----a-w- C:\Windows\system32\wintrust.dll
2012-08-24 16:57:48 . 2012-10-10 07:44:07 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 11:15:45 . 2012-09-22 17:00:42 17810944 ----a-w- C:\Windows\system32\mshtml.dll
2012-08-24 10:39:42 . 2012-09-22 17:00:41 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-08-24 10:31:32 . 2012-09-22 17:00:46 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-08-24 10:22:46 . 2012-09-22 17:00:47 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-08-24 10:21:18 . 2012-09-22 17:00:46 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-08-24 10:20:11 . 2012-09-22 17:00:46 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-08-24 10:18:46 . 2012-09-22 17:00:48 237056 ----a-w- C:\Windows\system32\url.dll
2012-08-24 10:17:03 . 2012-09-22 17:00:45 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-08-24 10:14:45 . 2012-09-22 17:00:48 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-08-24 10:14:34 . 2012-09-22 17:00:44 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-08-24 10:13:29 . 2012-09-22 17:00:45 599040 ----a-w- C:\Windows\system32\vbscript.dll
2012-08-24 10:12:04 . 2012-09-22 17:00:44 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-08-24 10:11:57 . 2012-09-22 17:00:46 729088 ----a-w- C:\Windows\system32\msfeeds.dll
2012-08-24 10:10:14 . 2012-09-22 17:00:50 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-08-24 10:09:42 . 2012-09-22 17:00:51 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-08-24 10:04:06 . 2012-09-22 17:00:48 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-08-24 06:59:17 . 2012-09-22 17:00:45 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 . 2012-09-22 17:00:46 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 . 2012-09-22 17:00:47 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 . 2012-09-22 17:00:48 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 . 2012-09-22 17:00:49 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 . 2012-09-22 17:00:50 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 . 2012-09-12 07:33:55 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-08-22 18:12:40 . 2012-09-12 07:33:57 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-08-22 18:12:40 . 2012-09-12 07:33:55 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-08-22 18:12:33 . 2012-09-12 07:33:55 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 . 2012-09-26 06:38:57 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe
2012-08-21 03:01:20 . 2012-09-20 10:09:18 33240 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 03:01:20 . 2011-05-18 12:28:03 125872 ----a-w- C:\Windows\system32\GEARAspi64.dll
2012-08-21 03:01:20 . 2011-05-18 12:28:03 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 . 2012-10-10 07:44:29 243200 ----a-w- C:\Windows\system32\wow64.dll
2012-08-20 18:48:44 . 2012-10-10 07:44:28 362496 ----a-w- C:\Windows\system32\wow64win.dll
2012-08-20 18:48:44 . 2012-10-10 07:44:28 13312 ----a-w- C:\Windows\system32\wow64cpu.dll
2012-08-20 18:48:43 . 2012-10-10 07:44:30 215040 ----a-w- C:\Windows\system32\winsrv.dll
2012-08-20 18:48:37 . 2012-10-10 07:44:28 16384 ----a-w- C:\Windows\system32\ntvdm64.dll
2012-08-20 18:48:35 . 2012-10-10 07:44:30 424448 ----a-w- C:\Windows\system32\KernelBase.dll
2012-08-20 18:48:35 . 2012-10-10 07:44:30 1162240 ----a-w- C:\Windows\system32\kernel32.dll
2012-08-20 18:46:22 . 2012-10-10 07:44:30 338432 ----a-w- C:\Windows\system32\conhost.exe
2012-08-20 18:38:32 . 2012-10-10 07:44:27 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:27 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:27 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:26 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:26 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:26 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:25 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:25 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:25 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:25 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:25 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:25 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:25 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:25 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38:32 . 2012-10-10 07:44:23 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:25 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:25 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:25 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:25 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:25 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:25 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:25 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38:31 . 2012-10-10 07:44:23 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40:21 . 2012-10-10 07:44:28 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 . 2012-10-10 07:44:29 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 . 2012-10-10 07:44:29 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 . 2012-10-10 07:44:27 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 . 2012-10-10 07:44:29 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32:13 . 2012-10-10 07:44:27 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 12:17:41 1174016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 04:27:14 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 03:22:40 822624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 21:30:18 508776]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [2011-12-08 04:22:38 98616]
R3 epmntdrv;epmntdrv;C:\Windows\system32\epmntdrv.sys [2010-07-14 22:44:20 16776]
R3 EuGdiDrv;EuGdiDrv;C:\Windows\system32\EuGdiDrv.sys [2010-07-14 22:44:20 9096]
R3 pcouffin;VSO Software pcouffin;C:\Windows\system32\Drivers\pcouffin.sys [2011-06-01 10:16:58 82816]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 21:30:10 764264]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 21:30:18 25960]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 14:24:40 203320]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-07-09 03:42:54 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-18 17:02:24 1255736]
R4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 05:29:57 140672]
R4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 06:10:28 86072]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-07-04 06:20:54 238080]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-03 15:36:06 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 06:04:30 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 22:51:55 71600]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 06:07:50 94264]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 08:54:26 399432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 08:54:26 676936]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 04:39:22 490280]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 23:53:20 635416]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-17 23:18:24 46136]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-29 08:54:26 25928]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 21:30:18 268648]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 21:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 21:30:22 219496]


Contents of the 'Scheduled Tasks' folder

2012-11-13 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-05 04:26:13 . 2012-11-12 06:11:35]

2012-11-13 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05 07:53:33 . 2011-07-05 07:53:27]

2012-11-13 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05 07:53:33 . 2011-07-05 07:53:27]

2012-11-09 C:\Windows\Tasks\HPCeeScheduleForuser.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 11:15:40 . 2010-09-13 11:15:40]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50:24 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll
  • 0

#6
gringo_pr
Posted 13 November 2012 - 12:05 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 1

#7
mmblvanna
Posted 14 November 2012 - 01:24 AM

mmblvanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
howdy!

new logs

17:46:51.0004 3588 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:46:52.0264 3588 ============================================================
17:46:52.0264 3588 Current date / time: 2012/11/14 17:46:52.0264
17:46:52.0264 3588 SystemInfo:
17:46:52.0264 3588
17:46:52.0264 3588 OS Version: 6.1.7601 ServicePack: 1.0
17:46:52.0264 3588 Product type: Workstation
17:46:52.0264 3588 ComputerName: USER-HP
17:46:52.0264 3588 UserName: user
17:46:52.0264 3588 Windows directory: C:\Windows
17:46:52.0264 3588 System windows directory: C:\Windows
17:46:52.0264 3588 Running under WOW64
17:46:52.0264 3588 Processor architecture: Intel x64
17:46:52.0264 3588 Number of processors: 4
17:46:52.0264 3588 Page size: 0x1000
17:46:52.0264 3588 Boot type: Normal boot
17:46:52.0264 3588 ============================================================
17:46:53.0200 3588 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:46:53.0200 3588 ============================================================
17:46:53.0200 3588 \Device\Harddisk0\DR0:
17:46:53.0200 3588 MBR partitions:
17:46:53.0200 3588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:46:53.0200 3588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x730E2A29
17:46:53.0200 3588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73112000, BlocksNum 0x15F7882
17:46:53.0200 3588 ============================================================
17:46:53.0231 3588 C: <-> \Device\Harddisk0\DR0\Partition2
17:46:53.0278 3588 D: <-> \Device\Harddisk0\DR0\Partition3
17:46:53.0278 3588 ============================================================
17:46:53.0278 3588 Initialize success
17:46:53.0278 3588 ============================================================
17:47:01.0203 2620 ============================================================
17:47:01.0203 2620 Scan started
17:47:01.0203 2620 Mode: Manual;
17:47:01.0203 2620 ============================================================
17:47:01.0905 2620 ================ Scan system memory ========================
17:47:01.0905 2620 System memory - ok
17:47:01.0905 2620 ================ Scan services =============================
17:47:01.0983 2620 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:47:01.0983 2620 !SASCORE - ok
17:47:02.0092 2620 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:47:02.0092 2620 1394ohci - ok
17:47:02.0139 2620 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:47:02.0154 2620 ACPI - ok
17:47:02.0154 2620 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:47:02.0154 2620 AcpiPmi - ok
17:47:02.0248 2620 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:47:02.0248 2620 AdobeARMservice - ok
17:47:02.0357 2620 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:47:02.0357 2620 AdobeFlashPlayerUpdateSvc - ok
17:47:02.0373 2620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:47:02.0388 2620 adp94xx - ok
17:47:02.0388 2620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:47:02.0404 2620 adpahci - ok
17:47:02.0404 2620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:47:02.0404 2620 adpu320 - ok
17:47:02.0435 2620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:47:02.0435 2620 AeLookupSvc - ok
17:47:02.0498 2620 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:47:02.0498 2620 AFD - ok
17:47:02.0498 2620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:47:02.0513 2620 agp440 - ok
17:47:02.0513 2620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:47:02.0513 2620 ALG - ok
17:47:02.0529 2620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:47:02.0529 2620 aliide - ok
17:47:02.0591 2620 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:47:02.0591 2620 AMD External Events Utility - ok
17:47:02.0654 2620 AMD FUEL Service - ok
17:47:02.0700 2620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:47:02.0700 2620 amdide - ok
17:47:02.0716 2620 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
17:47:02.0716 2620 amdiox64 - ok
17:47:02.0716 2620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:47:02.0732 2620 AmdK8 - ok
17:47:03.0184 2620 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:47:03.0356 2620 amdkmdag - ok
17:47:03.0402 2620 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:47:03.0402 2620 amdkmdap - ok
17:47:03.0418 2620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:47:03.0418 2620 AmdPPM - ok
17:47:03.0465 2620 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:47:03.0465 2620 amdsata - ok
17:47:03.0480 2620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:47:03.0480 2620 amdsbs - ok
17:47:03.0496 2620 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:47:03.0496 2620 amdxata - ok
17:47:03.0512 2620 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:47:03.0512 2620 AODDriver4.1 - ok
17:47:03.0558 2620 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:47:03.0558 2620 AppID - ok
17:47:03.0574 2620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:47:03.0574 2620 AppIDSvc - ok
17:47:03.0605 2620 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:47:03.0605 2620 Appinfo - ok
17:47:03.0699 2620 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:47:03.0714 2620 Apple Mobile Device - ok
17:47:03.0730 2620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:47:03.0730 2620 arc - ok
17:47:03.0746 2620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:47:03.0746 2620 arcsas - ok
17:47:03.0761 2620 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:47:03.0761 2620 aswFsBlk - ok
17:47:03.0777 2620 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:47:03.0792 2620 aswMonFlt - ok
17:47:03.0792 2620 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
17:47:03.0792 2620 aswRdr - ok
17:47:03.0824 2620 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:47:03.0824 2620 aswSnx - ok
17:47:03.0839 2620 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:47:03.0839 2620 aswSP - ok
17:47:03.0855 2620 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:47:03.0855 2620 aswTdi - ok
17:47:03.0870 2620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:47:03.0870 2620 AsyncMac - ok
17:47:03.0917 2620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:47:03.0917 2620 atapi - ok
17:47:03.0964 2620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:47:03.0964 2620 AudioEndpointBuilder - ok
17:47:03.0980 2620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:47:03.0980 2620 AudioSrv - ok
17:47:04.0026 2620 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:47:04.0026 2620 avast! Antivirus - ok
17:47:04.0073 2620 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:47:04.0089 2620 AxInstSV - ok
17:47:04.0089 2620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:47:04.0104 2620 b06bdrv - ok
17:47:04.0104 2620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:47:04.0120 2620 b57nd60a - ok
17:47:04.0136 2620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:47:04.0136 2620 BDESVC - ok
17:47:04.0151 2620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:47:04.0151 2620 Beep - ok
17:47:04.0182 2620 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:47:04.0198 2620 BFE - ok
17:47:04.0229 2620 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:47:04.0229 2620 BITS - ok
17:47:04.0245 2620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:47:04.0245 2620 blbdrive - ok
17:47:04.0292 2620 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:47:04.0292 2620 bowser - ok
17:47:04.0292 2620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:47:04.0292 2620 BrFiltLo - ok
17:47:04.0307 2620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:47:04.0307 2620 BrFiltUp - ok
17:47:04.0323 2620 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:47:04.0323 2620 BridgeMP - ok
17:47:04.0370 2620 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:47:04.0370 2620 Browser - ok
17:47:04.0370 2620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:47:04.0385 2620 Brserid - ok
17:47:04.0385 2620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:47:04.0385 2620 BrSerWdm - ok
17:47:04.0401 2620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:47:04.0401 2620 BrUsbMdm - ok
17:47:04.0416 2620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:47:04.0416 2620 BrUsbSer - ok
17:47:04.0416 2620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:47:04.0432 2620 BTHMODEM - ok
17:47:04.0448 2620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:47:04.0448 2620 bthserv - ok
17:47:04.0479 2620 catchme - ok
17:47:04.0479 2620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:47:04.0479 2620 cdfs - ok
17:47:04.0526 2620 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:47:04.0526 2620 cdrom - ok
17:47:04.0572 2620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:47:04.0572 2620 CertPropSvc - ok
17:47:04.0572 2620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:47:04.0572 2620 circlass - ok
17:47:04.0604 2620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:47:04.0604 2620 CLFS - ok
17:47:04.0666 2620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:47:04.0666 2620 clr_optimization_v2.0.50727_32 - ok
17:47:04.0713 2620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:47:04.0713 2620 clr_optimization_v2.0.50727_64 - ok
17:47:04.0806 2620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:47:04.0806 2620 clr_optimization_v4.0.30319_32 - ok
17:47:04.0822 2620 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:47:04.0838 2620 clr_optimization_v4.0.30319_64 - ok
17:47:04.0838 2620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:47:04.0838 2620 CmBatt - ok
17:47:04.0869 2620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:47:04.0884 2620 cmdide - ok
17:47:04.0931 2620 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:47:04.0931 2620 CNG - ok
17:47:04.0947 2620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:47:04.0947 2620 Compbatt - ok
17:47:04.0962 2620 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:47:04.0962 2620 CompositeBus - ok
17:47:04.0962 2620 COMSysApp - ok
17:47:04.0978 2620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:47:04.0978 2620 crcdisk - ok
17:47:05.0025 2620 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:47:05.0025 2620 CryptSvc - ok
17:47:05.0134 2620 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:47:05.0134 2620 cvhsvc - ok
17:47:05.0181 2620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:47:05.0181 2620 DcomLaunch - ok
17:47:05.0212 2620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:47:05.0212 2620 defragsvc - ok
17:47:05.0243 2620 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:47:05.0259 2620 DfsC - ok
17:47:05.0306 2620 [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
17:47:05.0306 2620 dg_ssudbus - ok
17:47:05.0352 2620 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:47:05.0352 2620 Dhcp - ok
17:47:05.0352 2620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:47:05.0352 2620 discache - ok
17:47:05.0368 2620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:47:05.0368 2620 Disk - ok
17:47:05.0415 2620 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:47:05.0415 2620 Dnscache - ok
17:47:05.0462 2620 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:47:05.0462 2620 dot3svc - ok
17:47:05.0508 2620 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:47:05.0508 2620 DPS - ok
17:47:05.0508 2620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:47:05.0524 2620 drmkaud - ok
17:47:05.0540 2620 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:47:05.0555 2620 DXGKrnl - ok
17:47:05.0571 2620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:47:05.0571 2620 EapHost - ok
17:47:05.0680 2620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:47:05.0727 2620 ebdrv - ok
17:47:05.0774 2620 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:47:05.0774 2620 EFS - ok
17:47:05.0820 2620 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:47:05.0820 2620 ehRecvr - ok
17:47:05.0836 2620 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:47:05.0836 2620 ehSched - ok
17:47:05.0883 2620 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
17:47:05.0883 2620 ElbyCDIO - ok
17:47:05.0914 2620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:47:05.0914 2620 elxstor - ok
17:47:05.0945 2620 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
17:47:05.0945 2620 epmntdrv - ok
17:47:05.0961 2620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:47:05.0961 2620 ErrDev - ok
17:47:05.0976 2620 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
17:47:05.0976 2620 EuGdiDrv - ok
17:47:05.0992 2620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:47:06.0008 2620 EventSystem - ok
17:47:06.0008 2620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:47:06.0023 2620 exfat - ok
17:47:06.0039 2620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:47:06.0039 2620 fastfat - ok
17:47:06.0054 2620 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:47:06.0054 2620 Fax - ok
17:47:06.0070 2620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:47:06.0070 2620 fdc - ok
17:47:06.0086 2620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:47:06.0086 2620 fdPHost - ok
17:47:06.0101 2620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:47:06.0101 2620 FDResPub - ok
17:47:06.0117 2620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:47:06.0117 2620 FileInfo - ok
17:47:06.0132 2620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:47:06.0132 2620 Filetrace - ok
17:47:06.0132 2620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:47:06.0132 2620 flpydisk - ok
17:47:06.0148 2620 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:47:06.0148 2620 FltMgr - ok
17:47:06.0210 2620 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:47:06.0226 2620 FontCache - ok
17:47:06.0288 2620 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:47:06.0288 2620 FontCache3.0.0.0 - ok
17:47:06.0335 2620 [ B60DF5324D7EA0C8017F4C5331962D59 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:47:06.0335 2620 ForceWare Intelligent Application Manager (IAM) - ok
17:47:06.0351 2620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:47:06.0351 2620 FsDepends - ok
17:47:06.0382 2620 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:47:06.0398 2620 Fs_Rec - ok
17:47:06.0429 2620 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:47:06.0429 2620 fvevol - ok
17:47:06.0444 2620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:47:06.0444 2620 gagp30kx - ok
17:47:06.0522 2620 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:47:06.0538 2620 GamesAppService - ok
17:47:06.0585 2620 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:47:06.0585 2620 GEARAspiWDM - ok
17:47:06.0632 2620 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:47:06.0647 2620 gpsvc - ok
17:47:06.0725 2620 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:47:06.0725 2620 gupdate - ok
17:47:06.0741 2620 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:47:06.0741 2620 gupdatem - ok
17:47:06.0772 2620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:47:06.0772 2620 hcw85cir - ok
17:47:06.0819 2620 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:47:06.0819 2620 HdAudAddService - ok
17:47:06.0834 2620 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:47:06.0834 2620 HDAudBus - ok
17:47:06.0850 2620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:47:06.0850 2620 HidBatt - ok
17:47:06.0866 2620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:47:06.0866 2620 HidBth - ok
17:47:06.0881 2620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:47:06.0881 2620 HidIr - ok
17:47:06.0897 2620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:47:06.0897 2620 hidserv - ok
17:47:06.0897 2620 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:47:06.0897 2620 HidUsb - ok
17:47:06.0944 2620 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:47:06.0944 2620 hkmsvc - ok
17:47:06.0959 2620 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:47:06.0959 2620 HomeGroupListener - ok
17:47:07.0006 2620 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:47:07.0006 2620 HomeGroupProvider - ok
17:47:07.0084 2620 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:47:07.0084 2620 HP Support Assistant Service - ok
17:47:07.0100 2620 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:47:07.0100 2620 HPDrvMntSvc.exe - ok
17:47:07.0146 2620 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:47:07.0162 2620 hpqwmiex - ok
17:47:07.0178 2620 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:47:07.0178 2620 HpSAMD - ok
17:47:07.0240 2620 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:47:07.0240 2620 HTTP - ok
17:47:07.0287 2620 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:47:07.0287 2620 hwpolicy - ok
17:47:07.0334 2620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:47:07.0334 2620 i8042prt - ok
17:47:07.0380 2620 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:47:07.0380 2620 iaStorV - ok
17:47:07.0412 2620 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:47:07.0412 2620 idsvc - ok
17:47:07.0427 2620 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:47:07.0427 2620 iirsp - ok
17:47:07.0490 2620 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:47:07.0490 2620 IKEEXT - ok
17:47:07.0646 2620 [ 91ED47813243B455E2D81115A8255F0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:47:07.0724 2620 IntcAzAudAddService - ok
17:47:07.0739 2620 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:47:07.0739 2620 intelide - ok
17:47:07.0755 2620 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:47:07.0755 2620 intelppm - ok
17:47:07.0786 2620 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:47:07.0786 2620 IPBusEnum - ok
17:47:07.0817 2620 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:47:07.0817 2620 IpFilterDriver - ok
17:47:07.0864 2620 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:47:07.0864 2620 iphlpsvc - ok
17:47:07.0880 2620 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:47:07.0880 2620 IPMIDRV - ok
17:47:07.0895 2620 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:47:07.0895 2620 IPNAT - ok
17:47:07.0942 2620 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:47:07.0942 2620 iPod Service - ok
17:47:07.0958 2620 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:47:07.0958 2620 IRENUM - ok
17:47:07.0973 2620 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:47:07.0973 2620 isapnp - ok
17:47:07.0989 2620 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:47:08.0004 2620 iScsiPrt - ok
17:47:08.0020 2620 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:47:08.0020 2620 kbdclass - ok
17:47:08.0036 2620 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:47:08.0036 2620 kbdhid - ok
17:47:08.0036 2620 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:47:08.0036 2620 KeyIso - ok
17:47:08.0082 2620 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:47:08.0114 2620 KSecDD - ok
17:47:08.0160 2620 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:47:08.0160 2620 KSecPkg - ok
17:47:08.0160 2620 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:47:08.0176 2620 ksthunk - ok
17:47:08.0192 2620 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:47:08.0207 2620 KtmRm - ok
17:47:08.0238 2620 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:47:08.0238 2620 LanmanServer - ok
17:47:08.0270 2620 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:47:08.0270 2620 LanmanWorkstation - ok
17:47:08.0285 2620 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:47:08.0301 2620 lltdio - ok
17:47:08.0316 2620 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:47:08.0316 2620 lltdsvc - ok
17:47:08.0332 2620 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:47:08.0332 2620 lmhosts - ok
17:47:08.0348 2620 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:47:08.0348 2620 LSI_FC - ok
17:47:08.0363 2620 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:47:08.0363 2620 LSI_SAS - ok
17:47:08.0379 2620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:47:08.0379 2620 LSI_SAS2 - ok
17:47:08.0379 2620 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:47:08.0379 2620 LSI_SCSI - ok
17:47:08.0394 2620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:47:08.0394 2620 luafv - ok
17:47:08.0441 2620 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:47:08.0441 2620 MBAMProtector - ok
17:47:08.0488 2620 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:47:08.0504 2620 MBAMScheduler - ok
17:47:08.0519 2620 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:47:08.0535 2620 MBAMService - ok
17:47:08.0566 2620 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:47:08.0566 2620 Mcx2Svc - ok
17:47:08.0582 2620 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:47:08.0582 2620 megasas - ok
17:47:08.0597 2620 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:47:08.0613 2620 MegaSR - ok
17:47:08.0628 2620 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:47:08.0644 2620 MMCSS - ok
17:47:08.0660 2620 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:47:08.0660 2620 Modem - ok
17:47:08.0675 2620 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:47:08.0675 2620 monitor - ok
17:47:08.0722 2620 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:47:08.0722 2620 mouclass - ok
17:47:08.0738 2620 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:47:08.0738 2620 mouhid - ok
17:47:08.0784 2620 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:47:08.0784 2620 mountmgr - ok
17:47:08.0816 2620 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:47:08.0816 2620 MozillaMaintenance - ok
17:47:08.0831 2620 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:47:08.0831 2620 mpio - ok
17:47:08.0847 2620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:47:08.0847 2620 mpsdrv - ok
17:47:08.0894 2620 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:47:08.0894 2620 MpsSvc - ok
17:47:08.0940 2620 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:47:08.0940 2620 MRxDAV - ok
17:47:08.0987 2620 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:47:08.0987 2620 mrxsmb - ok
17:47:09.0018 2620 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:47:09.0018 2620 mrxsmb10 - ok
17:47:09.0034 2620 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:47:09.0050 2620 mrxsmb20 - ok
17:47:09.0050 2620 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:47:09.0050 2620 msahci - ok
17:47:09.0065 2620 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:47:09.0081 2620 msdsm - ok
17:47:09.0096 2620 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:47:09.0096 2620 MSDTC - ok
17:47:09.0112 2620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:47:09.0112 2620 Msfs - ok
17:47:09.0128 2620 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:47:09.0128 2620 mshidkmdf - ok
17:47:09.0128 2620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:47:09.0128 2620 msisadrv - ok
17:47:09.0143 2620 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:47:09.0159 2620 MSiSCSI - ok
17:47:09.0159 2620 msiserver - ok
17:47:09.0159 2620 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:47:09.0174 2620 MSKSSRV - ok
17:47:09.0174 2620 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:47:09.0190 2620 MSPCLOCK - ok
17:47:09.0190 2620 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:47:09.0190 2620 MSPQM - ok
17:47:09.0237 2620 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:47:09.0237 2620 MsRPC - ok
17:47:09.0252 2620 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:47:09.0252 2620 mssmbios - ok
17:47:09.0268 2620 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:47:09.0268 2620 MSTEE - ok
17:47:09.0284 2620 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:47:09.0284 2620 MTConfig - ok
17:47:09.0299 2620 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:47:09.0299 2620 Mup - ok
17:47:09.0315 2620 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:47:09.0315 2620 napagent - ok
17:47:09.0346 2620 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:47:09.0346 2620 NativeWifiP - ok
17:47:09.0408 2620 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
17:47:09.0424 2620 NAUpdate - ok
17:47:09.0471 2620 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:47:09.0486 2620 NDIS - ok
17:47:09.0502 2620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:47:09.0502 2620 NdisCap - ok
17:47:09.0518 2620 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:47:09.0518 2620 NdisTapi - ok
17:47:09.0564 2620 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:47:09.0564 2620 Ndisuio - ok
17:47:09.0611 2620 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:47:09.0611 2620 NdisWan - ok
17:47:09.0642 2620 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:47:09.0642 2620 NDProxy - ok
17:47:09.0658 2620 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:47:09.0658 2620 NetBIOS - ok
17:47:09.0674 2620 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:47:09.0674 2620 NetBT - ok
17:47:09.0689 2620 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:47:09.0689 2620 Netlogon - ok
17:47:09.0705 2620 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:47:09.0720 2620 Netman - ok
17:47:09.0736 2620 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:47:09.0736 2620 netprofm - ok
17:47:09.0783 2620 [ C553716F6F7BCA3444CEE52DFB7C9016 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
17:47:09.0783 2620 netr28ux - ok
17:47:09.0798 2620 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:47:09.0798 2620 NetTcpPortSharing - ok
17:47:09.0814 2620 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:47:09.0814 2620 nfrd960 - ok
17:47:09.0830 2620 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:47:09.0845 2620 NlaSvc - ok
17:47:09.0845 2620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:47:09.0845 2620 Npfs - ok
17:47:09.0861 2620 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:47:09.0861 2620 nsi - ok
17:47:09.0876 2620 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:47:09.0876 2620 nsiproxy - ok
17:47:09.0892 2620 [ 6324EEF641C2B6D1B7EC423850B10F82 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:47:09.0908 2620 nSvcIp - ok
17:47:10.0017 2620 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:47:10.0032 2620 Ntfs - ok
17:47:10.0048 2620 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:47:10.0048 2620 Null - ok
17:47:10.0079 2620 [ BD25E03EAD63AC3365F25175B4DBD56A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
17:47:10.0079 2620 NVNET - ok
17:47:10.0126 2620 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:47:10.0126 2620 nvraid - ok
17:47:10.0126 2620 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:47:10.0142 2620 nvstor - ok
17:47:10.0157 2620 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
17:47:10.0157 2620 nvstor64 - ok
17:47:10.0188 2620 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:47:10.0188 2620 nv_agp - ok
17:47:10.0235 2620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:47:10.0235 2620 ohci1394 - ok
17:47:10.0282 2620 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:47:10.0282 2620 ose - ok
17:47:10.0407 2620 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:47:10.0500 2620 osppsvc - ok
17:47:10.0532 2620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:47:10.0547 2620 p2pimsvc - ok
17:47:10.0563 2620 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:47:10.0563 2620 p2psvc - ok
17:47:10.0578 2620 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:47:10.0578 2620 Parport - ok
17:47:10.0610 2620 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:47:10.0610 2620 partmgr - ok
17:47:10.0625 2620 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:47:10.0625 2620 PcaSvc - ok
17:47:10.0641 2620 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:47:10.0641 2620 pci - ok
17:47:10.0656 2620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:47:10.0656 2620 pciide - ok
17:47:10.0672 2620 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:47:10.0688 2620 pcmcia - ok
17:47:10.0734 2620 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
17:47:10.0734 2620 pcouffin - ok
17:47:10.0750 2620 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:47:10.0766 2620 pcw - ok
17:47:10.0781 2620 pdfcDispatcher - ok
17:47:10.0797 2620 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:47:10.0812 2620 PEAUTH - ok
17:47:10.0859 2620 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:47:10.0875 2620 PerfHost - ok
17:47:10.0937 2620 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:47:10.0953 2620 pla - ok
17:47:11.0000 2620 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:47:11.0015 2620 PlugPlay - ok
17:47:11.0031 2620 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:47:11.0031 2620 PNRPAutoReg - ok
17:47:11.0046 2620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:47:11.0046 2620 PNRPsvc - ok
17:47:11.0062 2620 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:47:11.0062 2620 PolicyAgent - ok
17:47:11.0093 2620 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:47:11.0093 2620 Power - ok
17:47:11.0109 2620 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:47:11.0109 2620 PptpMiniport - ok
17:47:11.0124 2620 PQNTDrv - ok
17:47:11.0124 2620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:47:11.0140 2620 Processor - ok
17:47:11.0171 2620 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:47:11.0187 2620 ProfSvc - ok
17:47:11.0187 2620 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:47:11.0187 2620 ProtectedStorage - ok
17:47:11.0234 2620 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:47:11.0234 2620 Psched - ok
17:47:11.0296 2620 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:47:11.0327 2620 ql2300 - ok
17:47:11.0343 2620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:47:11.0343 2620 ql40xx - ok
17:47:11.0358 2620 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:47:11.0358 2620 QWAVE - ok
17:47:11.0374 2620 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:47:11.0374 2620 QWAVEdrv - ok
17:47:11.0374 2620 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:47:11.0374 2620 RasAcd - ok
17:47:11.0405 2620 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:47:11.0405 2620 RasAgileVpn - ok
17:47:11.0405 2620 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:47:11.0421 2620 RasAuto - ok
17:47:11.0421 2620 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:47:11.0421 2620 Rasl2tp - ok
17:47:11.0468 2620 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:47:11.0483 2620 RasMan - ok
17:47:11.0483 2620 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:47:11.0483 2620 RasPppoe - ok
17:47:11.0499 2620 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:47:11.0499 2620 RasSstp - ok
17:47:11.0514 2620 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:47:11.0514 2620 rdbss - ok
17:47:11.0530 2620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:47:11.0530 2620 rdpbus - ok
17:47:11.0546 2620 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:47:11.0546 2620 RDPCDD - ok
17:47:11.0561 2620 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:47:11.0561 2620 RDPENCDD - ok
17:47:11.0561 2620 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:47:11.0561 2620 RDPREFMP - ok
17:47:11.0577 2620 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:47:11.0577 2620 RDPWD - ok
17:47:11.0592 2620 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:47:11.0592 2620 rdyboost - ok
17:47:11.0592 2620 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:47:11.0608 2620 RemoteAccess - ok
17:47:11.0624 2620 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:47:11.0624 2620 RemoteRegistry - ok
17:47:11.0639 2620 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:47:11.0639 2620 RpcEptMapper - ok
17:47:11.0655 2620 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:47:11.0655 2620 RpcLocator - ok
17:47:11.0670 2620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
17:47:11.0686 2620 RpcSs - ok
17:47:11.0702 2620 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:47:11.0702 2620 rspndr - ok
17:47:11.0717 2620 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:47:11.0717 2620 SamSs - ok
17:47:11.0764 2620 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:47:11.0764 2620 SASDIFSV - ok
17:47:11.0780 2620 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:47:11.0795 2620 SASKUTIL - ok
17:47:11.0826 2620 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:47:11.0826 2620 sbp2port - ok
17:47:11.0842 2620 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:47:11.0842 2620 SCardSvr - ok
17:47:11.0904 2620 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:47:11.0904 2620 SCDEmu - ok
17:47:11.0951 2620 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:47:11.0951 2620 scfilter - ok
17:47:11.0998 2620 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:47:12.0029 2620 Schedule - ok
17:47:12.0076 2620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:47:12.0076 2620 SCPolicySvc - ok
17:47:12.0107 2620 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:47:12.0123 2620 SDRSVC - ok
17:47:12.0123 2620 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:47:12.0123 2620 secdrv - ok
17:47:12.0138 2620 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:47:12.0138 2620 seclogon - ok
17:47:12.0154 2620 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:47:12.0154 2620 SENS - ok
17:47:12.0170 2620 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:47:12.0170 2620 SensrSvc - ok
17:47:12.0185 2620 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:47:12.0185 2620 Serenum - ok
17:47:12.0201 2620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:47:12.0201 2620 Serial - ok
17:47:12.0216 2620 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:47:12.0216 2620 sermouse - ok
17:47:12.0248 2620 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:47:12.0248 2620 SessionEnv - ok
17:47:12.0263 2620 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:47:12.0263 2620 sffdisk - ok
17:47:12.0279 2620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:47:12.0279 2620 sffp_mmc - ok
17:47:12.0279 2620 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:47:12.0294 2620 sffp_sd - ok
17:47:12.0310 2620 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:47:12.0310 2620 sfloppy - ok
17:47:12.0357 2620 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:47:12.0372 2620 Sftfs - ok
17:47:12.0450 2620 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:47:12.0450 2620 sftlist - ok
17:47:12.0497 2620 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:47:12.0497 2620 Sftplay - ok
17:47:12.0513 2620 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:47:12.0513 2620 Sftredir - ok
17:47:12.0528 2620 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:47:12.0528 2620 Sftvol - ok
17:47:12.0544 2620 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:47:12.0544 2620 sftvsa - ok
17:47:12.0560 2620 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:47:12.0575 2620 SharedAccess - ok
17:47:12.0591 2620 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:47:12.0591 2620 ShellHWDetection - ok
17:47:12.0606 2620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:47:12.0606 2620 SiSRaid2 - ok
17:47:12.0622 2620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:47:12.0622 2620 SiSRaid4 - ok
17:47:12.0622 2620 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:47:12.0638 2620 Smb - ok
17:47:12.0653 2620 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:47:12.0669 2620 SNMPTRAP - ok
17:47:12.0669 2620 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:47:12.0669 2620 spldr - ok
17:47:12.0731 2620 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:47:12.0731 2620 Spooler - ok
17:47:12.0825 2620 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:47:12.0872 2620 sppsvc - ok
17:47:12.0903 2620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:47:12.0903 2620 sppuinotify - ok
17:47:12.0950 2620 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:47:12.0950 2620 srv - ok
17:47:12.0981 2620 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:47:12.0996 2620 srv2 - ok
17:47:12.0996 2620 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:47:12.0996 2620 srvnet - ok
17:47:13.0028 2620 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:47:13.0028 2620 SSDPSRV - ok
17:47:13.0028 2620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:47:13.0043 2620 SstpSvc - ok
17:47:13.0059 2620 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
17:47:13.0074 2620 ssudmdm - ok
17:47:13.0090 2620 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:47:13.0090 2620 stexstor - ok
17:47:13.0106 2620 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:47:13.0121 2620 stisvc - ok
17:47:13.0168 2620 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:47:13.0168 2620 swenum - ok
17:47:13.0262 2620 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:47:13.0308 2620 swprv - ok
17:47:13.0402 2620 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:47:13.0433 2620 SysMain - ok
17:47:13.0449 2620 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:47:13.0449 2620 TabletInputService - ok
17:47:13.0464 2620 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:47:13.0464 2620 TapiSrv - ok
17:47:13.0480 2620 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:47:13.0496 2620 TBS - ok
17:47:13.0558 2620 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:47:13.0589 2620 Tcpip - ok
17:47:13.0652 2620 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:47:13.0667 2620 TCPIP6 - ok
17:47:13.0698 2620 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:47:13.0698 2620 tcpipreg - ok
17:47:13.0730 2620 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:47:13.0730 2620 TDPIPE - ok
17:47:13.0776 2620 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:47:13.0776 2620 TDTCP - ok
17:47:13.0792 2620 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:47:13.0808 2620 tdx - ok
17:47:13.0808 2620 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:47:13.0808 2620 TermDD - ok
17:47:13.0823 2620 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:47:13.0839 2620 TermService - ok
17:47:13.0839 2620 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:47:13.0854 2620 Themes - ok
17:47:13.0870 2620 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:47:13.0870 2620 THREADORDER - ok
17:47:13.0886 2620 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:47:13.0886 2620 TrkWks - ok
17:47:13.0917 2620 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:47:13.0917 2620 TrustedInstaller - ok
17:47:13.0948 2620 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:47:13.0964 2620 tssecsrv - ok
17:47:13.0979 2620 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:47:13.0979 2620 TsUsbFlt - ok
17:47:14.0042 2620 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:47:14.0042 2620 tunnel - ok
17:47:14.0057 2620 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:47:14.0057 2620 uagp35 - ok
17:47:14.0073 2620 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:47:14.0073 2620 udfs - ok
17:47:14.0088 2620 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:47:14.0088 2620 UI0Detect - ok
17:47:14.0104 2620 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:47:14.0104 2620 uliagpkx - ok
17:47:14.0104 2620 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:47:14.0104 2620 umbus - ok
17:47:14.0135 2620 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:47:14.0135 2620 UmPass - ok
17:47:14.0166 2620 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:47:14.0166 2620 upnphost - ok
17:47:14.0198 2620 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:47:14.0198 2620 USBAAPL64 - ok
17:47:14.0244 2620 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:47:14.0244 2620 usbccgp - ok
17:47:14.0260 2620 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:47:14.0260 2620 usbcir - ok
17:47:14.0276 2620 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:47:14.0276 2620 usbehci - ok
17:47:14.0291 2620 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:47:14.0291 2620 usbhub - ok
17:47:14.0307 2620 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:47:14.0307 2620 usbohci - ok
17:47:14.0322 2620 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:47:14.0338 2620 usbprint - ok
17:47:14.0369 2620 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:47:14.0369 2620 usbscan - ok
17:47:14.0400 2620 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:47:14.0400 2620 USBSTOR - ok
17:47:14.0416 2620 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:47:14.0416 2620 usbuhci - ok
17:47:14.0447 2620 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:47:14.0447 2620 UxSms - ok
17:47:14.0463 2620 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:47:14.0463 2620 VaultSvc - ok
17:47:14.0463 2620 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:47:14.0463 2620 vdrvroot - ok
17:47:14.0494 2620 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:47:14.0494 2620 vds - ok
17:47:14.0510 2620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:47:14.0510 2620 vga - ok
17:47:14.0525 2620 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:47:14.0525 2620 VgaSave - ok
17:47:14.0541 2620 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:47:14.0556 2620 vhdmp - ok
17:47:14.0556 2620 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:47:14.0556 2620 viaide - ok
17:47:14.0572 2620 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:47:14.0572 2620 volmgr - ok
17:47:14.0603 2620 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:47:14.0603 2620 volmgrx - ok
17:47:14.0634 2620 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:47:14.0634 2620 volsnap - ok
17:47:14.0666 2620 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:47:14.0666 2620 vsmraid - ok
17:47:14.0728 2620 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:47:14.0759 2620 VSS - ok
17:47:14.0775 2620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:47:14.0775 2620 vwifibus - ok
17:47:14.0790 2620 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:47:14.0790 2620 W32Time - ok
17:47:14.0806 2620 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:47:14.0806 2620 WacomPen - ok
17:47:14.0822 2620 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:47:14.0837 2620 WANARP - ok
17:47:14.0837 2620 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:47:14.0837 2620 Wanarpv6 - ok
17:47:14.0884 2620 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:47:14.0915 2620 WatAdminSvc - ok
17:47:14.0946 2620 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:47:14.0978 2620 wbengine - ok
17:47:15.0009 2620 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:47:15.0024 2620 WbioSrvc - ok
17:47:15.0040 2620 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:47:15.0040 2620 wcncsvc - ok
17:47:15.0056 2620 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:47:15.0056 2620 WcsPlugInService - ok
17:47:15.0071 2620 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:47:15.0071 2620 Wd - ok
17:47:15.0087 2620 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:47:15.0087 2620 Wdf01000 - ok
17:47:15.0102 2620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:47:15.0102 2620 WdiServiceHost - ok
17:47:15.0118 2620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:47:15.0118 2620 WdiSystemHost - ok
17:47:15.0134 2620 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:47:15.0134 2620 WebClient - ok
17:47:15.0149 2620 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:47:15.0149 2620 Wecsvc - ok
17:47:15.0165 2620 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:47:15.0180 2620 wercplsupport - ok
17:47:15.0196 2620 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:47:15.0196 2620 WerSvc - ok
17:47:15.0212 2620 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:47:15.0212 2620 WfpLwf - ok
17:47:15.0212 2620 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:47:15.0212 2620 WIMMount - ok
17:47:15.0227 2620 WinDefend - ok
17:47:15.0243 2620 WinHttpAutoProxySvc - ok
17:47:15.0274 2620 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:47:15.0274 2620 Winmgmt - ok
17:47:15.0305 2620 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:47:15.0336 2620 WinRM - ok
17:47:15.0399 2620 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:47:15.0399 2620 WinUsb - ok
17:47:15.0430 2620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:47:15.0446 2620 Wlansvc - ok
17:47:15.0555 2620 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:47:15.0586 2620 wlidsvc - ok
17:47:15.0633 2620 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:47:15.0633 2620 WmiAcpi - ok
17:47:15.0648 2620 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:47:15.0648 2620 wmiApSrv - ok
17:47:15.0664 2620 WMPNetworkSvc - ok
17:47:15.0695 2620 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:47:15.0695 2620 WPCSvc - ok
17:47:15.0742 2620 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:47:15.0742 2620 WPDBusEnum - ok
17:47:15.0758 2620 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:47:15.0758 2620 ws2ifsl - ok
17:47:15.0773 2620 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:47:15.0773 2620 wscsvc - ok
17:47:15.0773 2620 WSearch - ok
17:47:15.0851 2620 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:47:15.0898 2620 wuauserv - ok
17:47:15.0929 2620 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:47:15.0929 2620 WudfPf - ok
17:47:15.0960 2620 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:47:15.0960 2620 WUDFRd - ok
17:47:16.0007 2620 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:47:16.0007 2620 wudfsvc - ok
17:47:16.0054 2620 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:47:16.0070 2620 WwanSvc - ok
17:47:16.0085 2620 ================ Scan global ===============================
17:47:16.0101 2620 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:47:16.0148 2620 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:47:16.0148 2620 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:47:16.0179 2620 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:47:16.0210 2620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:47:16.0210 2620 [Global] - ok
17:47:16.0210 2620 ================ Scan MBR ==================================
17:47:16.0226 2620 [ 53A07907223672AAB28EF91F078412C9 ] \Device\Harddisk0\DR0
17:47:16.0335 2620 \Device\Harddisk0\DR0 - ok
17:47:16.0335 2620 ================ Scan VBR ==================================
17:47:16.0350 2620 [ 93F06BE73C98D4D751B18F3EC798F724 ] \Device\Harddisk0\DR0\Partition1
17:47:16.0350 2620 \Device\Harddisk0\DR0\Partition1 - ok
17:47:16.0350 2620 [ 500652D97994ED70863BBFA5955F6A62 ] \Device\Harddisk0\DR0\Partition2
17:47:16.0350 2620 \Device\Harddisk0\DR0\Partition2 - ok
17:47:16.0382 2620 [ FE50FD29B2C1D146220A69FE0D4D3071 ] \Device\Harddisk0\DR0\Partition3
17:47:16.0382 2620 \Device\Harddisk0\DR0\Partition3 - ok
17:47:16.0382 2620 ============================================================
17:47:16.0382 2620 Scan finished
17:47:16.0382 2620 ============================================================
17:47:16.0397 3356 Detected object count: 0
17:47:16.0397 3356 Actual detected object count: 0



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 17:49:03
-----------------------------
17:49:03.371 OS Version: Windows x64 6.1.7601 Service Pack 1
17:49:03.371 Number of processors: 4 586 0x503
17:49:03.371 ComputerName: USER-HP UserName: user
17:49:07.288 Initialize success
17:49:07.350 AVAST engine defs: 12111301
17:49:17.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
17:49:17.631 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 3
17:49:17.631 Disk 0 MBR read successfully
17:49:17.631 Disk 0 MBR scan
17:49:17.646 Disk 0 unknown MBR code
17:49:17.646 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:49:17.646 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942533 MB offset 206848
17:49:17.678 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11247 MB offset 1930502144
17:49:17.709 Disk 0 scanning C:\Windows\system32\drivers
17:49:25.790 Service scanning
17:49:39.691 Modules scanning
17:49:39.691 Disk 0 trace - called modules:
17:49:39.707 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
17:49:39.707 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004725060]
17:49:39.707 3 CLASSPNP.SYS[fffff8800192543f] -> nt!IofCallDriver -> [0xfffffa8003696c10]
17:49:39.722 5 ACPI.sys[fffff88000f337a1] -> nt!IofCallDriver -> \Device\00000064[0xfffffa80044b6060]
17:49:40.721 AVAST engine scan C:\Windows
17:49:43.685 AVAST engine scan C:\Windows\system32
17:52:22.625 AVAST engine scan C:\Windows\system32\drivers
17:52:32.906 AVAST engine scan C:\Users\user
18:18:00.338 AVAST engine scan C:\ProgramData
18:21:33.467 Scan finished successfully
18:23:17.161 Disk 0 MBR has been saved successfully to "C:\Users\user\Downloads\MBR.dat"
18:23:17.161 The log file has been saved successfully to "C:\Users\user\Downloads\aswMBR.txt"
  • 0

#8
gringo_pr
Posted 14 November 2012 - 02:01 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I want you to run me a new OTL scan for me please


gringo
  • 1

#9
mmblvanna
Posted 15 November 2012 - 01:42 AM

mmblvanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
here ya go



OTL logfile created on: 11/15/2012 6:19:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 53.94% Memory free
8.00 Gb Paging File | 6.10 Gb Available in Paging File | 76.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.44 Gb Total Space | 124.05 Gb Free Space | 13.48% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/12 16:37:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2012/10/31 09:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 09:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/25 04:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 23:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/10/15 10:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/31 09:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/09/08 16:29:57 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/07/04 17:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/04 02:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/03/05 12:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 12:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/12 17:11:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/25 04:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/04 00:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/13 04:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 10:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/31 09:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/31 09:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/31 09:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/31 09:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/31 09:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/16 02:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/04 17:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 16:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 17:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 01:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011/12/08 15:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/23 03:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 08:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/01 21:16:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/15 09:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 09:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/12 19:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/04 22:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/18 09:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/16 01:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV - [2010/07/15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/09/16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{3765E138-6F23-4491-9F08-937AC5391C1C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CCAFB190-2D71-4AEB-A46B-E873C1F20946}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FE275E0F-F725-463F-A1A1-96FBF47D9195}: "URL" = http://au.search.yah...psg&type=CPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{3765E138-6F23-4491-9F08-937AC5391C1C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{CCAFB190-2D71-4AEB-A46B-E873C1F20946}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{FE275E0F-F725-463F-A1A1-96FBF47D9195}: "URL" = http://au.search.yah...psg&type=CPDTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{3765E138-6F23-4491-9F08-937AC5391C1C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{CCAFB190-2D71-4AEB-A46B-E873C1F20946}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{FE275E0F-F725-463F-A1A1-96FBF47D9195}: "URL" = http://au.search.yah...psg&type=CPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Chambers (UK)"
FF - prefs.js..browser.startup.homepage: "http://www.xbox360iso.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.9
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: [email protected]:4.0.2
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..extensions.enabledAddons: Noia4Options@ArisT2:1.7.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.40
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.6
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.16.0.3
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.6
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1474
FF - prefs.js..extensions.enabledAddons: [email protected]:3.8.23
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.20.3
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.556
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.556
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/09 14:09:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/05 10:58:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/07 17:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/05 11:07:07 | 000,000,000 | ---D | M]

[2011/05/18 21:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2012/11/15 18:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions
[2012/11/07 17:21:27 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/10/04 18:21:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/04 12:26:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/02 21:52:52 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/11/04 11:48:25 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/10/20 09:24:17 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/10/11 19:25:34 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/11/04 11:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\chrome\content\extensionCode
[2012/11/13 18:54:58 | 000,070,963 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/08/18 09:32:52 | 000,237,291 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/10/26 17:54:13 | 000,154,926 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/11/05 13:32:54 | 000,065,957 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/05/26 18:42:20 | 000,009,880 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/11/08 19:09:37 | 000,342,379 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/11/15 18:16:04 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/05 13:26:42 | 002,278,298 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2012/11/15 18:16:04 | 000,065,589 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/10/26 17:54:13 | 000,377,191 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/08/31 20:47:00 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/07/25 21:10:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/26 17:50:57 | 001,556,566 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2012/11/07 17:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/05 11:07:05 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/11/05 11:07:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/11/05 10:58:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/10/25 04:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/10 04:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/10/25 04:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/25 04:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: AVG Safe Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Coupon Companion = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\crossrider
CHR - Extension: Coupon Companion = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: OneClickDownload = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.1_0\

O1 HOSTS File: ([2012/11/13 21:57:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download with x-iphone-magic-platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Download with x-iphone-magic-platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7764AD97-E3EF-4470-9C26-51025DBBF768}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7764AD97-E3EF-4470-9C26-51025DBBF768}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/15 03:08:29 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 03:08:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/15 03:02:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/15 03:02:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/15 03:02:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/15 03:02:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/15 03:02:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/15 03:02:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/15 03:02:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/15 03:02:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/15 03:02:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/15 03:02:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/15 03:02:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/15 03:02:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/15 03:02:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/15 03:02:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/15 03:02:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/15 03:01:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/15 03:01:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/15 03:01:22 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/15 03:01:22 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/14 22:28:41 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/14 22:28:41 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/14 22:28:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/14 22:23:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/14 22:23:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/14 22:23:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/14 22:23:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/14 22:23:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/14 22:23:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/14 22:23:05 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/14 22:23:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/14 17:46:08 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/11/13 22:14:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/13 21:57:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/13 21:39:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/13 21:39:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/13 21:39:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/13 21:39:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/13 21:39:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/13 21:39:41 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/13 21:39:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/13 21:31:45 | 005,000,679 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/11/13 19:00:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2012/11/08 19:04:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/11/08 19:01:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/08 19:00:27 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/11/08 18:56:30 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/11/08 18:56:12 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/11/08 18:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/11/08 18:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/11/07 17:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/05 15:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/11/05 15:26:12 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/05 15:26:12 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/05 11:26:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/05 11:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/05 10:59:16 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/11/05 10:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/05 10:59:15 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/11/05 10:59:07 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/11/05 10:59:03 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/11/05 10:59:00 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/11/05 10:58:58 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/11/05 10:58:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/05 10:58:17 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/11/05 10:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/05 10:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/05 10:43:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2012/11/04 11:48:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Coupon Companion
[2012/11/04 11:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion
[2012/11/04 11:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/20 18:16:32 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/20 18:16:15 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2011/06/01 21:16:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/11/15 18:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 17:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 03:38:08 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/15 03:38:08 | 000,628,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/15 03:38:08 | 000,110,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/15 03:37:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 03:37:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 03:32:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 03:31:00 | 000,315,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/15 03:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 03:29:52 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/14 17:45:50 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/11/13 21:57:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/13 21:30:53 | 005,000,679 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/11/12 17:11:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/12 17:11:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/09 17:42:56 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuser.job
[2012/11/08 19:01:47 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/11/08 18:57:12 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-USER-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/11/08 18:56:05 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/11/08 04:35:41 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/07 17:08:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/05 10:59:16 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/05 10:58:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/31 09:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/31 09:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/31 09:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/31 09:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/31 09:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/31 09:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/31 09:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/31 09:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/20 18:16:05 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/20 18:16:04 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/10/20 18:16:04 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/10/20 18:16:04 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/20 18:16:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/20 18:16:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

========== Files Created - No Company Name ==========

[2012/11/15 03:08:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 03:01:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 21:39:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/13 21:39:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/13 21:39:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/13 21:39:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/13 21:39:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/08 18:57:12 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-USER-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/11/08 18:56:05 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/11/07 17:08:28 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/07 17:08:28 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/05 15:26:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 10:59:16 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/04 16:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/04 16:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/06/10 11:56:47 | 000,007,598 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2012/04/29 15:10:21 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/25 14:07:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/24 21:13:14 | 000,008,192 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 18:03:27 | 000,000,600 | ---- | C] () -- C:\Users\user\AppData\Roaming\winscp.rnd
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/13 09:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/17 21:48:32 | 000,000,000 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
[2011/06/13 10:07:42 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/06/13 10:07:42 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/06/13 10:07:42 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/06/13 10:07:42 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/06/13 10:07:42 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/06/12 17:54:30 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2011/06/12 17:54:30 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE
[2011/06/12 17:54:19 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/06/01 21:16:58 | 000,007,859 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2011/06/01 21:16:58 | 000,001,167 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf
[2011/06/01 21:11:28 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/05/22 18:21:21 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/07 00:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010/11/26 16:22:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:30FD0CBD

< End of report >
  • 0

#10
gringo_pr
Posted 15 November 2012 - 06:33 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O8:64bit: - Extra context menu item: Download with x-iphone-magic-platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Download with x-iphone-magic-platinum - C:\Program Files (x86)\Xilisoft\iPhone Magic Platinum\upod_link.HTM File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:30FD0CBD  
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.40
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
[2012/11/04 11:48:25 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]
[2012/11/04 11:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\chrome\content\extensionCode
[2012/11/04 11:48:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Coupon Companion
[2012/11/04 11:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion
:Files
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 1

Advertisements

#11
mmblvanna
Posted 17 November 2012 - 09:43 PM

mmblvanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hey gringo sorry, been away for a few days but i'm back


This has improved it way way way much better, its no longer lagging of pausing, it just need to be smoothed out now. you've made it much more better to watch and not be so fustrated!

If you can think of anything else i can do it would be much appreciated :thumbsup:

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with x-iphone-magic-platinum\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with x-iphone-magic-platinum\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:30FD0CBD deleted successfully.
Prefs.js: [email protected]:0.85.40 removed from extensions.enabledAddons
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\chrome\content\extensionCode folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected] folder moved successfully.
Folder C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5445xsfo.default\extensions\[email protected]\chrome\content\extensionCode\ not found.
C:\Users\user\AppData\Local\Coupon Companion\Chrome folder moved successfully.
C:\Users\user\AppData\Local\Coupon Companion folder moved successfully.
C:\Program Files (x86)\Coupon Companion folder moved successfully.
========== FILES ==========
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\js\lib folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\js\api folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\js folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\icons\actions folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\icons folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0 folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Downloads\cmd.bat deleted successfully.
C:\Users\user\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mcx1-USER-HP

User: Public

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-USER-HP
->Flash cache emptied: 0 bytes

User: Public

User: user
->Flash cache emptied: 1849 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11182012_142551
  • 0

#12
gringo_pr
Posted 17 November 2012 - 09:58 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
mmblvanna
Posted 17 November 2012 - 10:20 PM

mmblvanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
1ClickDownloader
abgx360 v1.0.5
Absolute MP3 Splitter version 2.8.1
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Agatha Christie - Death on the Nile
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
avast! Free Antivirus
AVI Joiner version 1.22
AVI to DVD Converter
Bejeweled 2 Deluxe
Belkin F5D8053 N Wireless USB Adapter
BigPond Broadband ADSL
BitTorrent
Blackhawk Striker 2
Blackhawk Striker 2 from WildTangent (remove only)
BoneTown
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.0
Chinese Simplified Fonts Support For Adobe Reader 9
Chuzzle Deluxe
CloneDVD2
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Dora's Carnival Adventure
Driver San Francisco
DVD Decrypter (Remove Only)
DVD Menu Pack for HP MediaSmart Video
EA Download Manager
EASEUS Partition Master 7.0.1 Professional
Escape Rosecliff Island
FATE
Final Drive Nitro
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Update Helper
Grand Theft Auto IV
Guitar Pro 6
Hewlett-Packard ACLM.NET v1.2.1.1
High-Definition Video Playback 10
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP Odometer
HP Product Detection
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
ImgBurn
iPhone Configuration Utility
Java 7 Update 9
Java Auto Updater
JDownloader
Jewel Quest - Heritage
Junk Mail filter update
Kobo
LabelPrint
Malwarebytes Anti-Malware version 1.65.1.1000
MarkelSoft Dupe Eliminator for iTunes 11.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Click-to-Run 2010
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Outlook 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NVIDIA ForceWare Network Access Manager
OpenOffice.org 3.2
PartitionMagic
PC Remote Controller version 2.36
PDF Complete Special Edition
Penguins!
PFConfig 1.0.296
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PowerISO
PowerQuest PartitionMagic 8.0 Demo
PressReader
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Remote PC Server
Safari
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Simple Port Forwarding
swMSM
Tweaking.com - Windows Repair (All in One)
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Virtual Villagers - The Secret City
Virtual Villagers The Secret City
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.7
WildGames
WildTangent Games App (HP Games)
WildTangent Web Driver
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Xilisoft iPhone Magic Platinum
Xilisoft iPhone Transfer
XLink Kai
Zinio Reader 4
Zuma Deluxe
  • 0

#14
gringo_pr
Posted 17 November 2012 - 10:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

1ClickDownloader
BitTorrent
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.




Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#15
mmblvanna
Posted 17 November 2012 - 11:15 PM

mmblvanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
i had no problems at all running these programs :happy:

and it keeps on getting better. :P




Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-HP [administrator]

Protection: Disabled

18/11/2012 3:46:16 PM
mbam-log-2012-11-18 (15-46-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228428
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:40 PM, on 18/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Users\user\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://10.0.0.138
O15 - ESC Trusted IP range: http://10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{7764AD97-E3EF-4470-9C26-51025DBBF768}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{7764AD97-E3EF-4470-9C26-51025DBBF768}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{7764AD97-E3EF-4470-9C26-51025DBBF768}: NameServer = 208.67.222.222,208.67.220.220
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9456 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP