Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer shuts down [Solved]

Started by JoPopey , Nov 18 2012 02:33 PM

  • This topic is locked This topic is locked

#1
JoPopey
Posted 18 November 2012 - 02:33 PM

JoPopey

    Member

  • Member
  • PipPipPip
  • 124 posts
My computer is shutting down and has been infected with something this is a log from OTL can anyone help? many thanks




OTL logfile created on: 18/11/2012 20:13:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.71% Memory free
3.87 Gb Paging File | 2.63 Gb Available in Paging File | 67.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 35.06 Gb Total Space | 7.31 Gb Free Space | 20.85% Space Free | Partition Type: NTFS
Drive D: | 113.89 Gb Total Space | 41.34 Gb Free Space | 36.30% Space Free | Partition Type: NTFS

Computer Name: JOPOPE-PC01 | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/18 20:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/11/13 17:07:26 | 000,638,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/11/06 13:51:42 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/11/06 11:53:10 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
PRC - [2012/10/31 22:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/10/16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/10/16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/09/19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/08 19:19:24 | 001,583,960 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/31 22:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 22:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 22:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 22:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 22:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 22:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/09/19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/06/16 17:54:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/11/08 16:24:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/10/16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/09/05 15:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/07/27 20:58:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\6073.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jo\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/11/13 17:07:42 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/11/13 17:07:41 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/11/13 17:07:41 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/06 11:23:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/28 07:33:49 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/19 13:54:52 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/01/09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/23 15:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/06/18 18:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...E&cr=2068767320
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=2068767320

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 A6 19 00 0F 6A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0AEADF14-F17C-4F00-BE2F-99194450DB7C}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{0B3C28E0-7C23-4167-A8B7-85D34F586D3A}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000015584b1524
IE - HKCU\..\SearchScopes\{16C71303-6956-47D8-B5C6-002F0605D5C8}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte...y={searchTerms}
IE - HKCU\..\SearchScopes\{95560BF3-6453-4704-BF91-1B25463ABE13}: "URL" = http://websearch.ask...81-6C3901274266
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-27 10:03:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=2068767320
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/08/30 09:00:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/30 15:54:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\oh0n0zvw.default\extensions\[email protected]

[2012/11/08 09:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/12 13:03:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/10/13 07:46:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/04/14 07:14:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/09/30 15:54:23 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/11/11 14:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/09/27 09:03:17 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/07 11:29:08 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/03/15 14:30:28 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: YouTube = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: Gmail = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/02/27 13:15:03 | 000,430,182 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14806 more lines...
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3028E9AA-0C2D-45B0-A428-1EDCE1C22515}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 16:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/11/16 16:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jo\DoctorWeb
[2012/11/12 11:32:04 | 000,000,000 | ---D | C] -- D:\Desktop\How To Straighten Rounded Shoulders - YouTube_files
[2012/11/12 11:09:35 | 000,000,000 | ---D | C] -- D:\Desktop\YTWL - Shoulder and Upper Back Exercise - YouTube_files
[2012/11/09 20:41:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\vlc
[2012/11/09 19:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/11/09 19:54:10 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Mozilla
[2012/11/09 19:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2012/11/09 12:01:15 | 000,000,000 | ---D | C] -- D:\Desktop\How To Avoid And Fix Swimming Shoulder Injuries_files
[2012/11/08 22:18:08 | 000,000,000 | ---D | C] -- D:\Desktop\P45 - Part 2 & 3_files
[2012/11/08 16:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/11/08 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/11/08 16:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/11/08 09:09:00 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2012/11/08 09:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2012/11/08 09:08:59 | 000,000,000 | ---D | C] -- D:\My Documents\PrintScreen Files
[2012/11/08 09:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2012/11/07 14:11:48 | 000,000,000 | ---D | C] -- D:\Desktop\Charity Jobs
[2012/11/06 17:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/06 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/06 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/11/06 13:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/11/06 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Avira
[2012/11/06 12:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/11/06 12:45:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\APN
[2012/11/06 12:42:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/11/06 12:42:37 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/06 12:42:37 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/06 12:42:37 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/06 12:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/11/06 12:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/11/06 12:04:48 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Avg2013
[2012/11/06 11:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/06 11:21:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/06 09:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Best Removal Tool
[2012/11/04 17:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/11/04 17:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2012/11/04 17:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\wxDownload
[2012/11/04 17:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDownload
[2012/11/01 14:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2012/11/01 14:17:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
[2012/11/01 13:44:15 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{297F0294-1462-4861-A3C6-D6E927FAD25C}
[2012/11/01 13:39:07 | 000,000,000 | ---D | C] -- D:\Desktop\Photos CV AD
[2012/10/30 21:18:24 | 000,000,000 | ---D | C] -- D:\Desktop\Career articles-tips
[2012/10/30 21:00:07 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Giant Savings
[2012/10/30 20:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2012/10/30 20:59:45 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\PDFConverterPackages
[2012/10/30 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2011/11/16 21:41:04 | 001,287,016 | ---- | C] (Microsoft Corporation) -- C:\Users\Jo\windowslivemoviemaker.exe
[2011/03/08 11:31:06 | 004,772,720 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Jo\BitTorrent-7.2.exe
[2011/03/08 11:28:55 | 000,396,152 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Jo\utorrent.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/18 19:58:05 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 19:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/18 19:24:27 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 19:24:27 | 000,013,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 19:17:23 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/18 19:16:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/18 16:33:47 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/11/17 21:03:00 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 40ae8614-bc43-467a-b727-debb5d34ee43.job
[2012/11/16 09:23:18 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/16 09:23:18 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/16 09:10:17 | 002,337,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/14 22:00:43 | 000,026,154 | ---- | M] () -- D:\Desktop\PBPP2FP - PRINCE2 ® 2009 Foundation and Practitioner.pdf
[2012/11/13 17:07:42 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/13 17:07:41 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/13 17:07:41 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/13 14:13:34 | 000,246,825 | ---- | M] () -- D:\Desktop\photo.htm
[2012/11/12 11:32:04 | 000,226,907 | ---- | M] () -- D:\Desktop\How To Straighten Rounded Shoulders - YouTube.htm
[2012/11/12 11:09:35 | 000,194,717 | ---- | M] () -- D:\Desktop\YTWL - Shoulder and Upper Back Exercise - YouTube.htm
[2012/11/12 10:14:24 | 000,254,133 | ---- | M] () -- D:\Desktop\PPMP2PP QA PRINCE2 Practitioner Pre-Reading Instructions v2.pdf
[2012/11/09 19:50:17 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/09 12:01:15 | 000,044,304 | ---- | M] () -- D:\Desktop\How To Avoid And Fix Swimming Shoulder Injuries.htm
[2012/11/09 11:51:39 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1fb31606-90ac-4dff-8e61-672ebb17f8cd.job
[2012/11/08 16:38:28 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/11/08 16:38:28 | 000,002,008 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/11/08 09:18:12 | 000,019,773 | ---- | M] () -- D:\Desktop\Wire-hairedFoxTerriers.JPG
[2012/11/06 17:58:45 | 000,025,876 | ---- | M] () -- D:\Desktop\cc_20121106_175823.reg
[2012/11/06 17:54:07 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/06 13:36:22 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/11/06 12:46:26 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/11/06 11:54:16 | 000,002,089 | ---- | M] () -- D:\Desktop\Google Chrome.lnk
[2012/11/06 11:48:40 | 000,334,707 | ---- | M] () -- D:\Desktop\bookmarks_06_11_2012.html
[2012/11/06 11:23:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/06 09:16:59 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2012/11/05 17:09:28 | 000,000,118 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/05 17:08:27 | 000,031,465 | ---- | M] () -- C:\Users\Jo\AppData\Local\funmoods.crx
[2012/11/01 14:24:40 | 000,004,798 | ---- | M] () -- D:\Desktop\Backdrops.spj
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/18 16:33:47 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/11/15 23:07:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 23:06:52 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/14 22:00:38 | 000,026,154 | ---- | C] () -- D:\Desktop\PBPP2FP - PRINCE2 ® 2009 Foundation and Practitioner.pdf
[2012/11/13 14:13:31 | 000,246,825 | ---- | C] () -- D:\Desktop\photo.htm
[2012/11/12 11:32:03 | 000,226,907 | ---- | C] () -- D:\Desktop\How To Straighten Rounded Shoulders - YouTube.htm
[2012/11/12 11:09:33 | 000,194,717 | ---- | C] () -- D:\Desktop\YTWL - Shoulder and Upper Back Exercise - YouTube.htm
[2012/11/12 10:14:23 | 000,254,133 | ---- | C] () -- D:\Desktop\PPMP2PP QA PRINCE2 Practitioner Pre-Reading Instructions v2.pdf
[2012/11/09 12:01:11 | 000,044,304 | ---- | C] () -- D:\Desktop\How To Avoid And Fix Swimming Shoulder Injuries.htm
[2012/11/08 16:24:50 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/11/08 16:24:50 | 000,002,008 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/11/08 09:18:12 | 000,019,773 | ---- | C] () -- D:\Desktop\Wire-hairedFoxTerriers.JPG
[2012/11/06 17:58:30 | 000,025,876 | ---- | C] () -- D:\Desktop\cc_20121106_175823.reg
[2012/11/06 17:54:07 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/06 13:36:43 | 000,000,504 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 40ae8614-bc43-467a-b727-debb5d34ee43.job
[2012/11/06 13:36:42 | 000,000,504 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 1fb31606-90ac-4dff-8e61-672ebb17f8cd.job
[2012/11/06 13:36:22 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/11/06 12:46:26 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/11/06 11:54:16 | 000,002,089 | ---- | C] () -- D:\Desktop\Google Chrome.lnk
[2012/11/06 11:48:39 | 000,334,707 | ---- | C] () -- D:\Desktop\bookmarks_06_11_2012.html
[2012/11/06 09:16:59 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2012/11/05 17:09:28 | 000,031,465 | ---- | C] () -- C:\Users\Jo\AppData\Local\funmoods.crx
[2012/11/05 17:09:28 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/01 14:24:40 | 000,004,798 | ---- | C] () -- D:\Desktop\Backdrops.spj
[2012/10/24 18:14:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 11:07:04 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/04/13 14:50:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/04/13 14:50:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/02/22 15:03:45 | 000,000,088 | ---- | C] () -- C:\Windows\MSREGUSR.INI
[2011/09/05 06:50:15 | 021,073,936 | ---- | C] () -- C:\Users\Jo\vlc-1.1.11-win32.exe
[2011/08/10 10:12:01 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/07/07 08:18:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/02 16:35:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2011/06/02 16:35:36 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini
[2011/05/01 16:25:21 | 000,062,349 | ---- | C] () -- C:\Users\Jo\RW1.jpg
[2011/03/07 20:14:01 | 000,020,480 | ---- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 17:24:55 | 000,000,224 | ---- | C] () -- C:\Windows\91NU.ini
[2011/02/22 17:14:05 | 000,001,809 | ---- | C] () -- C:\Windows\if42le.ini
[2011/02/22 17:14:05 | 000,000,299 | ---- | C] () -- C:\Windows\Pexplore.ini
[2011/02/22 17:10:42 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll
[2011/01/02 20:55:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 07:50:14 | 008,101,888 | ---- | C] () -- C:\Users\Jo\V92PCISL_Setup.exe

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/04 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AnvSoft
[2012/09/23 15:49:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG
[2010/10/18 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG10
[2012/02/07 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Babylon
[2012/11/06 17:57:00 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\BitTorrent
[2010/07/29 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Canneverbe Limited
[2011/11/10 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\com.spoce.PRINCE2EventPrep.607D1209833FBB41CF7E9FFB79F78DC1DBCDE874.1
[2011/01/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ConsumerSoft
[2012/03/16 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\DriverCure
[2012/11/18 16:05:07 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Dropbox
[2011/12/16 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ErrorTeck
[2012/03/16 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\GetRightToGo
[2011/05/01 16:28:54 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gtk-2.0
[2011/05/05 08:46:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\iExpert Software
[2011/08/10 09:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\IObit
[2011/12/16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Leadertech
[2011/12/16 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Memeo
[2012/06/24 21:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\NewSoft
[2012/09/22 13:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Nokia
[2011/03/04 18:39:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\OpenCandy
[2011/06/13 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PC Suite
[2012/10/30 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\PDFConverterPackages
[2010/09/01 13:14:18 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\QuitSmoking
[2010/08/30 10:47:23 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\QuitSmokingApp
[2010/08/28 20:08:08 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\QuitSmoking[1]
[2010/08/30 10:43:38 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\QuitSmoking[2]
[2011/05/13 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Smart PDF Creator
[2012/11/06 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SpeedyPC Software
[2012/09/22 13:03:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TeamViewer
[2012/09/22 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TuneUp Software
[2012/11/17 18:49:00 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\uTorrent
[2012/06/08 21:56:01 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Wise Registry Cleaner

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 19 November 2012 - 12:15 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
JoPopey
Posted 19 November 2012 - 10:17 AM

JoPopey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
This is the result of Security check screen 317, i have just run my Super anti spyware which removed 3 adware bugs

Thanks Gringo


Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SUPERAntiSpyware
TuneUp Utilities Language Pack (en-GB)
CCleaner
Wise Registry Cleaner 7.31
JavaFX 2.1.1
Java™ 6 Update 27
Java™ 6 Update 31
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader X (10.1.4)
Google Chrome 22.0.1229.96
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#4
JoPopey
Posted 19 November 2012 - 10:29 AM

JoPopey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
Hey Gringo two more reports, thanks so much for your help in advance..


RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jo [Admin rights]
Mode : Remove -- Date : 11/19/2012 16:27:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\MEMSWEEP2 (C:\Windows\system32\6073.tmp) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\MEMSWEEP2 (C:\Windows\system32\6073.tmp) -> DELETED
[TASK][SUSP PATH] {54504321-F71A-4991-B1EB-0343E780880E} : C:\Users\Jo\V92PCISL_Setup.exe -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x82E3F06D -> HOOKED (Unknown @ 0x8E8481EE)
SSDT[299] : NtRequestWaitReplyPort @ 0x82E59A63 -> HOOKED (Unknown @ 0x8E8481F8)
SSDT[316] : NtSetContextThread @ 0x82EF9745 -> HOOKED (Unknown @ 0x8E8481F3)
SSDT[347] : NtSetSecurityObject @ 0x82E1D742 -> HOOKED (Unknown @ 0x8E8481FD)
SSDT[368] : NtSystemDebugControl @ 0x82EA16BC -> HOOKED (Unknown @ 0x8E848202)
SSDT[370] : NtTerminateProcess @ 0x82E76BFB -> HOOKED (Unknown @ 0x8E84818F)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8E848216)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8E84821B)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD161HJ ATA Device +++++
--- User ---
[MBR] 7deebf12d198d3bc2ac6ac518087e61d
[BSP] ca07b0d23736edac83f88f6210dd1ff7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 35900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 73730048 | Size: 116625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11192012_02d1627.txt >>
RKreport[1]_S_11192012_02d1627.txt ; RKreport[2]_D_11192012_02d1627.txt

# AdwCleaner v2.008 - Logfile created 11/19/2012 at 16:19:47
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Jo - JOPOPE-PC01
# Boot Mode : Normal
# Running from : D:\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Jo\AppData\Local\funmoods.crx
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\TheBflix
Folder Deleted : C:\Users\Jo\AppData\Local\APN
Folder Deleted : C:\Users\Jo\AppData\Local\Babylon
Folder Deleted : C:\Users\Jo\AppData\Local\Conduit
Folder Deleted : C:\Users\Jo\AppData\Local\Giant Savings
Folder Deleted : C:\Users\Jo\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Jo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jo\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Jo\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jo\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyDyDzzyE0BtCyDtByEyBtBtBzztN0D0Tzu0CtAtCtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2068767320 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyDyDzzyE0BtCyDtByEyBtBtBzztN0D0Tzu0CtAtCtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2068767320 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14622 octets] - [19/11/2012 16:19:15]
AdwCleaner[S1].txt - [14364 octets] - [19/11/2012 16:19:47]

########## EOF - C:\AdwCleaner[S1].txt - [14425 octets] ##########
  • 0

#5
gringo_pr
Posted 19 November 2012 - 12:58 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello JoPopey

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#6
JoPopey
Posted 20 November 2012 - 03:40 AM

JoPopey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
Hi Gringo,

I have done what you suggested and this morning when my Super Anti Spyware checked the system it had nothing to remove, brilliant.
Here is the report from ComboFix, am hoping this is now fixed, thanks for all your help in advance.

ComboFix 12-11-19.02 - Jo 19/11/2012 22:22:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1982.1230 [GMT 0:00]
Running from: d:\desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jo\V92PCISL_Setup.exe
c:\users\Jo\vlc-1.1.11-win32.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))
.
.
2012-11-19 22:30 . 2012-11-19 22:32 -------- d-----w- c:\users\Jo\AppData\Local\temp
2012-11-19 16:32 . 2012-11-19 16:32 388096 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-19 16:32 . 2012-11-19 16:32 -------- d-----w- c:\program files\Trend Micro
2012-11-18 16:00 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-18 16:00 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-18 15:58 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-11-18 15:58 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-18 15:58 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-18 15:58 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-18 15:58 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-16 16:43 . 2012-11-16 17:20 -------- d-----w- c:\users\Jo\DoctorWeb
2012-11-15 23:07 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 23:07 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 23:07 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 22:39 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 22:39 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 22:39 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 22:39 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 22:39 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 22:39 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 22:39 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 22:39 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 22:39 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 22:39 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 22:39 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 22:39 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-09 20:41 . 2012-11-19 16:34 -------- d-----w- c:\users\Jo\AppData\Roaming\vlc
2012-11-09 19:54 . 2012-11-09 19:54 -------- d-----w- c:\programdata\Graboid Inc
2012-11-09 19:49 . 2012-11-09 19:59 -------- d-----w- c:\program files\Graboid
2012-11-08 09:08 . 2012-11-08 09:08 -------- d-----w- c:\program files\Gadwin Systems
2012-11-06 17:54 . 2012-11-06 17:54 -------- d-----w- c:\program files\CCleaner
2012-11-06 13:36 . 2012-11-06 13:36 -------- d-----w- c:\users\Jo\AppData\Roaming\SUPERAntiSpyware.com
2012-11-06 13:36 . 2012-11-06 13:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-06 12:42 . 2012-11-19 22:05 -------- d-----w- c:\programdata\Avira
2012-11-06 12:04 . 2012-11-06 12:04 -------- d-----w- c:\users\Jo\AppData\Local\Avg2013
2012-11-06 11:21 . 2012-11-06 11:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-06 09:16 . 2012-11-06 11:13 -------- d-----w- c:\program files\Best Removal Tool
2012-11-06 08:24 . 2012-11-06 09:15 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-04 17:33 . 2012-11-16 17:21 -------- d-----w- c:\program files\Optimizer Pro
2012-11-04 17:32 . 2012-11-04 17:33 -------- d-----w- c:\programdata\wxDownload
2012-11-01 14:17 . 2012-11-01 14:17 -------- d-----w- c:\program files\Microsoft Research
2012-10-30 20:59 . 2012-10-30 20:59 -------- d-----w- c:\program files\GPLGS
2012-10-30 20:59 . 2012-10-30 20:59 -------- d-----w- c:\users\Jo\AppData\Roaming\PDFConverterPackages
2012-10-30 20:59 . 2012-11-06 14:09 -------- d-----w- c:\program files\PDFCreator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 16:24 . 2012-04-25 12:31 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-08 16:24 . 2011-06-15 21:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 15:54 . 2010-07-29 14:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-30 15:54 . 2010-07-29 14:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-14 18:28 . 2012-10-10 07:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 07:58 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 07:58 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 07:58 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 09:13 . 2012-08-30 09:13 73728 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-08-30 09:13 . 2012-08-30 09:13 73728 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-08-30 09:13 . 2012-08-30 09:13 53248 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-08-30 09:13 . 2012-08-30 09:13 49152 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-08-30 09:13 . 2012-08-30 09:13 49152 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-08-24 16:57 . 2012-10-10 07:58 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 15:52 . 2012-11-18 15:59 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-08-22 17:16 . 2012-09-22 11:52 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-22 11:52 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-22 11:52 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1325" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Action Express (OpticBook 3600).lnk]
backup=c:\windows\pss\Action Express (OpticBook 3600).lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=c:\windows\pss\Device Detector 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2011-11-14 23:15 197288 ----a-w- c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2012-05-30 06:08 1842384 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 06:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-30 15:54 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 08:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Jo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Memeo AutoSync"=c:\program files\Memeo\AutoSync\MemeoLauncher2.exe --silent
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 16:24]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 12:37]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 12:37]
.
2012-11-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1fb31606-90ac-4dff-8e61-672ebb17f8cd.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 40ae8614-bc43-467a-b727-debb5d34ee43.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Toolbar-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)
MSConfigStartUp-AdobeBridge - c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
AddRemove-Adobe Connect Add-in - c:\users\Jo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3248)
c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-11-19 22:36:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-19 22:36
.
Pre-Run: 7,669,481,472 bytes free
Post-Run: 8,169,795,584 bytes free
.
- - End Of File - - A7D892D2323D4B2F5A33BE4FED6D83B1
  • 0

#7
JoPopey
Posted 20 November 2012 - 07:20 AM

JoPopey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
Hi Gringo, Just logged on again and Anti Spyware had got another 3 Ad-ware threats !! urghhh thought I would update you. Thanks in asdvance
  • 0

#8
gringo_pr
Posted 20 November 2012 - 11:43 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#9
JoPopey
Posted 21 November 2012 - 05:03 AM

JoPopey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
Hi Gringo here are the reports, thanks for your continued help.

10:40:41.0494 3300 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:40:41.0916 3300 ============================================================
10:40:41.0916 3300 Current date / time: 2012/11/21 10:40:41.0916
10:40:41.0916 3300 SystemInfo:
10:40:41.0916 3300
10:40:41.0916 3300 OS Version: 6.1.7601 ServicePack: 1.0
10:40:41.0916 3300 Product type: Workstation
10:40:41.0916 3300 ComputerName: JOPOPE-PC01
10:40:41.0916 3300 UserName: Jo
10:40:41.0916 3300 Windows directory: C:\Windows
10:40:41.0916 3300 System windows directory: C:\Windows
10:40:41.0916 3300 Processor architecture: Intel x86
10:40:41.0916 3300 Number of processors: 2
10:40:41.0916 3300 Page size: 0x1000
10:40:41.0916 3300 Boot type: Normal boot
10:40:41.0916 3300 ============================================================
10:40:44.0587 3300 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
10:40:44.0603 3300 ============================================================
10:40:44.0603 3300 \Device\Harddisk0\DR0:
10:40:44.0603 3300 MBR partitions:
10:40:44.0603 3300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:40:44.0603 3300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x461E000
10:40:44.0603 3300 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4650800, BlocksNum 0xE3C8800
10:40:44.0603 3300 ============================================================
10:40:44.0666 3300 C: <-> \Device\Harddisk0\DR0\Partition2
10:40:44.0712 3300 D: <-> \Device\Harddisk0\DR0\Partition3
10:40:44.0712 3300 ============================================================
10:40:44.0712 3300 Initialize success
10:40:44.0712 3300 ============================================================
10:40:46.0259 3308 ============================================================
10:40:46.0259 3308 Scan started
10:40:46.0259 3308 Mode: Manual;
10:40:46.0259 3308 ============================================================
10:40:47.0150 3308 ================ Scan system memory ========================
10:40:47.0150 3308 System memory - ok
10:40:47.0150 3308 ================ Scan services =============================
10:40:47.0259 3308 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:40:47.0259 3308 !SASCORE - ok
10:40:47.0431 3308 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:40:47.0431 3308 1394ohci - ok
10:40:47.0462 3308 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:40:47.0462 3308 ACPI - ok
10:40:47.0478 3308 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:40:47.0478 3308 AcpiPmi - ok
10:40:47.0494 3308 adfs - ok
10:40:47.0619 3308 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:40:47.0619 3308 AdobeARMservice - ok
10:40:47.0728 3308 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:40:47.0728 3308 AdobeFlashPlayerUpdateSvc - ok
10:40:47.0775 3308 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:40:47.0791 3308 adp94xx - ok
10:40:47.0822 3308 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:40:47.0822 3308 adpahci - ok
10:40:47.0853 3308 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:40:47.0853 3308 adpu320 - ok
10:40:47.0900 3308 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:40:47.0900 3308 AeLookupSvc - ok
10:40:47.0947 3308 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
10:40:47.0947 3308 AFD - ok
10:40:48.0009 3308 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:40:48.0009 3308 agp440 - ok
10:40:48.0025 3308 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
10:40:48.0025 3308 aic78xx - ok
10:40:48.0166 3308 [ 7997B6F02CBDA0E31FA18CC85871B938 ] ALCXWDM C:\Windows\system32\drivers\RTKVAC.SYS
10:40:48.0212 3308 ALCXWDM - ok
10:40:48.0244 3308 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
10:40:48.0244 3308 ALG - ok
10:40:48.0259 3308 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
10:40:48.0275 3308 aliide - ok
10:40:48.0291 3308 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:40:48.0291 3308 amdagp - ok
10:40:48.0322 3308 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
10:40:48.0322 3308 amdide - ok
10:40:48.0369 3308 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:40:48.0369 3308 AmdK8 - ok
10:40:48.0384 3308 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:40:48.0384 3308 AmdPPM - ok
10:40:48.0416 3308 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:40:48.0431 3308 amdsata - ok
10:40:48.0447 3308 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:40:48.0447 3308 amdsbs - ok
10:40:48.0478 3308 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:40:48.0478 3308 amdxata - ok
10:40:48.0509 3308 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
10:40:48.0525 3308 AppID - ok
10:40:48.0541 3308 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:40:48.0541 3308 AppIDSvc - ok
10:40:48.0572 3308 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
10:40:48.0587 3308 Appinfo - ok
10:40:48.0619 3308 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
10:40:48.0619 3308 AppMgmt - ok
10:40:48.0650 3308 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:40:48.0650 3308 arc - ok
10:40:48.0666 3308 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:40:48.0666 3308 arcsas - ok
10:40:48.0775 3308 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
10:40:48.0775 3308 aswFsBlk - ok
10:40:48.0837 3308 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:40:48.0837 3308 aswMonFlt - ok
10:40:48.0900 3308 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
10:40:48.0900 3308 aswRdr - ok
10:40:48.0947 3308 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:40:48.0947 3308 aswSnx - ok
10:40:48.0994 3308 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:40:48.0994 3308 aswSP - ok
10:40:49.0025 3308 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
10:40:49.0025 3308 aswTdi - ok
10:40:49.0041 3308 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:49.0041 3308 AsyncMac - ok
10:40:49.0087 3308 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
10:40:49.0087 3308 atapi - ok
10:40:49.0134 3308 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:40:49.0150 3308 AudioEndpointBuilder - ok
10:40:49.0166 3308 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:40:49.0181 3308 Audiosrv - ok
10:40:49.0259 3308 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:40:49.0259 3308 avast! Antivirus - ok
10:40:49.0291 3308 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:40:49.0306 3308 AxInstSV - ok
10:40:49.0353 3308 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
10:40:49.0353 3308 b06bdrv - ok
10:40:49.0384 3308 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:40:49.0384 3308 b57nd60x - ok
10:40:49.0431 3308 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
10:40:49.0431 3308 BDESVC - ok
10:40:49.0462 3308 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
10:40:49.0462 3308 Beep - ok
10:40:49.0509 3308 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
10:40:49.0525 3308 BFE - ok
10:40:49.0572 3308 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
10:40:49.0587 3308 BITS - ok
10:40:49.0619 3308 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:49.0619 3308 blbdrive - ok
10:40:49.0650 3308 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:40:49.0650 3308 bowser - ok
10:40:49.0681 3308 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:40:49.0681 3308 BrFiltLo - ok
10:40:49.0712 3308 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:40:49.0712 3308 BrFiltUp - ok
10:40:49.0775 3308 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:40:49.0775 3308 BridgeMP - ok
10:40:49.0822 3308 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
10:40:49.0822 3308 Browser - ok
10:40:49.0900 3308 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:40:49.0900 3308 Brserid - ok
10:40:49.0916 3308 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:49.0916 3308 BrSerWdm - ok
10:40:49.0947 3308 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:49.0947 3308 BrUsbMdm - ok
10:40:49.0962 3308 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:49.0962 3308 BrUsbSer - ok
10:40:49.0994 3308 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:40:50.0009 3308 BTHMODEM - ok
10:40:50.0087 3308 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
10:40:50.0087 3308 bthserv - ok
10:40:50.0212 3308 catchme - ok
10:40:50.0244 3308 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:40:50.0244 3308 cdfs - ok
10:40:50.0275 3308 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:40:50.0275 3308 cdrom - ok
10:40:50.0306 3308 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
10:40:50.0306 3308 CertPropSvc - ok
10:40:50.0353 3308 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:40:50.0353 3308 circlass - ok
10:40:50.0384 3308 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
10:40:50.0384 3308 CLFS - ok
10:40:50.0431 3308 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:50.0447 3308 clr_optimization_v2.0.50727_32 - ok
10:40:50.0509 3308 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:50.0525 3308 clr_optimization_v4.0.30319_32 - ok
10:40:50.0541 3308 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:40:50.0541 3308 CmBatt - ok
10:40:50.0556 3308 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:40:50.0572 3308 cmdide - ok
10:40:50.0603 3308 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
10:40:50.0603 3308 CNG - ok
10:40:50.0666 3308 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:40:50.0666 3308 Compbatt - ok
10:40:50.0681 3308 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:40:50.0681 3308 CompositeBus - ok
10:40:50.0697 3308 COMSysApp - ok
10:40:50.0712 3308 cpuz132 - ok
10:40:50.0759 3308 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:40:50.0759 3308 crcdisk - ok
10:40:50.0806 3308 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:40:50.0806 3308 CryptSvc - ok
10:40:50.0853 3308 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
10:40:50.0853 3308 CSC - ok
10:40:50.0884 3308 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
10:40:50.0884 3308 CscService - ok
10:40:50.0916 3308 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
10:40:50.0931 3308 DcomLaunch - ok
10:40:50.0962 3308 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:40:50.0962 3308 defragsvc - ok
10:40:50.0994 3308 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:40:50.0994 3308 DfsC - ok
10:40:51.0009 3308 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:40:51.0025 3308 Dhcp - ok
10:40:51.0056 3308 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
10:40:51.0056 3308 discache - ok
10:40:51.0072 3308 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:40:51.0072 3308 Disk - ok
10:40:51.0119 3308 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:40:51.0119 3308 Dnscache - ok
10:40:51.0166 3308 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
10:40:51.0166 3308 dot3svc - ok
10:40:51.0197 3308 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
10:40:51.0212 3308 DPS - ok
10:40:51.0244 3308 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:40:51.0244 3308 drmkaud - ok
10:40:51.0291 3308 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:40:51.0306 3308 DXGKrnl - ok
10:40:51.0337 3308 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
10:40:51.0353 3308 EapHost - ok
10:40:51.0447 3308 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
10:40:51.0494 3308 ebdrv - ok
10:40:51.0541 3308 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
10:40:51.0541 3308 EFS - ok
10:40:51.0603 3308 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:40:51.0603 3308 ehRecvr - ok
10:40:51.0634 3308 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
10:40:51.0634 3308 ehSched - ok
10:40:51.0681 3308 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:40:51.0697 3308 elxstor - ok
10:40:51.0712 3308 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:40:51.0728 3308 ErrDev - ok
10:40:51.0775 3308 esgiguard - ok
10:40:51.0837 3308 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
10:40:51.0853 3308 EventSystem - ok
10:40:51.0869 3308 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
10:40:51.0869 3308 exfat - ok
10:40:51.0884 3308 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:40:51.0884 3308 fastfat - ok
10:40:51.0931 3308 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
10:40:51.0947 3308 Fax - ok
10:40:51.0962 3308 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:40:51.0962 3308 fdc - ok
10:40:51.0978 3308 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
10:40:51.0978 3308 fdPHost - ok
10:40:51.0994 3308 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
10:40:51.0994 3308 FDResPub - ok
10:40:52.0025 3308 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:40:52.0025 3308 FileInfo - ok
10:40:52.0041 3308 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:40:52.0056 3308 Filetrace - ok
10:40:52.0072 3308 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:40:52.0072 3308 flpydisk - ok
10:40:52.0103 3308 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:40:52.0103 3308 FltMgr - ok
10:40:52.0150 3308 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
10:40:52.0150 3308 FontCache - ok
10:40:52.0228 3308 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:40:52.0228 3308 FontCache3.0.0.0 - ok
10:40:52.0244 3308 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:40:52.0244 3308 FsDepends - ok
10:40:52.0275 3308 [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:40:52.0275 3308 fssfltr - ok
10:40:52.0400 3308 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:40:52.0416 3308 fsssvc - ok
10:40:52.0462 3308 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:40:52.0462 3308 Fs_Rec - ok
10:40:52.0494 3308 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:40:52.0509 3308 fvevol - ok
10:40:52.0541 3308 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:40:52.0541 3308 gagp30kx - ok
10:40:52.0587 3308 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
10:40:52.0587 3308 gpsvc - ok
10:40:52.0650 3308 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:40:52.0650 3308 gupdate - ok
10:40:52.0666 3308 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:40:52.0666 3308 gupdatem - ok
10:40:52.0681 3308 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:40:52.0681 3308 hcw85cir - ok
10:40:52.0744 3308 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:40:52.0744 3308 HDAudBus - ok
10:40:52.0759 3308 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:40:52.0759 3308 HidBatt - ok
10:40:52.0775 3308 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:40:52.0775 3308 HidBth - ok
10:40:52.0791 3308 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:40:52.0791 3308 HidIr - ok
10:40:52.0822 3308 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
10:40:52.0837 3308 hidserv - ok
10:40:52.0853 3308 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:40:52.0853 3308 HidUsb - ok
10:40:52.0900 3308 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:40:52.0900 3308 hkmsvc - ok
10:40:52.0931 3308 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:40:52.0931 3308 HomeGroupListener - ok
10:40:52.0978 3308 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:40:52.0978 3308 HomeGroupProvider - ok
10:40:53.0009 3308 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:40:53.0009 3308 HpSAMD - ok
10:40:53.0056 3308 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:40:53.0072 3308 HTTP - ok
10:40:53.0103 3308 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:40:53.0103 3308 hwpolicy - ok
10:40:53.0119 3308 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:40:53.0134 3308 i8042prt - ok
10:40:53.0150 3308 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:40:53.0166 3308 iaStorV - ok
10:40:53.0244 3308 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:40:53.0259 3308 idsvc - ok
10:40:53.0275 3308 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:40:53.0291 3308 iirsp - ok
10:40:53.0337 3308 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
10:40:53.0353 3308 IKEEXT - ok
10:40:53.0384 3308 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
10:40:53.0384 3308 intelide - ok
10:40:53.0400 3308 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:40:53.0400 3308 intelppm - ok
10:40:53.0447 3308 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:40:53.0447 3308 IPBusEnum - ok
10:40:53.0462 3308 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:53.0478 3308 IpFilterDriver - ok
10:40:53.0525 3308 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:40:53.0525 3308 iphlpsvc - ok
10:40:53.0572 3308 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:40:53.0587 3308 IPMIDRV - ok
10:40:53.0603 3308 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:40:53.0619 3308 IPNAT - ok
10:40:53.0650 3308 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:40:53.0650 3308 IRENUM - ok
10:40:53.0697 3308 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:40:53.0697 3308 isapnp - ok
10:40:53.0791 3308 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:40:53.0837 3308 iScsiPrt - ok
10:40:53.0900 3308 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:40:53.0900 3308 kbdclass - ok
10:40:53.0931 3308 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:40:53.0947 3308 kbdhid - ok
10:40:53.0978 3308 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
10:40:53.0978 3308 KeyIso - ok
10:40:54.0041 3308 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:40:54.0041 3308 KSecDD - ok
10:40:54.0087 3308 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:40:54.0087 3308 KSecPkg - ok
10:40:54.0134 3308 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
10:40:54.0150 3308 KtmRm - ok
10:40:54.0181 3308 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
10:40:54.0197 3308 LanmanServer - ok
10:40:54.0228 3308 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:40:54.0244 3308 LanmanWorkstation - ok
10:40:54.0400 3308 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
10:40:54.0400 3308 Lavasoft Kernexplorer - ok
10:40:54.0447 3308 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:40:54.0447 3308 lltdio - ok
10:40:54.0478 3308 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:40:54.0494 3308 lltdsvc - ok
10:40:54.0509 3308 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
10:40:54.0509 3308 lmhosts - ok
10:40:54.0556 3308 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:40:54.0556 3308 LSI_FC - ok
10:40:54.0587 3308 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:40:54.0587 3308 LSI_SAS - ok
10:40:54.0603 3308 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:40:54.0603 3308 LSI_SAS2 - ok
10:40:54.0634 3308 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:40:54.0634 3308 LSI_SCSI - ok
10:40:54.0650 3308 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
10:40:54.0666 3308 luafv - ok
10:40:54.0744 3308 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
10:40:54.0744 3308 MBAMSwissArmy - ok
10:40:54.0775 3308 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:40:54.0791 3308 Mcx2Svc - ok
10:40:54.0900 3308 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:40:54.0916 3308 MDM - ok
10:40:54.0947 3308 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:40:54.0947 3308 megasas - ok
10:40:54.0978 3308 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:40:54.0978 3308 MegaSR - ok
10:40:55.0056 3308 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:40:55.0056 3308 Microsoft Office Groove Audit Service - ok
10:40:55.0087 3308 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
10:40:55.0103 3308 MMCSS - ok
10:40:55.0119 3308 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
10:40:55.0119 3308 Modem - ok
10:40:55.0134 3308 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:40:55.0134 3308 monitor - ok
10:40:55.0166 3308 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
10:40:55.0166 3308 mouclass - ok
10:40:55.0197 3308 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:40:55.0197 3308 mouhid - ok
10:40:55.0228 3308 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:40:55.0228 3308 mountmgr - ok
10:40:55.0259 3308 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
10:40:55.0275 3308 mpio - ok
10:40:55.0291 3308 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:40:55.0291 3308 mpsdrv - ok
10:40:55.0353 3308 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:40:55.0353 3308 MpsSvc - ok
10:40:55.0400 3308 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:40:55.0400 3308 MRxDAV - ok
10:40:55.0447 3308 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:55.0447 3308 mrxsmb - ok
10:40:55.0478 3308 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:55.0494 3308 mrxsmb10 - ok
10:40:55.0494 3308 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:55.0494 3308 mrxsmb20 - ok
10:40:55.0525 3308 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
10:40:55.0525 3308 msahci - ok
10:40:55.0556 3308 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:40:55.0556 3308 msdsm - ok
10:40:55.0572 3308 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
10:40:55.0587 3308 MSDTC - ok
10:40:55.0603 3308 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:40:55.0619 3308 Msfs - ok
10:40:55.0634 3308 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:40:55.0634 3308 mshidkmdf - ok
10:40:55.0666 3308 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:40:55.0666 3308 msisadrv - ok
10:40:55.0697 3308 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:40:55.0697 3308 MSiSCSI - ok
10:40:55.0712 3308 msiserver - ok
10:40:55.0728 3308 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:40:55.0728 3308 MSKSSRV - ok
10:40:55.0759 3308 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:55.0759 3308 MSPCLOCK - ok
10:40:55.0806 3308 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:40:55.0806 3308 MSPQM - ok
10:40:55.0837 3308 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:40:55.0837 3308 MsRPC - ok
10:40:55.0853 3308 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:40:55.0853 3308 mssmbios - ok
10:40:55.0869 3308 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:40:55.0869 3308 MSTEE - ok
10:40:55.0900 3308 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:40:55.0900 3308 MTConfig - ok
10:40:55.0916 3308 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
10:40:55.0916 3308 Mup - ok
10:40:55.0947 3308 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
10:40:55.0962 3308 napagent - ok
10:40:55.0994 3308 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:40:55.0994 3308 NativeWifiP - ok
10:40:56.0041 3308 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:40:56.0041 3308 NDIS - ok
10:40:56.0072 3308 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:56.0072 3308 NdisCap - ok
10:40:56.0087 3308 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:56.0087 3308 NdisTapi - ok
10:40:56.0119 3308 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:56.0119 3308 Ndisuio - ok
10:40:56.0166 3308 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:56.0166 3308 NdisWan - ok
10:40:56.0197 3308 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:40:56.0197 3308 NDProxy - ok
10:40:56.0212 3308 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:40:56.0228 3308 NetBIOS - ok
10:40:56.0259 3308 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:40:56.0259 3308 NetBT - ok
10:40:56.0275 3308 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
10:40:56.0291 3308 Netlogon - ok
10:40:56.0322 3308 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
10:40:56.0337 3308 Netman - ok
10:40:56.0353 3308 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
10:40:56.0353 3308 netprofm - ok
10:40:56.0384 3308 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:40:56.0384 3308 NetTcpPortSharing - ok
10:40:56.0400 3308 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:40:56.0400 3308 nfrd960 - ok
10:40:56.0431 3308 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
10:40:56.0447 3308 NlaSvc - ok
10:40:56.0494 3308 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
10:40:56.0494 3308 NMSAccessU - ok
10:40:56.0556 3308 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
10:40:56.0556 3308 nmwcd - ok
10:40:56.0603 3308 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
10:40:56.0603 3308 nmwcdc - ok
10:40:56.0619 3308 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:40:56.0619 3308 Npfs - ok
10:40:56.0650 3308 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
10:40:56.0666 3308 nsi - ok
10:40:56.0681 3308 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:40:56.0681 3308 nsiproxy - ok
10:40:56.0791 3308 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:40:56.0806 3308 Ntfs - ok
10:40:56.0837 3308 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
10:40:56.0837 3308 Null - ok
10:40:56.0853 3308 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:40:56.0853 3308 nvraid - ok
10:40:56.0884 3308 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:40:56.0884 3308 nvstor - ok
10:40:56.0900 3308 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:40:56.0916 3308 nv_agp - ok
10:40:56.0978 3308 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:40:56.0978 3308 odserv - ok
10:40:56.0994 3308 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:40:56.0994 3308 ohci1394 - ok
10:40:57.0041 3308 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:40:57.0041 3308 ose - ok
10:40:57.0087 3308 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:40:57.0103 3308 p2pimsvc - ok
10:40:57.0119 3308 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
10:40:57.0134 3308 p2psvc - ok
10:40:57.0150 3308 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:40:57.0150 3308 Parport - ok
10:40:57.0166 3308 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:40:57.0166 3308 partmgr - ok
10:40:57.0181 3308 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:40:57.0181 3308 Parvdm - ok
10:40:57.0212 3308 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:40:57.0212 3308 PcaSvc - ok
10:40:57.0244 3308 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
10:40:57.0244 3308 pccsmcfd - ok
10:40:57.0275 3308 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
10:40:57.0275 3308 pci - ok
10:40:57.0291 3308 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
10:40:57.0291 3308 pciide - ok
10:40:57.0322 3308 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:40:57.0322 3308 pcmcia - ok
10:40:57.0337 3308 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
10:40:57.0337 3308 pcw - ok
10:40:57.0369 3308 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:40:57.0384 3308 PEAUTH - ok
10:40:57.0416 3308 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:40:57.0431 3308 PeerDistSvc - ok
10:40:57.0525 3308 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
10:40:57.0541 3308 pla - ok
10:40:57.0587 3308 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:40:57.0603 3308 PlugPlay - ok
10:40:57.0634 3308 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:40:57.0634 3308 PNRPAutoReg - ok
10:40:57.0650 3308 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:40:57.0666 3308 PNRPsvc - ok
10:40:57.0697 3308 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:40:57.0697 3308 PolicyAgent - ok
10:40:57.0759 3308 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
10:40:57.0775 3308 Power - ok
10:40:57.0806 3308 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:40:57.0822 3308 PptpMiniport - ok
10:40:57.0837 3308 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:40:57.0837 3308 Processor - ok
10:40:57.0869 3308 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
10:40:57.0884 3308 ProfSvc - ok
10:40:57.0900 3308 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:40:57.0900 3308 ProtectedStorage - ok
10:40:57.0947 3308 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:40:57.0947 3308 Psched - ok
10:40:57.0978 3308 [ 81088114178112618B1C414A65E50F7C ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
10:40:57.0978 3308 PxHelp20 - ok
10:40:58.0025 3308 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:40:58.0056 3308 ql2300 - ok
10:40:58.0087 3308 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:40:58.0087 3308 ql40xx - ok
10:40:58.0119 3308 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
10:40:58.0119 3308 QWAVE - ok
10:40:58.0134 3308 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:40:58.0134 3308 QWAVEdrv - ok
10:40:58.0166 3308 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:40:58.0166 3308 RasAcd - ok
10:40:58.0197 3308 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:40:58.0197 3308 RasAgileVpn - ok
10:40:58.0197 3308 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
10:40:58.0212 3308 RasAuto - ok
10:40:58.0228 3308 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:40:58.0228 3308 Rasl2tp - ok
10:40:58.0275 3308 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
10:40:58.0275 3308 RasMan - ok
10:40:58.0306 3308 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:40:58.0306 3308 RasPppoe - ok
10:40:58.0322 3308 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:40:58.0322 3308 RasSstp - ok
10:40:58.0353 3308 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:40:58.0353 3308 rdbss - ok
10:40:58.0384 3308 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:40:58.0384 3308 rdpbus - ok
10:40:58.0416 3308 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:40:58.0416 3308 RDPCDD - ok
10:40:58.0447 3308 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:40:58.0462 3308 RDPDR - ok
10:40:58.0478 3308 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:40:58.0478 3308 RDPENCDD - ok
10:40:58.0494 3308 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:40:58.0494 3308 RDPREFMP - ok
10:40:58.0556 3308 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:40:58.0556 3308 RdpVideoMiniport - ok
10:40:58.0603 3308 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:40:58.0603 3308 RDPWD - ok
10:40:58.0634 3308 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:40:58.0634 3308 rdyboost - ok
10:40:58.0666 3308 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
10:40:58.0681 3308 RemoteAccess - ok
10:40:58.0712 3308 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:40:58.0728 3308 RemoteRegistry - ok
10:40:58.0744 3308 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:40:58.0744 3308 RpcEptMapper - ok
10:40:58.0791 3308 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
10:40:58.0791 3308 RpcLocator - ok
10:40:58.0822 3308 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
10:40:58.0837 3308 RpcSs - ok
10:40:58.0853 3308 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:40:58.0853 3308 rspndr - ok
10:40:58.0900 3308 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
10:40:58.0916 3308 RTL8167 - ok
10:40:58.0947 3308 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:40:58.0947 3308 s3cap - ok
10:40:58.0978 3308 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
10:40:58.0978 3308 SamSs - ok
10:40:59.0041 3308 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:40:59.0041 3308 SASDIFSV - ok
10:40:59.0103 3308 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:40:59.0103 3308 SASKUTIL - ok
10:40:59.0134 3308 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:40:59.0134 3308 sbp2port - ok
10:40:59.0166 3308 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:40:59.0181 3308 SCardSvr - ok
10:40:59.0197 3308 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:40:59.0212 3308 scfilter - ok
10:40:59.0259 3308 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
10:40:59.0275 3308 Schedule - ok
10:40:59.0291 3308 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:40:59.0306 3308 SCPolicySvc - ok
10:40:59.0337 3308 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:40:59.0353 3308 SDRSVC - ok
10:40:59.0384 3308 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:40:59.0384 3308 secdrv - ok
10:40:59.0400 3308 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
10:40:59.0400 3308 seclogon - ok
10:40:59.0416 3308 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
10:40:59.0431 3308 SENS - ok
10:40:59.0462 3308 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:40:59.0462 3308 SensrSvc - ok
10:40:59.0478 3308 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:40:59.0478 3308 Serenum - ok
10:40:59.0509 3308 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:40:59.0509 3308 Serial - ok
10:40:59.0525 3308 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:40:59.0525 3308 sermouse - ok
10:40:59.0541 3308 ServiceLayer - ok
10:40:59.0603 3308 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
10:40:59.0619 3308 SessionEnv - ok
10:40:59.0650 3308 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:40:59.0650 3308 sffdisk - ok
10:40:59.0666 3308 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:40:59.0666 3308 sffp_mmc - ok
10:40:59.0697 3308 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:40:59.0697 3308 sffp_sd - ok
10:40:59.0712 3308 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:40:59.0728 3308 sfloppy - ok
10:40:59.0791 3308 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:40:59.0806 3308 SharedAccess - ok
10:40:59.0837 3308 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:40:59.0837 3308 ShellHWDetection - ok
10:40:59.0853 3308 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:40:59.0853 3308 sisagp - ok
10:40:59.0884 3308 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:40:59.0884 3308 SiSRaid2 - ok
10:40:59.0900 3308 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:40:59.0900 3308 SiSRaid4 - ok
10:40:59.0962 3308 [ 4AA2772A355226E9AC96D01BA431D253 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
10:40:59.0962 3308 SmartDefragDriver - ok
10:40:59.0994 3308 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:40:59.0994 3308 Smb - ok
10:41:00.0025 3308 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:41:00.0041 3308 SNMPTRAP - ok
10:41:00.0056 3308 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
10:41:00.0056 3308 spldr - ok
10:41:00.0087 3308 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
10:41:00.0103 3308 Spooler - ok
10:41:00.0212 3308 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
10:41:00.0244 3308 sppsvc - ok
10:41:00.0291 3308 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:41:00.0291 3308 sppuinotify - ok
10:41:00.0337 3308 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:41:00.0337 3308 srv - ok
10:41:00.0353 3308 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:41:00.0353 3308 srv2 - ok
10:41:00.0384 3308 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:41:00.0384 3308 srvnet - ok
10:41:00.0416 3308 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:41:00.0416 3308 SSDPSRV - ok
10:41:00.0447 3308 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:41:00.0462 3308 SstpSvc - ok
10:41:00.0494 3308 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
10:41:00.0494 3308 StarOpen - ok
10:41:00.0541 3308 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:41:00.0541 3308 stexstor - ok
10:41:00.0572 3308 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
10:41:00.0587 3308 StiSvc - ok
10:41:00.0619 3308 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:41:00.0634 3308 storflt - ok
10:41:00.0666 3308 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
10:41:00.0666 3308 StorSvc - ok
10:41:00.0697 3308 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:41:00.0697 3308 storvsc - ok
10:41:00.0791 3308 [ 2AA2D356CB735CD3CCA9F671BD75C9B5 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
10:41:00.0791 3308 SWDUMon - ok
10:41:00.0806 3308 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
10:41:00.0806 3308 swenum - ok
10:41:00.0869 3308 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
10:41:00.0884 3308 swprv - ok
10:41:01.0009 3308 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
10:41:01.0025 3308 SysMain - ok
10:41:01.0056 3308 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:41:01.0072 3308 TabletInputService - ok
10:41:01.0119 3308 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
10:41:01.0119 3308 TapiSrv - ok
10:41:01.0134 3308 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
10:41:01.0150 3308 TBS - ok
10:41:01.0212 3308 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:41:01.0228 3308 Tcpip - ok
10:41:01.0259 3308 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:41:01.0259 3308 TCPIP6 - ok
10:41:01.0291 3308 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:41:01.0291 3308 tcpipreg - ok
10:41:01.0337 3308 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:41:01.0337 3308 TDPIPE - ok
10:41:01.0384 3308 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:41:01.0384 3308 TDTCP - ok
10:41:01.0416 3308 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:41:01.0416 3308 tdx - ok
10:41:01.0431 3308 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:41:01.0431 3308 TermDD - ok
10:41:01.0478 3308 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
10:41:01.0494 3308 TermService - ok
10:41:01.0509 3308 TfFsMon - ok
10:41:01.0525 3308 TfNetMon - ok
10:41:01.0556 3308 TfSysMon - ok
10:41:01.0587 3308 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
10:41:01.0587 3308 Themes - ok
10:41:01.0603 3308 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
10:41:01.0603 3308 THREADORDER - ok
10:41:01.0619 3308 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
10:41:01.0634 3308 TrkWks - ok
10:41:01.0650 3308 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:41:01.0666 3308 TrustedInstaller - ok
10:41:01.0681 3308 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:41:01.0681 3308 tssecsrv - ok
10:41:01.0775 3308 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:41:01.0775 3308 TsUsbFlt - ok
10:41:01.0806 3308 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:41:01.0822 3308 tunnel - ok
10:41:01.0853 3308 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:41:01.0853 3308 uagp35 - ok
10:41:01.0869 3308 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:41:01.0869 3308 udfs - ok
10:41:01.0900 3308 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:41:01.0916 3308 UI0Detect - ok
10:41:01.0931 3308 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:41:01.0947 3308 uliagpkx - ok
10:41:01.0962 3308 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
10:41:01.0962 3308 umbus - ok
10:41:01.0994 3308 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:41:01.0994 3308 UmPass - ok
10:41:02.0041 3308 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
10:41:02.0041 3308 UmRdpService - ok
10:41:02.0072 3308 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
10:41:02.0087 3308 upnphost - ok
10:41:02.0119 3308 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
10:41:02.0119 3308 upperdev - ok
10:41:02.0150 3308 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:41:02.0166 3308 usbccgp - ok
10:41:02.0181 3308 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:41:02.0181 3308 usbcir - ok
10:41:02.0197 3308 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:41:02.0197 3308 usbehci - ok
10:41:02.0228 3308 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:41:02.0228 3308 usbhub - ok
10:41:02.0244 3308 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:41:02.0244 3308 usbohci - ok
10:41:02.0259 3308 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:41:02.0259 3308 usbprint - ok
10:41:02.0306 3308 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:41:02.0306 3308 usbscan - ok
10:41:02.0337 3308 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
10:41:02.0337 3308 usbser - ok
10:41:02.0400 3308 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
10:41:02.0400 3308 UsbserFilt - ok
10:41:02.0416 3308 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:41:02.0416 3308 USBSTOR - ok
10:41:02.0431 3308 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:41:02.0431 3308 usbuhci - ok
10:41:02.0462 3308 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
10:41:02.0462 3308 UxSms - ok
10:41:02.0509 3308 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
10:41:02.0509 3308 VaultSvc - ok
10:41:02.0525 3308 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:41:02.0525 3308 vdrvroot - ok
10:41:02.0572 3308 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
10:41:02.0587 3308 vds - ok
10:41:02.0619 3308 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:41:02.0619 3308 vga - ok
10:41:02.0634 3308 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:41:02.0634 3308 VgaSave - ok
10:41:02.0666 3308 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:41:02.0666 3308 vhdmp - ok
10:41:02.0681 3308 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:41:02.0697 3308 viaagp - ok
10:41:02.0712 3308 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
10:41:02.0728 3308 ViaC7 - ok
10:41:02.0775 3308 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
10:41:02.0775 3308 viaide - ok
10:41:02.0806 3308 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:41:02.0806 3308 vmbus - ok
10:41:02.0822 3308 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:41:02.0822 3308 VMBusHID - ok
10:41:02.0853 3308 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:41:02.0853 3308 volmgr - ok
10:41:02.0884 3308 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:41:02.0884 3308 volmgrx - ok
10:41:02.0900 3308 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:41:02.0900 3308 volsnap - ok
10:41:02.0931 3308 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:41:02.0931 3308 vsmraid - ok
10:41:02.0994 3308 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
10:41:03.0009 3308 VSS - ok
10:41:03.0025 3308 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:41:03.0025 3308 vwifibus - ok
10:41:03.0087 3308 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
10:41:03.0103 3308 W32Time - ok
10:41:03.0119 3308 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:41:03.0119 3308 WacomPen - ok
10:41:03.0166 3308 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:41:03.0166 3308 WANARP - ok
10:41:03.0166 3308 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:41:03.0166 3308 Wanarpv6 - ok
10:41:03.0244 3308 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:41:03.0259 3308 WatAdminSvc - ok
10:41:03.0322 3308 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
10:41:03.0337 3308 wbengine - ok
10:41:03.0369 3308 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:41:03.0384 3308 WbioSrvc - ok
10:41:03.0416 3308 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:41:03.0416 3308 wcncsvc - ok
10:41:03.0447 3308 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:41:03.0447 3308 WcsPlugInService - ok
10:41:03.0478 3308 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:41:03.0478 3308 Wd - ok
10:41:03.0525 3308 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:41:03.0525 3308 Wdf01000 - ok
10:41:03.0541 3308 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:41:03.0556 3308 WdiServiceHost - ok
10:41:03.0556 3308 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:41:03.0572 3308 WdiSystemHost - ok
10:41:03.0603 3308 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
10:41:03.0619 3308 WebClient - ok
10:41:03.0634 3308 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:41:03.0650 3308 Wecsvc - ok
10:41:03.0666 3308 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:41:03.0681 3308 wercplsupport - ok
10:41:03.0697 3308 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
10:41:03.0697 3308 WerSvc - ok
10:41:03.0759 3308 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:41:03.0759 3308 WfpLwf - ok
10:41:03.0775 3308 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:41:03.0791 3308 WIMMount - ok
10:41:03.0853 3308 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:41:03.0853 3308 WinDefend - ok
10:41:03.0869 3308 WinHttpAutoProxySvc - ok
10:41:03.0931 3308 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:41:03.0931 3308 Winmgmt - ok
10:41:03.0994 3308 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
10:41:04.0009 3308 WinRM - ok
10:41:04.0072 3308 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:41:04.0072 3308 WinUsb - ok
10:41:04.0119 3308 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:41:04.0134 3308 Wlansvc - ok
10:41:04.0244 3308 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:41:04.0259 3308 wlidsvc - ok
10:41:04.0291 3308 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:41:04.0291 3308 WmiAcpi - ok
10:41:04.0322 3308 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:41:04.0322 3308 wmiApSrv - ok
10:41:04.0400 3308 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:41:04.0416 3308 WMPNetworkSvc - ok
10:41:04.0447 3308 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:41:04.0447 3308 WPCSvc - ok
10:41:04.0494 3308 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:41:04.0494 3308 WPDBusEnum - ok
10:41:04.0525 3308 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:41:04.0525 3308 ws2ifsl - ok
10:41:04.0541 3308 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
10:41:04.0556 3308 wscsvc - ok
10:41:04.0572 3308 WSearch - ok
10:41:04.0650 3308 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:41:04.0681 3308 wuauserv - ok
10:41:04.0712 3308 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:41:04.0712 3308 WudfPf - ok
10:41:04.0759 3308 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:41:04.0759 3308 WUDFRd - ok
10:41:04.0791 3308 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:41:04.0791 3308 wudfsvc - ok
10:41:04.0822 3308 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:41:04.0837 3308 WwanSvc - ok
10:41:04.0853 3308 ================ Scan global ===============================
10:41:04.0884 3308 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:41:04.0931 3308 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
10:41:04.0947 3308 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
10:41:04.0994 3308 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:41:05.0009 3308 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:41:05.0025 3308 [Global] - ok
10:41:05.0025 3308 ================ Scan MBR ==================================
10:41:05.0041 3308 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:41:05.0275 3308 \Device\Harddisk0\DR0 - ok
10:41:05.0275 3308 ================ Scan VBR ==================================
10:41:05.0291 3308 [ 0776EEB5EB9E047297EA1721A3E98997 ] \Device\Harddisk0\DR0\Partition1
10:41:05.0291 3308 \Device\Harddisk0\DR0\Partition1 - ok
10:41:05.0306 3308 [ BA4D6C38D4BD31276EDB45BFF4FF9FEB ] \Device\Harddisk0\DR0\Partition2
10:41:05.0306 3308 \Device\Harddisk0\DR0\Partition2 - ok
10:41:05.0322 3308 [ 50965858DB26105402B979755A265D7F ] \Device\Harddisk0\DR0\Partition3
10:41:05.0322 3308 \Device\Harddisk0\DR0\Partition3 - ok
10:41:05.0322 3308 ============================================================
10:41:05.0322 3308 Scan finished
10:41:05.0322 3308 ============================================================
10:41:05.0337 0616 Detected object count: 0
10:41:05.0337 0616 Actual detected object count: 0
10:41:33.0931 2356 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-21 10:41:39
-----------------------------
10:41:39.346 OS Version: Windows 6.1.7601 Service Pack 1
10:41:39.346 Number of processors: 2 586 0x407
10:41:39.346 ComputerName: JOPOPE-PC01 UserName: Jo
10:41:40.768 Initialize success
10:41:41.487 AVAST engine defs: 12112100
10:41:48.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:41:48.583 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-19 Size: 152627MB BusType: 3
10:41:48.599 Disk 0 MBR read successfully
10:41:48.615 Disk 0 MBR scan
10:41:48.615 Disk 0 Windows 7 default MBR code
10:41:48.630 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:41:48.646 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 35900 MB offset 206848
10:41:48.677 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 116625 MB offset 73730048
10:41:48.693 Disk 0 scanning sectors +312578048
10:41:48.740 Disk 0 scanning C:\Windows\system32\drivers
10:41:57.271 Service scanning
10:42:17.646 Modules scanning
10:42:23.583 Disk 0 trace - called modules:
10:42:23.615 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll viaide.sys PCIIDEX.SYS atapi.sys
10:42:23.630 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85df2030]
10:42:23.630 3 CLASSPNP.SYS[83bc359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85038908]
10:42:23.927 AVAST engine scan C:\Windows
10:42:25.941 AVAST engine scan C:\Windows\system32
10:45:49.083 AVAST engine scan C:\Windows\system32\drivers
10:46:20.044 AVAST engine scan C:\Users\Jo
10:50:55.205 AVAST engine scan C:\ProgramData
10:54:58.299 Disk 0 MBR has been saved successfully to "D:\Desktop\MBR.dat"
10:54:58.315 The log file has been saved successfully to "D:\Desktop\aswMBR.txt"
  • 0

#10
gringo_pr
Posted 21 November 2012 - 11:39 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

Advertisements

#11
JoPopey
Posted 22 November 2012 - 02:26 AM

JoPopey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
Hi Gringo,

Where do I find CFScript ? sorry if this is a really simple question !!

Thanks
  • 0

#12
gringo_pr
Posted 22 November 2012 - 02:34 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
you have to make it


start with open notepad



1. open notepad

2. copy and paste ClearJavaCache:: into the notepad

3. Save it to your desktop as CFScript.txt

4. look at the picture and it will show you how I want you to drag and drop it onto the combofix icon
  • 0

#13
JoPopey
Posted 22 November 2012 - 02:37 AM

JoPopey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
Cheers Gringo
  • 0

#14
gringo_pr
Posted 22 November 2012 - 02:46 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
:thumbsup:
  • 1

#15
JoPopey
Posted 22 November 2012 - 04:10 AM

JoPopey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 124 posts
Hi Gringo,

Computer seems to be ok at the moment, it hasn't shut down yet, it did yesterday.

here is the report, thanks in advance!


ComboFix 12-11-21.01 - Jo 22/11/2012 9:23.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1982.910 [GMT 0:00]
Running from: d:\desktop\ComboFix.exe
Command switches used :: d:\desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-22 09:33 . 2012-11-22 09:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-21 15:37 . 2012-08-21 13:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-21 15:36 . 2012-11-21 15:36 -------- d-----w- c:\program files\iPod
2012-11-21 15:36 . 2012-11-21 15:37 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-21 15:36 . 2012-11-21 15:37 -------- d-----w- c:\program files\iTunes
2012-11-21 15:34 . 2012-11-21 15:34 -------- d-----w- c:\program files\Bonjour
2012-11-21 15:34 . 2012-11-21 15:36 -------- d-----w- c:\program files\Common Files\Apple
2012-11-21 09:46 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-21 09:46 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-21 09:46 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-21 09:46 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-21 09:46 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-21 09:46 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-21 09:45 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-21 09:45 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-21 09:45 . 2012-11-21 09:45 -------- d-----w- c:\programdata\AVAST Software
2012-11-21 09:45 . 2012-11-21 09:45 -------- d-----w- c:\program files\AVAST Software
2012-11-19 22:30 . 2012-11-22 09:33 -------- d-----w- c:\users\Jo\AppData\Local\temp
2012-11-19 16:32 . 2012-11-19 16:32 388096 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-19 16:32 . 2012-11-19 16:32 -------- d-----w- c:\program files\Trend Micro
2012-11-18 16:00 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-18 16:00 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-18 15:58 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-11-18 15:58 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-18 15:58 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-18 15:58 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-18 15:58 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-16 16:43 . 2012-11-16 17:20 -------- d-----w- c:\users\Jo\DoctorWeb
2012-11-15 23:07 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 23:07 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 23:07 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 22:39 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 22:39 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 22:39 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 22:39 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 22:39 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 22:39 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 22:39 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 22:39 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 22:39 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 22:39 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 22:39 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 22:39 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-09 20:41 . 2012-11-19 16:34 -------- d-----w- c:\users\Jo\AppData\Roaming\vlc
2012-11-09 19:54 . 2012-11-09 19:54 -------- d-----w- c:\programdata\Graboid Inc
2012-11-09 19:49 . 2012-11-09 19:59 -------- d-----w- c:\program files\Graboid
2012-11-08 09:08 . 2012-11-08 09:08 -------- d-----w- c:\program files\Gadwin Systems
2012-11-06 17:54 . 2012-11-06 17:54 -------- d-----w- c:\program files\CCleaner
2012-11-06 13:36 . 2012-11-06 13:36 -------- d-----w- c:\users\Jo\AppData\Roaming\SUPERAntiSpyware.com
2012-11-06 13:36 . 2012-11-06 13:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-06 12:42 . 2012-11-21 09:22 -------- d-----w- c:\programdata\Avira
2012-11-06 12:04 . 2012-11-06 12:04 -------- d-----w- c:\users\Jo\AppData\Local\Avg2013
2012-11-06 11:21 . 2012-11-06 11:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-06 09:16 . 2012-11-06 11:13 -------- d-----w- c:\program files\Best Removal Tool
2012-11-06 08:24 . 2012-11-06 09:15 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-04 17:33 . 2012-11-16 17:21 -------- d-----w- c:\program files\Optimizer Pro
2012-11-04 17:32 . 2012-11-04 17:33 -------- d-----w- c:\programdata\wxDownload
2012-11-01 14:17 . 2012-11-01 14:17 -------- d-----w- c:\program files\Microsoft Research
2012-10-30 20:59 . 2012-10-30 20:59 -------- d-----w- c:\program files\GPLGS
2012-10-30 20:59 . 2012-10-30 20:59 -------- d-----w- c:\users\Jo\AppData\Roaming\PDFConverterPackages
2012-10-30 20:59 . 2012-11-06 14:09 -------- d-----w- c:\program files\PDFCreator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 16:24 . 2012-04-25 12:31 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-08 16:24 . 2011-06-15 21:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 15:54 . 2010-07-29 14:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-30 15:54 . 2010-07-29 14:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-14 18:28 . 2012-10-10 07:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 07:58 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 07:58 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 07:58 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 09:13 . 2012-08-30 09:13 73728 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-08-30 09:13 . 2012-08-30 09:13 73728 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-08-30 09:13 . 2012-08-30 09:13 53248 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2012-08-30 09:13 . 2012-08-30 09:13 49152 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-08-30 09:13 . 2012-08-30 09:13 49152 ----a-r- c:\users\Jo\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-08-24 16:57 . 2012-10-10 07:58 172544 ----a-w- c:\windows\system32\wintrust.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1325" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Action Express (OpticBook 3600).lnk]
backup=c:\windows\pss\Action Express (OpticBook 3600).lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=c:\windows\pss\Device Detector 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2011-11-14 23:15 197288 ----a-w- c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2012-05-30 06:08 1842384 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 06:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-30 15:54 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 08:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Jo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Memeo AutoSync"=c:\program files\Memeo\AutoSync\MemeoLauncher2.exe --silent
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 16:24]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 12:37]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 12:37]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1592)
c:\users\Jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-11-22 09:36:57
ComboFix-quarantined-files.txt 2012-11-22 09:36
ComboFix2.txt 2012-11-22 09:00
ComboFix3.txt 2012-11-19 22:36
.
Pre-Run: 6,584,889,344 bytes free
Post-Run: 6,540,591,104 bytes free
.
- - End Of File - - A50FBFAA1EDC5F4C63E18F165294C183
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP