Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Torn TV and Babylon Toolbar [Closed]


  • This topic is locked This topic is locked

#1
riptidegarou

riptidegarou

    Member

  • Member
  • PipPip
  • 24 posts
Good day, guys, this is my first time here and I hope you can help me.

Just a few hours ago I noticed that my browser kept redirecting to Babylon and that I had some weird "watch TV app" called Torn TV.

I went through Chrome's usual disable/remove plugins to remove the 2. Then I use the add/remove program function over at the control panel. I noticed something shortly after: each time that I'd try to login to Y1Messenger, I'd get a dialogue box saying that it needs to close. This has NEVER happened to me before. Hope you can help me.

Here's the log thingy.

Please disregard any grammatical mistakes I may have made; I am sooo sleepy...

OTL Extras logfile created on: 11/21/2012 10:46:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Macky\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.09 Gb Available Physical Memory | 4.60% Memory free
3.35 Gb Paging File | 0.99 Gb Available in Paging File | 29.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 0.72 Gb Free Space | 0.97% Space Free | Partition Type: NTFS

Computer Name: MACKY-4B5CD3E5C | User Name: Macky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58874:TCP" = 58874:TCP:*:Enabled:Pando Media Booster
"58874:UDP" = 58874:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"58874:TCP" = 58874:TCP:*:Enabled:Pando Media Booster
"58874:UDP" = 58874:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Valve\Half-Life\hl.exe" = C:\Program Files\Valve\Half-Life\hl.exe:*:Enabled:Half-Life Launcher
"E:\Half-Life 2\hl2.exe" = E:\Half-Life 2\hl2.exe:*:Enabled:hl2
"C:\Program Files\Nokia\Ovi\Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Ovi\Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite -- (Nokia)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\Macky\My Documents\Mack's Stuff\Cryptload\RouterClient.exe" = C:\Documents and Settings\Macky\My Documents\Mack's Stuff\Cryptload\RouterClient.exe:*:Enabled:RouterClient -- (http://cryptload.info)
"C:\Documents and Settings\Macky\My Documents\Mack's Stuff\Cryptload\CryptLoad.exe" = C:\Documents and Settings\Macky\My Documents\Mack's Stuff\Cryptload\CryptLoad.exe:*:Enabled:CryptLoad -- (http://cryptload.info)
"I:\vdani.pif" = I:\vdani.pif:*:Enabled:ipsec
"C:\Program Files\AVG\AVG8\avgscanx.exe" = C:\Program Files\AVG\AVG8\avgscanx.exe:*:Enabled:ipsec
"C:\Program Files\AVG\AVG8\avgui.exe" = C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:ipsec
"C:\PROGRA~1\AVG\AVG8\avgtray.exe" = C:\PROGRA~1\AVG\AVG8\avgtray.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.exe" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\nView\nwiz.exe" = C:\Program Files\NVIDIA Corporation\nView\nwiz.exe:*:Enabled:ipsec -- ()
"C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe" = C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe:*:Enabled:ipsec
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe:*:Enabled:ipsec
"C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" = C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\WINDOWS\system32\RUNDLL32.EXE" = C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\WINDOWS\system32\nwiz.exe" = C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec
"C:\Program Files\AVG\AVG8\avgcsrvx.exe" = C:\Program Files\AVG\AVG8\avgcsrvx.exe:*:Enabled:ipsec -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe:*:Enabled:ipsec
"C:\Program Files\iTunes\iTunesHelper.exe" = C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec -- (Apple Inc.)
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe:*:Enabled:ipsec -- (Cyberlink Corp.)
"C:\WINDOWS\system32\ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\WINDOWS\RTHDCPL.EXE" = C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ipsec -- (Realtek Semiconductor Corp.)
"C:\WINDOWS\system32\conime.exe" = C:\WINDOWS\system32\conime.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\Macky\LOCALS~1\Temp\winqbjyrg.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\winqbjyrg.exe:*:Enabled:ipsec
"C:\DOCUME~1\Macky\LOCALS~1\Temp\winqkhokm.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\winqkhokm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Macky\LOCALS~1\Temp\winrnpfc.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\winrnpfc.exe:*:Enabled:ipsec
"C:\DOCUME~1\Macky\LOCALS~1\Temp\winbjndla.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\winbjndla.exe:*:Enabled:ipsec
"C:\DOCUME~1\Macky\LOCALS~1\Temp\winloxi.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\winloxi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Macky\LOCALS~1\Temp\gtkiv.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\gtkiv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Macky\LOCALS~1\Temp\winhfpgkj.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\winhfpgkj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Macky\LOCALS~1\Temp\isgfpn.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\isgfpn.exe:*:Enabled:ipsec
"C:\DOCUME~1\Macky\LOCALS~1\Temp\wingxrvc.exe" = C:\DOCUME~1\Macky\LOCALS~1\Temp\wingxrvc.exe:*:Enabled:ipsec
"C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" = C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe:*:Enabled:ipsec -- (Nokia)
"C:\PROGRA~1\AVG\AVG9\avgtray.exe" = C:\PROGRA~1\AVG\AVG9\avgtray.exe:*:Enabled:ipsec
"C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe" = C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:*:Enabled:Games for Windows - LIVE -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\Macky\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Macky\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16C426FC-B3A4-41B8-9BED-BDAB6836F54D}" = OSU-gt RC8
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 30
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31187E06-E131-4709-9285-7D105D77AA89}" = Components Setup
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
"{4F20D582-C7F8-46D3-907C-F99741B11D36}" = System Requirements Lab
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A445377-87B3-43DA-A130-5D38D29B8EC5}" = ATLAS V11.0
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7D1FA102-9B90-48B0-8DF8-735BBA5F4093}" = Driver Updater Pro
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A5742726-2180-4253-83A7-53558486A7A2}" = IM Magician
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABEC4C47-2E98-49BF-AF8E-06316B6B2BB9}" = AVG 2012
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5264B25-8908-49BB-A708-5A70DFBF8094}" = Nokia Ovi Suite
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA524348-59A6-437A-A4FB-25080BDEFCD6}" = VP-EYE
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDDEE95D-0671-4A38-AAF3-2A7D5801B323}" = Components Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA679D8-5216-4E10-B7D3-BA4033A6991E}" = i80 Setup Utility
"{D3656CE3-0F62-447F-AEF3-9BF29B6197D9}" = Nokia Photos
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED1674F5-5165-49BF-B546-AE5343111540}" = WebCam
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J125
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF34EA62-92C1-41E6-BA64-B2B7ECB53737}" = Nokia Ovi System Utilities
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"AnyDVD" = AnyDVD
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"Azureus Vuze" = Azureus Vuze
"CANONBJ_Deinstall_CNMCP5u.DLL" = Canon i80
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 7.19.7.12
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Updater Pro" = Driver Updater Pro
"eMule" = eMule
"FLV Direct Player" = FLV Direct Player
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Freecorder5.04" = Freecorder 5
"Globe Broadband" = Globe Broadband
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"iSkysoft Video Converter_is1" = iSkysoft Video Converter(Build 2.3.2.1)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)
"LimeWire" = LimeWire PRO 4.18.8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroRecode!UninstallKey" = Nero Recode CE
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3016
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TheBestSpinner" = TheBestSpinner
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"vRy_-_MHx-VA" = LoudMo Contextual Ad Assistant
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2012 5:39:03 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 11.5.0.228, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2012 5:39:05 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Hang | ID = 1001
Description = Fault bucket -1295839447.

Error - 11/21/2012 5:43:37 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.5.0.228, faulting
module wininet.dll, version 6.0.2900.5835, fault address 0x00005e16.

Error - 11/21/2012 5:59:37 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Error | ID = 1000
Description = Faulting application Ad-Watch2007.exe, version 7.0.2.6, faulting module
AWRegWatchDLL.dll, version 7.0.1.4, fault address 0x00012d8d.

Error - 11/21/2012 10:34:33 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Error | ID = 1000
Description = Faulting application yahoom~1.exe, version 11.5.0.228, faulting module
wininet.dll, version 6.0.2900.5835, fault address 0x00005e16.

Error - 11/21/2012 10:34:58 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.5.0.228, faulting
module wininet.dll, version 6.0.2900.5835, fault address 0x00005e16.

Error - 11/21/2012 10:35:52 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Error | ID = 1001
Description = Fault bucket -1288904429.

Error - 11/21/2012 10:36:06 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 11.5.0.228, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2012 10:37:02 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Hang | ID = 1001
Description = Fault bucket -1295839447.

Error - 11/21/2012 10:40:08 AM | Computer Name = MACKY-4B5CD3E5C | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 11.5.0.228, faulting
module wininet.dll, version 6.0.2900.5835, fault address 0x00005e16.

[ System Events ]
Error - 11/15/2012 12:45:18 PM | Computer Name = MACKY-4B5CD3E5C | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 11/15/2012 12:45:32 PM | Computer Name = MACKY-4B5CD3E5C | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 11/15/2012 12:45:33 PM | Computer Name = MACKY-4B5CD3E5C | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 11/15/2012 12:45:33 PM | Computer Name = MACKY-4B5CD3E5C | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 11/16/2012 9:52:33 AM | Computer Name = MACKY-4B5CD3E5C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling
Engine service to connect.

Error - 11/16/2012 9:52:33 AM | Computer Name = MACKY-4B5CD3E5C | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 11/16/2012 11:45:05 PM | Computer Name = MACKY-4B5CD3E5C | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 11/19/2012 7:42:59 PM | Computer Name = MACKY-4B5CD3E5C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LogMeIn Hamachi Tunneling
Engine service to connect.

Error - 11/19/2012 7:42:59 PM | Computer Name = MACKY-4B5CD3E5C | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 11/20/2012 10:44:40 AM | Computer Name = MACKY-4B5CD3E5C | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {2692A9D5-61DF-46D5-A5A1-A6CCA921D578}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Apple Software
Update\SoftwareUpdate.exe" -Embedding


< End of report >

Edited by riptidegarou, 21 November 2012 - 09:35 AM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hey there, Gringo, thanks for the welcome. :thumbsup:

I'm starting the process now. Will update as I go along.

Security Check:

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Java™ 6 Update 30
Java™ 6 Update 3
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.1.53.64 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.0.19) Firefox out of Date!
Mozilla Thunderbird (3.1.9) Thunderbird out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#4
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
AdwCleaner:

# AdwCleaner v2.008 - Logfile created 11/22/2012 at 08:16:55
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Macky - MACKY-4B5CD3E5C
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Macky\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Browser Manager
Deleted on reboot : C:\Documents and Settings\Macky\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\searchplugins\browsemngr.xml
File Deleted : C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\searchplugins\daemon-search.xml
File Deleted : C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\searchplugins\search.xml
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\DOCUME~1\Macky\LOCALS~1\Temp\[email protected]
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Macky\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Macky\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\Conduit
Folder Deleted : C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\CT2464976
Folder Deleted : C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
Folder Deleted : C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Macky\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Macky\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKU\S-1-5-21-842925246-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109220&tt=4712_5&babsrc=HP_ss&mntrId=8c9db49d000000000000003018a96870 --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={82A343DE-6D94-42B8-B75A-DDDB47BA5553}&mid=5be7495ab682ec2bef8ffa2c7168fc11-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&pr=fr&d=2011-10-13 16:37:16&v=13.2.0.5&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v3.0.19 (en-US)

Profile name : default
File : C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\prefs.js

C:\Documents and Settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\user.js ... Deleted !

Deleted : user_pref("CT2464976.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2464976.CTID", "CT2464976");
Deleted : user_pref("CT2464976.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2464976.CurrentServerDate", "1-11-2012");
Deleted : user_pref("CT2464976.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2464976.FeedLastCount129689076963749129", 0);
Deleted : user_pref("CT2464976.FeedPollDate129689076963749129", "Thu Nov 01 2012 09:58:25 GMT+0800 (China Stan[...]
Deleted : user_pref("CT2464976.FirstServerDate", "6-2-2010");
Deleted : user_pref("CT2464976.FirstTime", true);
Deleted : user_pref("CT2464976.FirstTimeFF3", true);
Deleted : user_pref("CT2464976.GroupingInvalidateCache", false);
Deleted : user_pref("CT2464976.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2464976.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2464976.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2464976.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2464976.Initialize", true);
Deleted : user_pref("CT2464976.InitializeCommonPrefs", true);
Deleted : user_pref("CT2464976.InstalledDate", "Sat Feb 06 2010 11:03:57 GMT+0800 (Taipei Standard Time)");
Deleted : user_pref("CT2464976.InvalidateCache", false);
Deleted : user_pref("CT2464976.IsGrouping", false);
Deleted : user_pref("CT2464976.IsMulticommunity", false);
Deleted : user_pref("CT2464976.IsOpenThankYouPage", true);
Deleted : user_pref("CT2464976.IsOpenUninstallPage", true);
Deleted : user_pref("CT2464976.LanguagePackLastCheckTime", "Thu Nov 01 2012 09:58:28 GMT+0800 (China Standard [...]
Deleted : user_pref("CT2464976.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2464976.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2464976.LastLogin_2.5.6.0", "Thu Nov 01 2012 09:58:27 GMT+0800 (China Standard Time)");
Deleted : user_pref("CT2464976.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2464976.Locale", "en");
Deleted : user_pref("CT2464976.LoginCache", 4);
Deleted : user_pref("CT2464976.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2464976.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2464976.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2464976.RadioLastCheckTime", "0");
Deleted : user_pref("CT2464976.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2464976.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2464976.RadioShrinked", "shrinked");
Deleted : user_pref("CT2464976.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2464976.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2464976.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2464976.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT246[...]
Deleted : user_pref("CT2464976.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2464976.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2464976.SearchInNewTabLastCheckTime", "Thu Nov 01 2012 09:58:25 GMT+0800 (China Standar[...]
Deleted : user_pref("CT2464976.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2464976.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2464976.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2464976.SettingsLastCheckTime", "Thu Nov 01 2012 09:58:24 GMT+0800 (China Standard Time[...]
Deleted : user_pref("CT2464976.SettingsLastUpdate", "1346680891");
Deleted : user_pref("CT2464976.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2464976.ThirdPartyComponentsLastCheck", "Thu Nov 01 2012 09:58:23 GMT+0800 (China Stand[...]
Deleted : user_pref("CT2464976.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2464976.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2464976.UserID", "UN17943541725855205");
Deleted : user_pref("CT2464976.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2464976.alertChannelId", "858611");
Deleted : user_pref("CT2464976.clientLogIsEnabled", false);
Deleted : user_pref("CT2464976.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2464976.myStuffEnabled", true);
Deleted : user_pref("CT2464976.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2464976.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2464976.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2464976.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2464976.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://flvdirect.iamwired.net/websearch.[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2464976");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2464976");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Nov 01 2012 09:57:58 GMT+0800 (China[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Nov 01 2012 09:57:58 GMT+0800 (China Sta[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{8161359a-1018-418e-8b9d-ff26fcd99e88}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Nov 23 2010 11:07:34 GMT+0800 (Chi[...]
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109220&tt=4712_5&babsrc=HP_s[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Macky\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [17785 octets] - [22/11/2012 08:16:55]

########## EOF - C:\AdwCleaner[S1].txt - [17846 octets] ##########
  • 0

#5
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
RogueKiller:

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Macky [Admin rights]
Mode : Remove -- Date : 11/22/2012 08:29:22

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] jqs.exe -- C:\Documents and Settings\Macky\Application Data\Java\bin\jqs.exe -> KILLED [TermProc]
[SUSP PATH] RTHDCPL.EXE -- C:\WINDOWS\RTHDCPL.EXE -> KILLED [TermProc]
[][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : NvTaskbarInit -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][NOTFOUND] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) -> DELETED
[RUN][NOTFOUND] HKLM\[...]\Run : NvMediaCenter (RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll) -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380215AS +++++
--- User ---
[MBR] b50370f20e99d00e1f7dce182d42dcfa
[BSP] 037a9607888067a47e61843408020308 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11222012_02d0829.txt >>
RKreport[1]_S_11222012_02d0829.txt ; RKreport[2]_D_11222012_02d0829.txt
  • 0

#6
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
You guys are amazing. :cool: Many, many thanks for your help.
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#8
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, will do so in a moment... :thumbsup:
  • 0

#9
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here it is:

ComboFix 12-11-22.03 - Macky 11/23/2012 8:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1227 [GMT 8:00]
Running from: c:\documents and settings\Macky\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
c:\documents and settings\All Users\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
c:\documents and settings\Macky\g2mdlhlpx.exe
C:\khq
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\dskinliteu.dll
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.dat
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\SkinDirectFLV\skin.xml
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\IsUn0411.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\015d0e9618d1a18a.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\47a0b8062c61b20b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5f1baad673631908.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8405a04541c1227c.fb
c:\windows\system32\Cache\921c8536e1672dd7.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c46079c69c2d56a6.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c5e3b2269d6de381.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f52c7ef172d9eff6.fb
c:\windows\system32\Cache\f6802f6ecbdbc8bd.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\CddbCdda.dll
c:\windows\system32\cnm1FC.tmp
c:\windows\system32\cnm251.tmp
c:\windows\system32\cnm2FD.tmp
c:\windows\system32\rrt_is.wav
c:\windows\system32\rrt_tn.wav
c:\windows\system32\rrt_tv.wav
c:\windows\system32\rrt_vf.wav
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET55.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-21 00:28 . 2012-11-21 00:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 00:24 . 2012-11-21 06:12 -------- d-----w- c:\windows\SxsCaPendDel
2012-11-20 14:04 . 2012-11-20 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Browser Manager
2012-11-20 14:03 . 2012-11-21 06:56 -------- d-----w- c:\program files\TornTV.com
2012-11-19 23:42 . 2012-11-19 23:42 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 00:28 . 2011-10-05 02:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-15 17:23 . 2012-09-04 16:20 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Macky\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Macky\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Macky\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Macky\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-29 2938552]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-12 18782720]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 2684280]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-07 161336]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"IMMONSUPPORT"="c:\program files\IM Magician\vmonproc.exe" [2010-09-28 233472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMMON]
2010-09-28 09:49 143360 ----a-w- c:\program files\IM Magician\vicamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-11-19 13:48 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-11-06 08:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nokia\\Ovi\\Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Macky\\My Documents\\Mack's Stuff\\Cryptload\\RouterClient.exe"=
"c:\\Documents and Settings\\Macky\\My Documents\\Mack's Stuff\\Cryptload\\CryptLoad.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgcsrvx.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\system32\\conime.exe"=
"c:\\Program Files\\Nokia\\Ovi Player\\NokiaOviPlayer.exe"=
"c:\\Program Files\\Microsoft Games for Windows - LIVE\\Client\\GFWLive.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Macky\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"58874:TCP"= 58874:TCP:Pando Media Booster
"58874:UDP"= 58874:UDP:Pando Media Booster
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 31952]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/29/2008 12:13 AM 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/5/2012 12:20 AM 26984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [11/19/2012 9:48 PM 1435568]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 gupdate1c9c2e9e447b826;Google Update Service (gupdate1c9c2e9e447b826);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2011 1:27 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/19/2010 12:17 PM 1691480]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/16/2010 5:08 PM 245760]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [8/10/2010 9:04 PM 100736]
S3 usbet;USB 2.0 WebCAM;c:\windows\system32\drivers\ETdrv.sys [10/18/2011 8:45 PM 165632]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 00:28]
.
2012-11-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-27 20:27]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-11 17:27]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-11 17:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate by ATLAS - c:\program files\ATLAS V11\Atlscript.html
Trusted Zone: flvdirect.com\www
Trusted Zone: moe.hm\micro
Trusted Zone: trompizgerbo.com\axxe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Macky\Application Data\Mozilla\Firefox\Profiles\oyryt92b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - Ext: LoudMo Contextual Ad Assistant: {2552cacb-3a30-a581-d795-5878e0d03f86} - c:\program files\Mozilla Firefox\extensions\{2552cacb-3a30-a581-d795-5878e0d03f86}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG2012\Firefox
FF - Ext: Java Quick Starter: [email protected] - c:\documents and settings\Macky\Application Data\Java\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{31c0a881-756c-fa05-5967-afeb511f638f} - c:\windows\system32\x-UZM17.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
HKLM-Run-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
HKLM-Run-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
HKLM-Run-RRT-Auto - c:\documents and settings\Macky\My Documents\Downloads\RRT (1).exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-23 08:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1076)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(992)
c:\documents and settings\Macky\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\Macky\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\Macky\Application Data\Java\bin\jqs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\RTHDCPL.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-11-23 08:30:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-23 00:29
.
Pre-Run: 661,319,680 bytes free
Post-Run: 4,093,595,648 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C127D1D050C9D5D48255F74A5941F727
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

Advertisements


#11
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, will run them in a while.
  • 0

#12
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Tdsskiller report:

23:39:21.0125 6008 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:39:22.0187 6008 ============================================================
23:39:22.0187 6008 Current date / time: 2012/11/24 23:39:22.0187
23:39:22.0187 6008 SystemInfo:
23:39:22.0187 6008
23:39:22.0187 6008 OS Version: 5.1.2600 ServicePack: 3.0
23:39:22.0187 6008 Product type: Workstation
23:39:22.0187 6008 ComputerName: MACKY-4B5CD3E5C
23:39:22.0187 6008 UserName: Macky
23:39:22.0187 6008 Windows directory: C:\WINDOWS
23:39:22.0187 6008 System windows directory: C:\WINDOWS
23:39:22.0187 6008 Processor architecture: Intel x86
23:39:22.0187 6008 Number of processors: 2
23:39:22.0187 6008 Page size: 0x1000
23:39:22.0187 6008 Boot type: Normal boot
23:39:22.0187 6008 ============================================================
23:39:23.0812 6008 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:39:23.0828 6008 ============================================================
23:39:23.0828 6008 \Device\Harddisk0\DR0:
23:39:23.0828 6008 MBR partitions:
23:39:23.0828 6008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
23:39:23.0828 6008 ============================================================
23:39:23.0859 6008 C: <-> \Device\Harddisk0\DR0\Partition1
23:39:23.0859 6008 ============================================================
23:39:23.0859 6008 Initialize success
23:39:23.0859 6008 ============================================================
23:39:25.0562 2012 ============================================================
23:39:25.0562 2012 Scan started
23:39:25.0562 2012 Mode: Manual;
23:39:25.0562 2012 ============================================================
23:39:26.0578 2012 ================ Scan system memory ========================
23:39:26.0578 2012 System memory - ok
23:39:26.0578 2012 ================ Scan services =============================
23:39:26.0703 2012 [ 0629361FAC4576BA48AB39F4903DCE9E ] aawservice C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
23:39:26.0703 2012 aawservice - ok
23:39:26.0859 2012 Abiosdsk - ok
23:39:26.0859 2012 abp480n5 - ok
23:39:26.0906 2012 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:39:26.0906 2012 ACPI - ok
23:39:26.0953 2012 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:39:26.0968 2012 ACPIEC - ok
23:39:27.0031 2012 [ 05BDD706A847BBFA9FD5948CD636EB1A ] Ad-Watch Connect Filter C:\WINDOWS\system32\drivers\NSDriver.sys
23:39:27.0031 2012 Ad-Watch Connect Filter - ok
23:39:27.0046 2012 [ EC018602809B28520CAA132CD616BB2A ] Ad-Watch Real-Time Scanner C:\WINDOWS\system32\drivers\AWRTPD.sys
23:39:27.0046 2012 Ad-Watch Real-Time Scanner - ok
23:39:27.0093 2012 [ 10D3F81B955CD10D6464B1B922E5AC68 ] Ad-Watch Registry Filter C:\WINDOWS\system32\drivers\AWRTRD.sys
23:39:27.0093 2012 Ad-Watch Registry Filter - ok
23:39:27.0125 2012 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
23:39:27.0140 2012 adfs - ok
23:39:27.0234 2012 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:39:27.0234 2012 AdobeFlashPlayerUpdateSvc - ok
23:39:27.0250 2012 adpu160m - ok
23:39:27.0296 2012 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:39:27.0312 2012 aec - ok
23:39:27.0359 2012 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:39:27.0359 2012 AFD - ok
23:39:27.0375 2012 Aha154x - ok
23:39:27.0390 2012 aic78u2 - ok
23:39:27.0406 2012 aic78xx - ok
23:39:27.0453 2012 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:39:27.0468 2012 Alerter - ok
23:39:27.0468 2012 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:39:27.0468 2012 ALG - ok
23:39:27.0500 2012 AliIde - ok
23:39:27.0593 2012 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
23:39:27.0625 2012 Ambfilt - ok
23:39:27.0625 2012 amsint - ok
23:39:27.0687 2012 [ 466B50423A453AF1DE01776EAD7D060E ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
23:39:27.0687 2012 AnyDVD - ok
23:39:27.0828 2012 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:39:27.0828 2012 Apple Mobile Device - ok
23:39:27.0906 2012 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:39:27.0906 2012 AppMgmt - ok
23:39:27.0906 2012 asc - ok
23:39:27.0921 2012 asc3350p - ok
23:39:27.0937 2012 asc3550 - ok
23:39:28.0046 2012 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:39:28.0046 2012 aspnet_state - ok
23:39:28.0078 2012 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:39:28.0093 2012 AsyncMac - ok
23:39:28.0125 2012 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:39:28.0125 2012 atapi - ok
23:39:28.0140 2012 Atdisk - ok
23:39:28.0156 2012 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:39:28.0156 2012 Atmarpc - ok
23:39:28.0187 2012 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:39:28.0187 2012 AudioSrv - ok
23:39:28.0234 2012 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:39:28.0234 2012 audstub - ok
23:39:28.0937 2012 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
23:39:28.0984 2012 AVGIDSAgent - ok
23:39:29.0031 2012 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
23:39:29.0031 2012 AVGIDSDriver - ok
23:39:29.0046 2012 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
23:39:29.0046 2012 AVGIDSFilter - ok
23:39:29.0093 2012 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
23:39:29.0093 2012 AVGIDSHX - ok
23:39:29.0125 2012 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
23:39:29.0125 2012 AVGIDSShim - ok
23:39:29.0187 2012 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:39:29.0203 2012 Avgldx86 - ok
23:39:29.0250 2012 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:39:29.0250 2012 Avgmfx86 - ok
23:39:29.0250 2012 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:39:29.0250 2012 Avgrkx86 - ok
23:39:29.0328 2012 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:39:29.0343 2012 Avgtdix - ok
23:39:29.0375 2012 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
23:39:29.0375 2012 avgtp - ok
23:39:29.0421 2012 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:39:29.0421 2012 avgwd - ok
23:39:29.0453 2012 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:39:29.0453 2012 Beep - ok
23:39:29.0515 2012 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:39:29.0515 2012 BITS - ok
23:39:29.0593 2012 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:39:29.0609 2012 Bonjour Service - ok
23:39:29.0640 2012 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
23:39:29.0640 2012 Browser - ok
23:39:29.0687 2012 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
23:39:29.0687 2012 BrScnUsb - ok
23:39:29.0765 2012 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
23:39:29.0765 2012 BrYNSvc - ok
23:39:29.0765 2012 catchme - ok
23:39:29.0843 2012 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:39:29.0843 2012 cbidf2k - ok
23:39:29.0890 2012 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:39:29.0890 2012 CCDECODE - ok
23:39:29.0890 2012 cd20xrnt - ok
23:39:29.0953 2012 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:39:29.0953 2012 Cdaudio - ok
23:39:30.0000 2012 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:39:30.0000 2012 Cdfs - ok
23:39:30.0015 2012 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:39:30.0015 2012 Cdrom - ok
23:39:30.0031 2012 Changer - ok
23:39:30.0062 2012 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:39:30.0078 2012 CiSvc - ok
23:39:30.0109 2012 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:39:30.0109 2012 ClipSrv - ok
23:39:30.0140 2012 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:39:30.0140 2012 clr_optimization_v2.0.50727_32 - ok
23:39:30.0156 2012 CmdIde - ok
23:39:30.0156 2012 COMSysApp - ok
23:39:30.0171 2012 Cpqarray - ok
23:39:30.0218 2012 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:39:30.0218 2012 CryptSvc - ok
23:39:30.0218 2012 dac2w2k - ok
23:39:30.0234 2012 dac960nt - ok
23:39:30.0281 2012 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:39:30.0281 2012 DcomLaunch - ok
23:39:30.0312 2012 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:39:30.0312 2012 Dhcp - ok
23:39:30.0359 2012 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:39:30.0359 2012 Disk - ok
23:39:30.0359 2012 dmadmin - ok
23:39:30.0531 2012 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:39:30.0546 2012 dmboot - ok
23:39:30.0640 2012 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:39:30.0640 2012 dmio - ok
23:39:30.0687 2012 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:39:30.0687 2012 dmload - ok
23:39:30.0734 2012 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:39:30.0734 2012 dmserver - ok
23:39:30.0781 2012 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:39:30.0781 2012 DMusic - ok
23:39:30.0812 2012 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:39:30.0828 2012 Dnscache - ok
23:39:30.0937 2012 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:39:30.0937 2012 Dot3svc - ok
23:39:30.0937 2012 dpti2o - ok
23:39:30.0984 2012 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:39:30.0984 2012 drmkaud - ok
23:39:31.0031 2012 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:39:31.0031 2012 EapHost - ok
23:39:31.0062 2012 [ C61C83501268B0110B5C5DB7E63DEE0C ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
23:39:31.0078 2012 ElbyCDFL - ok
23:39:31.0109 2012 [ 28CB0B64134AD62C2ACF77DB8501A619 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:39:31.0125 2012 ElbyCDIO - ok
23:39:31.0140 2012 [ DF9957DB3BFE5136AAD3C2C101806C98 ] ElbyDelay C:\WINDOWS\system32\Drivers\ElbyDelay.sys
23:39:31.0140 2012 ElbyDelay - ok
23:39:31.0171 2012 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:39:31.0171 2012 ERSvc - ok
23:39:31.0218 2012 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:39:31.0218 2012 Eventlog - ok
23:39:31.0250 2012 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:39:31.0250 2012 EventSystem - ok
23:39:31.0296 2012 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:39:31.0296 2012 Fastfat - ok
23:39:31.0343 2012 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:39:31.0343 2012 FastUserSwitchingCompatibility - ok
23:39:31.0390 2012 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:39:31.0390 2012 Fdc - ok
23:39:31.0406 2012 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:39:31.0406 2012 Fips - ok
23:39:31.0468 2012 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:39:31.0468 2012 FLEXnet Licensing Service - ok
23:39:31.0515 2012 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:39:31.0515 2012 Flpydisk - ok
23:39:31.0546 2012 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:39:31.0546 2012 FltMgr - ok
23:39:31.0640 2012 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:39:31.0640 2012 FontCache3.0.0.0 - ok
23:39:31.0687 2012 [ 455F778EE14368468560BD7CB8C854D0 ] FsVga C:\WINDOWS\system32\DRIVERS\fsvga.sys
23:39:31.0687 2012 FsVga - ok
23:39:31.0703 2012 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:39:31.0703 2012 Fs_Rec - ok
23:39:31.0734 2012 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:39:31.0734 2012 Ftdisk - ok
23:39:31.0781 2012 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:39:31.0781 2012 GEARAspiWDM - ok
23:39:31.0843 2012 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:39:31.0843 2012 Gpc - ok
23:39:31.0953 2012 [ F02A533F517EB38333CB12A9E8963773 ] gupdate1c9c2e9e447b826 C:\Program Files\Google\Update\GoogleUpdate.exe
23:39:31.0968 2012 gupdate1c9c2e9e447b826 - ok
23:39:31.0968 2012 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:39:31.0984 2012 gupdatem - ok
23:39:32.0031 2012 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:39:32.0031 2012 gusvc - ok
23:39:32.0062 2012 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
23:39:32.0062 2012 hamachi - ok
23:39:32.0171 2012 [ A7EBBF64C7610B7C67D46AE620AADBA3 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
23:39:32.0187 2012 Hamachi2Svc - ok
23:39:32.0218 2012 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:39:32.0218 2012 HDAudBus - ok
23:39:32.0281 2012 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:39:32.0281 2012 helpsvc - ok
23:39:32.0296 2012 HidServ - ok
23:39:32.0328 2012 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:39:32.0328 2012 HidUsb - ok
23:39:32.0375 2012 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:39:32.0375 2012 hkmsvc - ok
23:39:32.0390 2012 hpn - ok
23:39:32.0453 2012 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:39:32.0453 2012 HTTP - ok
23:39:32.0500 2012 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:39:32.0500 2012 HTTPFilter - ok
23:39:32.0562 2012 [ 93E5D34D95FF9011BEED886E3627F442 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
23:39:32.0562 2012 hwdatacard - ok
23:39:32.0609 2012 [ 922065957563D851B5A68B95AADAC6AD ] hwusbdev C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
23:39:32.0625 2012 hwusbdev - ok
23:39:32.0640 2012 i2omgmt - ok
23:39:32.0656 2012 i2omp - ok
23:39:32.0687 2012 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:39:32.0703 2012 i8042prt - ok
23:39:32.0875 2012 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:39:32.0890 2012 idsvc - ok
23:39:32.0937 2012 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:39:32.0937 2012 Imapi - ok
23:39:33.0000 2012 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:39:33.0000 2012 ImapiService - ok
23:39:33.0015 2012 ini910u - ok
23:39:33.0250 2012 [ 7932376781A13270372B3B073355AF07 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:39:33.0312 2012 IntcAzAudAddService - ok
23:39:33.0359 2012 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:39:33.0359 2012 IntelIde - ok
23:39:33.0406 2012 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:39:33.0406 2012 intelppm - ok
23:39:33.0421 2012 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:39:33.0421 2012 Ip6Fw - ok
23:39:33.0453 2012 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:39:33.0453 2012 IpFilterDriver - ok
23:39:33.0484 2012 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:39:33.0484 2012 IpInIp - ok
23:39:33.0500 2012 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:39:33.0515 2012 IpNat - ok
23:39:33.0562 2012 [ 0CA8C2E721617AA2F923A8151C96FB33 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:39:33.0578 2012 iPod Service - ok
23:39:33.0593 2012 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:39:33.0593 2012 IPSec - ok
23:39:33.0640 2012 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:39:33.0640 2012 IRENUM - ok
23:39:33.0671 2012 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:39:33.0671 2012 isapnp - ok
23:39:33.0906 2012 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Documents and Settings\Macky\Application Data\Java\bin\jqs.exe
23:39:33.0906 2012 JavaQuickStarterService - ok
23:39:33.0937 2012 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:39:33.0937 2012 Kbdclass - ok
23:39:33.0953 2012 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:39:33.0953 2012 kmixer - ok
23:39:34.0000 2012 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:39:34.0000 2012 KSecDD - ok
23:39:34.0046 2012 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:39:34.0046 2012 lanmanserver - ok
23:39:34.0093 2012 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:39:34.0093 2012 lanmanworkstation - ok
23:39:34.0109 2012 lbrtfdc - ok
23:39:34.0156 2012 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:39:34.0156 2012 LmHosts - ok
23:39:34.0218 2012 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:39:34.0234 2012 MDM - ok
23:39:34.0281 2012 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:39:34.0281 2012 Messenger - ok
23:39:34.0296 2012 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:39:34.0312 2012 mnmdd - ok
23:39:34.0343 2012 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:39:34.0343 2012 mnmsrvc - ok
23:39:34.0390 2012 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:39:34.0406 2012 Modem - ok
23:39:34.0468 2012 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
23:39:34.0484 2012 Monfilt - ok
23:39:34.0531 2012 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:39:34.0531 2012 Mouclass - ok
23:39:34.0578 2012 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:39:34.0593 2012 mouhid - ok
23:39:34.0609 2012 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:39:34.0609 2012 MountMgr - ok
23:39:34.0625 2012 mraid35x - ok
23:39:34.0640 2012 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:39:34.0640 2012 MRxDAV - ok
23:39:34.0687 2012 [ 60AE98742484E7AB80C3C1450E708148 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:39:34.0703 2012 MRxSmb - ok
23:39:34.0750 2012 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:39:34.0750 2012 MSDTC - ok
23:39:34.0781 2012 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:39:34.0781 2012 Msfs - ok
23:39:34.0796 2012 MSIServer - ok
23:39:34.0828 2012 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:39:34.0828 2012 MSKSSRV - ok
23:39:34.0859 2012 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:39:34.0859 2012 MSPCLOCK - ok
23:39:34.0890 2012 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:39:34.0890 2012 MSPQM - ok
23:39:34.0906 2012 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:39:34.0921 2012 mssmbios - ok
23:39:34.0968 2012 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:39:34.0968 2012 MSTEE - ok
23:39:35.0000 2012 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:39:35.0000 2012 Mup - ok
23:39:35.0031 2012 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:39:35.0031 2012 NABTSFEC - ok
23:39:35.0093 2012 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:39:35.0093 2012 napagent - ok
23:39:35.0125 2012 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:39:35.0140 2012 NDIS - ok
23:39:35.0187 2012 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:39:35.0203 2012 NdisIP - ok
23:39:35.0218 2012 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:39:35.0234 2012 NdisTapi - ok
23:39:35.0265 2012 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:39:35.0265 2012 Ndisuio - ok
23:39:35.0281 2012 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:39:35.0281 2012 NdisWan - ok
23:39:35.0281 2012 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:39:35.0296 2012 NDProxy - ok
23:39:35.0312 2012 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:39:35.0312 2012 NetBIOS - ok
23:39:35.0359 2012 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:39:35.0359 2012 NetBT - ok
23:39:35.0421 2012 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:39:35.0421 2012 NetDDE - ok
23:39:35.0437 2012 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:39:35.0437 2012 NetDDEdsdm - ok
23:39:35.0468 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:39:35.0468 2012 Netlogon - ok
23:39:35.0515 2012 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:39:35.0515 2012 Netman - ok
23:39:35.0609 2012 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:39:35.0609 2012 NetTcpPortSharing - ok
23:39:35.0656 2012 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla C:\WINDOWS\System32\mswsock.dll
23:39:35.0671 2012 Nla - ok
23:39:35.0703 2012 [ 4A8A2AA0706B659175169DECF198E9D7 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
23:39:35.0703 2012 nmwcd - ok
23:39:35.0750 2012 [ FD3E61831095AC62E6840D986B5A2016 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:39:35.0750 2012 nmwcdc - ok
23:39:35.0781 2012 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:39:35.0796 2012 Npfs - ok
23:39:35.0843 2012 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:39:35.0859 2012 Ntfs - ok
23:39:35.0875 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:39:35.0890 2012 NtLmSsp - ok
23:39:35.0937 2012 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:39:35.0953 2012 NtmsSvc - ok
23:39:35.0984 2012 nTuneService - ok
23:39:36.0015 2012 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:39:36.0015 2012 Null - ok
23:39:36.0343 2012 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:39:36.0484 2012 nv - ok
23:39:36.0531 2012 [ D314FE034D68C09D412727886E24F5FB ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:39:36.0531 2012 NVENETFD - ok
23:39:36.0562 2012 [ F99FBB623ED78367574EE461B5B32C2C ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:39:36.0578 2012 nvnetbus - ok
23:39:36.0609 2012 [ 61D6B1C71AD94F8485E966BEBC36D092 ] NVR0Dev C:\WINDOWS\nvoclock.sys
23:39:36.0609 2012 NVR0Dev - ok
23:39:36.0656 2012 [ C44EE36DD84FA95EB81D79C374756003 ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
23:39:36.0656 2012 nvsmu - ok
23:39:36.0703 2012 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:39:36.0703 2012 NVSvc - ok
23:39:36.0750 2012 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:39:36.0750 2012 NwlnkFlt - ok
23:39:36.0781 2012 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:39:36.0781 2012 NwlnkFwd - ok
23:39:36.0843 2012 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:39:36.0859 2012 ose - ok
23:39:36.0937 2012 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:39:36.0937 2012 Parport - ok
23:39:36.0984 2012 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:39:36.0984 2012 PartMgr - ok
23:39:37.0046 2012 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:39:37.0046 2012 ParVdm - ok
23:39:37.0078 2012 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:39:37.0093 2012 pccsmcfd - ok
23:39:37.0140 2012 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:39:37.0140 2012 PCI - ok
23:39:37.0140 2012 PCIDump - ok
23:39:37.0187 2012 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:39:37.0187 2012 PCIIde - ok
23:39:37.0218 2012 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:39:37.0218 2012 Pcmcia - ok
23:39:37.0218 2012 PDCOMP - ok
23:39:37.0234 2012 PDFRAME - ok
23:39:37.0250 2012 PDRELI - ok
23:39:37.0281 2012 PDRFRAME - ok
23:39:37.0281 2012 perc2 - ok
23:39:37.0296 2012 perc2hib - ok
23:39:37.0343 2012 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:39:37.0359 2012 PlugPlay - ok
23:39:37.0406 2012 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
23:39:37.0406 2012 PnkBstrA - ok
23:39:37.0453 2012 [ 9DA119068E25440D79CD7EFFF9B4F1C7 ] PnkBstrB C:\WINDOWS\system32\PnkBstrB.exe
23:39:37.0453 2012 PnkBstrB - ok
23:39:37.0515 2012 [ CAA22E99F5FB2EBBC202E1860504CAD9 ] PnkBstrK C:\WINDOWS\system32\drivers\PnkBstrK.sys
23:39:37.0515 2012 PnkBstrK - ok
23:39:37.0531 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:39:37.0531 2012 PolicyAgent - ok
23:39:37.0578 2012 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:39:37.0578 2012 PptpMiniport - ok
23:39:37.0609 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:39:37.0609 2012 ProtectedStorage - ok
23:39:37.0640 2012 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:39:37.0640 2012 PSched - ok
23:39:37.0671 2012 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:39:37.0671 2012 Ptilink - ok
23:39:37.0734 2012 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:39:37.0734 2012 PxHelp20 - ok
23:39:37.0734 2012 ql1080 - ok
23:39:37.0765 2012 Ql10wnt - ok
23:39:37.0765 2012 ql12160 - ok
23:39:37.0781 2012 ql1240 - ok
23:39:37.0812 2012 ql1280 - ok
23:39:37.0859 2012 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:39:37.0859 2012 RasAcd - ok
23:39:37.0890 2012 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:39:37.0906 2012 RasAuto - ok
23:39:37.0921 2012 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:39:37.0921 2012 Rasl2tp - ok
23:39:37.0968 2012 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:39:37.0984 2012 RasMan - ok
23:39:38.0000 2012 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:39:38.0000 2012 RasPppoe - ok
23:39:38.0000 2012 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:39:38.0000 2012 Raspti - ok
23:39:38.0031 2012 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:39:38.0031 2012 Rdbss - ok
23:39:38.0046 2012 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:39:38.0062 2012 RDPCDD - ok
23:39:38.0093 2012 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:39:38.0093 2012 rdpdr - ok
23:39:38.0125 2012 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:39:38.0125 2012 RDPWD - ok
23:39:38.0156 2012 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:39:38.0156 2012 RDSessMgr - ok
23:39:38.0187 2012 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:39:38.0187 2012 redbook - ok
23:39:38.0234 2012 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:39:38.0234 2012 RemoteAccess - ok
23:39:38.0281 2012 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:39:38.0281 2012 RemoteRegistry - ok
23:39:38.0359 2012 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:39:38.0359 2012 RichVideo - ok
23:39:38.0421 2012 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:39:38.0421 2012 RpcLocator - ok
23:39:38.0468 2012 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:39:38.0468 2012 RpcSs - ok
23:39:38.0500 2012 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:39:38.0515 2012 RSVP - ok
23:39:38.0546 2012 [ 387C8F70E992EFA3D25816ECC1AB2B8B ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:39:38.0546 2012 RTLE8023xp - ok
23:39:38.0578 2012 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:39:38.0593 2012 SamSs - ok
23:39:38.0625 2012 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:39:38.0625 2012 SCardSvr - ok
23:39:38.0687 2012 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:39:38.0687 2012 Schedule - ok
23:39:38.0734 2012 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:39:38.0734 2012 Secdrv - ok
23:39:38.0796 2012 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:39:38.0796 2012 seclogon - ok
23:39:38.0843 2012 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:39:38.0843 2012 SENS - ok
23:39:38.0859 2012 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:39:38.0859 2012 serenum - ok
23:39:38.0875 2012 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:39:38.0875 2012 Serial - ok
23:39:39.0000 2012 [ C2644DC3CAC06AFF97A9359632C9C175 ] ServiceLayer C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
23:39:39.0000 2012 ServiceLayer - ok
23:39:39.0046 2012 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:39:39.0062 2012 Sfloppy - ok
23:39:39.0109 2012 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:39:39.0109 2012 SharedAccess - ok
23:39:39.0125 2012 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:39:39.0140 2012 ShellHWDetection - ok
23:39:39.0140 2012 Simbad - ok
23:39:39.0203 2012 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:39:39.0203 2012 SkypeUpdate - ok
23:39:39.0250 2012 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:39:39.0250 2012 SLIP - ok
23:39:39.0265 2012 Sparrow - ok
23:39:39.0296 2012 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:39:39.0296 2012 splitter - ok
23:39:39.0343 2012 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:39:39.0343 2012 Spooler - ok
23:39:39.0406 2012 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
23:39:39.0406 2012 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
23:39:39.0406 2012 sptd ( LockedFile.Multi.Generic ) - warning
23:39:39.0406 2012 sptd - detected LockedFile.Multi.Generic (1)
23:39:39.0421 2012 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:39:39.0421 2012 sr - ok
23:39:39.0484 2012 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:39:39.0484 2012 srservice - ok
23:39:39.0515 2012 [ 3BB03F2BA89D2BE417206C373D2AF17C ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:39:39.0531 2012 Srv - ok
23:39:39.0562 2012 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:39:39.0562 2012 SSDPSRV - ok
23:39:39.0593 2012 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:39:39.0609 2012 stisvc - ok
23:39:39.0640 2012 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:39:39.0640 2012 streamip - ok
23:39:39.0703 2012 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:39:39.0703 2012 swenum - ok
23:39:39.0734 2012 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:39:39.0734 2012 swmidi - ok
23:39:39.0750 2012 SwPrv - ok
23:39:39.0765 2012 symc810 - ok
23:39:39.0781 2012 symc8xx - ok
23:39:39.0796 2012 sym_hi - ok
23:39:39.0812 2012 sym_u3 - ok
23:39:39.0875 2012 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:39:39.0875 2012 sysaudio - ok
23:39:39.0921 2012 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:39:39.0921 2012 SysmonLog - ok
23:39:39.0953 2012 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:39:39.0953 2012 TapiSrv - ok
23:39:40.0000 2012 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:39:40.0000 2012 Tcpip - ok
23:39:40.0015 2012 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:39:40.0031 2012 TDPIPE - ok
23:39:40.0046 2012 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:39:40.0046 2012 TDTCP - ok
23:39:40.0078 2012 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:39:40.0078 2012 TermDD - ok
23:39:40.0125 2012 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:39:40.0125 2012 TermService - ok
23:39:40.0140 2012 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:39:40.0156 2012 Themes - ok
23:39:40.0187 2012 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:39:40.0203 2012 TlntSvr - ok
23:39:40.0203 2012 TosIde - ok
23:39:40.0265 2012 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:39:40.0265 2012 TrkWks - ok
23:39:40.0328 2012 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:39:40.0328 2012 Udfs - ok
23:39:40.0343 2012 ultra - ok
23:39:40.0390 2012 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:39:40.0390 2012 Update - ok
23:39:40.0421 2012 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:39:40.0453 2012 upnphost - ok
23:39:40.0500 2012 [ 587E643A4E2FFD9A00F114B057CEB773 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:39:40.0500 2012 upperdev - ok
23:39:40.0546 2012 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:39:40.0546 2012 UPS - ok
23:39:40.0578 2012 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:39:40.0578 2012 USBAAPL - ok
23:39:40.0625 2012 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:39:40.0625 2012 usbaudio - ok
23:39:40.0671 2012 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:39:40.0671 2012 usbccgp - ok
23:39:40.0671 2012 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:39:40.0671 2012 usbehci - ok
23:39:40.0718 2012 [ 135B414E4309E95AD9A9190656459C18 ] usbet C:\WINDOWS\system32\DRIVERS\ETdrv.sys
23:39:40.0718 2012 usbet - ok
23:39:40.0781 2012 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:39:40.0781 2012 usbhub - ok
23:39:40.0796 2012 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:39:40.0796 2012 usbohci - ok
23:39:40.0859 2012 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:39:40.0859 2012 usbprint - ok
23:39:40.0906 2012 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:39:40.0906 2012 usbscan - ok
23:39:40.0937 2012 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
23:39:40.0937 2012 usbser - ok
23:39:40.0984 2012 [ FCA6A196D47CB972A0E4ADC0DB9CD17C ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:39:40.0984 2012 UsbserFilt - ok
23:39:41.0046 2012 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:39:41.0046 2012 USBSTOR - ok
23:39:41.0093 2012 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:39:41.0093 2012 usbuhci - ok
23:39:41.0109 2012 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:39:41.0109 2012 usbvideo - ok
23:39:41.0125 2012 [ 1A131C2CA1B99542F9B0DD0C901F6587 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
23:39:41.0125 2012 VClone - ok
23:39:41.0156 2012 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:39:41.0156 2012 VgaSave - ok
23:39:41.0171 2012 ViaIde - ok
23:39:41.0218 2012 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:39:41.0234 2012 VolSnap - ok
23:39:41.0281 2012 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:39:41.0281 2012 VSS - ok
23:39:41.0296 2012 vToolbarUpdater13.2.0 - ok
23:39:41.0343 2012 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:39:41.0343 2012 W32Time - ok
23:39:41.0390 2012 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:39:41.0390 2012 Wanarp - ok
23:39:41.0453 2012 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:39:41.0468 2012 Wdf01000 - ok
23:39:41.0484 2012 WDICA - ok
23:39:41.0515 2012 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:39:41.0515 2012 wdmaud - ok
23:39:41.0578 2012 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:39:41.0578 2012 WebClient - ok
23:39:41.0656 2012 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:39:41.0671 2012 winmgmt - ok
23:39:41.0750 2012 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:39:41.0750 2012 WmdmPmSN - ok
23:39:41.0796 2012 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:39:41.0796 2012 Wmi - ok
23:39:41.0812 2012 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:39:41.0812 2012 WmiAcpi - ok
23:39:41.0859 2012 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:39:41.0859 2012 WmiApSrv - ok
23:39:41.0906 2012 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:39:41.0906 2012 WpdUsb - ok
23:39:41.0953 2012 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:39:41.0953 2012 WS2IFSL - ok
23:39:41.0984 2012 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:39:42.0000 2012 wscsvc - ok
23:39:42.0062 2012 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:39:42.0062 2012 WSTCODEC - ok
23:39:42.0093 2012 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:39:42.0109 2012 wuauserv - ok
23:39:42.0156 2012 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:39:42.0156 2012 WudfPf - ok
23:39:42.0187 2012 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:39:42.0203 2012 WudfRd - ok
23:39:42.0218 2012 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:39:42.0234 2012 WudfSvc - ok
23:39:42.0281 2012 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:39:42.0281 2012 WZCSVC - ok
23:39:42.0296 2012 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:39:42.0312 2012 xmlprov - ok
23:39:42.0375 2012 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:39:42.0375 2012 YahooAUService - ok
23:39:42.0421 2012 ================ Scan global ===============================
23:39:42.0453 2012 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:39:42.0500 2012 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
23:39:42.0515 2012 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
23:39:42.0546 2012 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:39:42.0546 2012 [Global] - ok
23:39:42.0546 2012 ================ Scan MBR ==================================
23:39:42.0562 2012 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:39:42.0875 2012 \Device\Harddisk0\DR0 - ok
23:39:42.0875 2012 ================ Scan VBR ==================================
23:39:42.0875 2012 [ D5C460DF22D5B9181C1D86BBF3B8BF78 ] \Device\Harddisk0\DR0\Partition1
23:39:42.0875 2012 \Device\Harddisk0\DR0\Partition1 - ok
23:39:42.0875 2012 ============================================================
23:39:42.0875 2012 Scan finished
23:39:42.0875 2012 ============================================================
23:39:42.0921 6124 Detected object count: 1
23:39:42.0921 6124 Actual detected object count: 1
23:39:44.0859 6124 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:39:44.0859 6124 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  • 0

#13
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-24 23:41:32
-----------------------------
23:41:32.375 OS Version: Windows 5.1.2600 Service Pack 3
23:41:32.375 Number of processors: 2 586 0xF0D
23:41:32.390 ComputerName: MACKY-4B5CD3E5C UserName: Macky
23:41:37.015 Initialize success
23:52:33.078 AVAST engine defs: 12112400
23:57:53.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:57:53.375 Disk 0 Vendor: ST380215AS 4.AAB Size: 76319MB BusType: 3
23:57:53.390 Disk 0 MBR read successfully
23:57:53.390 Disk 0 MBR scan
23:57:53.484 Disk 0 Windows XP default MBR code
23:57:53.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
23:57:53.515 Disk 0 scanning sectors +156280320
23:57:53.640 Disk 0 scanning C:\WINDOWS\system32\drivers
23:58:15.796 Service scanning
23:58:55.140 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:59:05.875 Modules scanning
23:59:29.562 Disk 0 trace - called modules:
23:59:29.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzm.sys >>UNKNOWN [0x8ab7b938]<<
23:59:29.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abdb548]
23:59:29.609 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000075[0x8aabc9e8]
23:59:29.609 5 ACPI.sys[b7e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ab3c940]
23:59:30.781 AVAST engine scan C:\WINDOWS
00:00:23.875 AVAST engine scan C:\WINDOWS\system32
00:06:13.984 AVAST engine scan C:\WINDOWS\system32\drivers
00:06:46.484 AVAST engine scan C:\Documents and Settings\Macky
00:11:47.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Macky\Desktop\MBR.dat"
00:11:47.890 The log file has been saved successfully to "C:\Documents and Settings\Macky\Desktop\aswMBR.txt"
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#15
riptidegarou

riptidegarou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Everything looks good so far. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP