Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Error


  • This topic is locked This topic is locked
18 replies to this topic

#1 DEANUH

DEANUH

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 16 March 2012 - 06:09 AM

Hey guys, just today when I turned on my toshiba laptop, the "C:\Windows\system32\pnrpnsp.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support," error appeared when I attempted to to open Windows Live Messenger. A similar error also appears when I try to open League of Legends. These are the only two programs with this error at the moment.

I'll attach a log from HijackThis below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:53 PM, on 16/03/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal

Running processes:
c:\program files (x86)\grasssoft\mouse recorder\MacroServiceWnd.exe
C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files\UniKey\UniKeyNT.exe
C:\Program Files (x86)\Window Hide Tool\Window Hide Tool.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Jenny\Documents\Downloads\Programs\HijackThis.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live Australia Toolbar - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Messenger Plus Live Australia - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
O3 - Toolbar: Messenger Plus Live Australia Toolbar - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey\UniKeyNT.exe
O4 - HKCU\..\Run: [Window Hide Tool] C:\Program Files (x86)\Window Hide Tool\Window Hide Tool.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [38B.exe] C:\Users\Jenny\AppData\Roaming\Microsoft\B1C3\38B.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F4EB1ED-17DF-48E7-A8FB-7F035A68D045}: NameServer = 61.9.211.1,61.9.211.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F4EB1ED-17DF-48E7-A8FB-7F035A68D045}: NameServer = 61.9.211.1,61.9.211.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F4EB1ED-17DF-48E7-A8FB-7F035A68D045}: NameServer = 61.9.211.1,61.9.211.33
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxcj_device - - C:\Windows\system32\lxcjcoms.exe
O23 - Service: Macro Expert - Grass Software - c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 14451 bytes

Hoping you guys could help me out, thanks in advance.

Edited by hamluis, 16 March 2012 - 07:45 AM.
Moved from Vista to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 17 March 2012 - 12:56 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DEANUH

DEANUH
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 18 March 2012 - 06:36 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26
Run by Jenny at 21:32:02 on 2012-03-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.4060.2206 [GMT 10:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\lxcjcoms.exe
c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\atwtusb.exe
C:\Windows\SysWOW64\atwtusb.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\program files (x86)\grasssoft\mouse recorder\MacroServiceWnd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files\UniKey\UniKeyNT.exe
C:\Program Files (x86)\Window Hide Tool\Window Hide Tool.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52040
uURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\googletoolbar1.dll
TB: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [UniKey] C:\Program Files\UniKey\UniKeyNT.exe
uRun: [Window Hide Tool] C:\Program Files (x86)\Window Hide Tool\Window Hide Tool.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [38B.exe] C:\Users\Jenny\AppData\Roaming\Microsoft\B1C3\38B.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Driver Genius]
mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
dRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
dRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 61.9.211.1 61.9.211.33
TCP: Interfaces\{9F4EB1ED-17DF-48E7-A8FB-7F035A68D045} : NameServer = 61.9.211.1,61.9.211.33
TCP: Interfaces\{C021C9C5-BCE6-4C89-83FA-0D50FDE08D84} : DhcpNameServer = 61.9.211.1 61.9.211.33
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO-X64: NCH EN - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
BHO-X64: Messenger Plus Live Australia - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
TB-X64: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [cfFncEnabler.exe] cfFncEnabler.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [TkBellExe] "realsched.exe" -osboot
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Driver Genius]
mRun-x64: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\bme34tlc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52040
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Jenny\AppData\Roaming\FBDevTeam\Riot5Plugin\npRiot5Plugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-2-4 546768]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-4-4 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-8-21 820568]
R2 Macro Expert;Macro Expert;C:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroService.exe [2010-8-31 351232]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-4-12 303952]
R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-2-27 124832]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-4 175104]
R2 WTService;WTService;C:\Windows\system32\atwtusb.exe -s --> C:\Windows\system32\atwtusb.exe -s [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys --> C:\Windows\system32\DRIVERS\point64.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys --> C:\Windows\system32\DRIVERS\QIOMem.sys [?]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-8-26 89600]
R3 VSTWinDriver6;VSTWinDriver6;C:\Windows\system32\drivers\VSTwindrvr6.sys --> C:\Windows\system32\drivers\VSTwindrvr6.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-21 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-21 136176]
S3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]
S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-6 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-16 07:22:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-16 07:22:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-05 11:06:34 -------- d-----w- C:\Users\Jenny\AppData\Local\Threat Expert
2012-03-03 08:54:52 3584 ----a-r- C:\Users\Jenny\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-03-03 08:54:51 -------- d-----w- C:\Program Files (x86)\Windows Installer Clean Up
2012-03-01 07:35:00 -------- d-----w- C:\Program Files\Tracker Software
2012-03-01 06:47:57 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-01 06:47:57 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-01 06:47:57 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-01 06:47:57 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-02-29 06:21:21 -------- d-----w- C:\Program Files (x86)\WinDjView
2012-02-28 09:42:36 149640 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2012-02-27 03:41:26 -------- d-----w- C:\ProgramData\Messenger Plus! for Skype
.
==================== Find3M ====================
.
2012-02-23 23:19:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-16 06:28:50 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2012-01-16 06:28:48 2246608 ----a-w- C:\Windows\PCTBDCore.dll
2012-01-16 06:28:48 1681360 ----a-w- C:\Windows\PCTBDRes.dll
2012-01-16 06:28:28 767952 ----a-w- C:\Windows\BDTSupport.dll
2012-01-11 06:19:08 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2011-12-30 07:02:56 23896 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
.
============= FINISH: 21:32:51.90 ===============

No problems with the steps you asked me to do so far.

Attached Files


Edited by DEANUH, 18 March 2012 - 06:38 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 18 March 2012 - 06:37 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DEANUH

DEANUH
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 18 March 2012 - 07:10 AM

ComboFix 12-03-17.01 - Jenny 18/03/2012 21:41:59.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.4060.2017 [GMT 10:00]
Running from: c:\users\Jenny\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Jenny\ace_uninstaller.exe
c:\users\Jenny\AppData\Local\assembly\tmp
c:\users\Jenny\AppData\Roaming\MSA
c:\users\Jenny\AppData\Roaming\MSA\userid.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-16 07:22 . 2012-03-16 07:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-16 07:22 . 2012-03-16 07:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-05 11:06 . 2012-03-05 11:06 -------- d-----w- c:\users\Jenny\AppData\Local\Threat Expert
2012-03-03 08:54 . 2012-03-03 08:54 3584 ----a-r- c:\users\Jenny\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-03-03 08:54 . 2012-03-03 08:54 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up
2012-03-01 07:35 . 2012-03-01 07:35 -------- d-----w- c:\program files\Tracker Software
2012-03-01 06:47 . 2012-03-01 06:47 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-01 06:47 . 2012-03-01 06:47 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-01 06:47 . 2012-03-01 06:47 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-01 06:47 . 2012-03-01 06:47 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-29 06:21 . 2012-02-29 06:21 -------- d-----w- c:\program files (x86)\WinDjView
2012-02-28 09:42 . 2012-02-08 01:13 149640 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-02-27 03:41 . 2012-03-17 10:26 -------- d-----w- c:\programdata\Messenger Plus! for Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 23:19 . 2011-06-22 11:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 08:09 . 2012-02-02 08:09 46080 ----a-w- c:\users\Jenny\AppData\Roaming\Microsoft\B1C3\17F7.exe
2012-02-02 08:06 . 2012-02-02 08:06 99840 ----a-w- c:\users\Jenny\AppData\Roaming\Microsoft\B1C3\1F17.tmp
2012-01-16 06:28 . 2012-02-04 05:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-16 06:28 . 2012-02-04 05:47 2246608 ----a-w- c:\windows\PCTBDCore.dll
2012-01-16 06:28 . 2012-02-04 05:47 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-01-16 06:28 . 2012-02-04 05:47 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-11 06:19 . 2012-02-04 05:42 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-12-30 07:02 . 2012-01-26 05:31 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-23 10:58 . 2012-01-09 06:59 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-12-23 10:58 . 2011-12-23 10:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-12-23 10:58 . 2011-12-23 10:58 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-12-23 10:58 . 2011-12-23 10:58 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-12-23 10:58 . 2011-12-23 10:58 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2011-12-23 10:58 . 2011-12-23 10:58 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-12-23 10:58 . 2011-12-23 10:58 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-12-23 10:58 . 2011-12-23 10:58 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2011-12-23 10:58 . 2011-12-23 10:58 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2011-12-23 10:58 . 2011-12-23 10:58 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2011-12-23 10:58 . 2011-12-23 10:58 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2011-12-23 10:58 . 2011-12-23 10:58 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2011-12-23 10:58 . 2011-12-23 10:58 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2011-12-23 10:58 . 2011-12-23 10:58 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2011-12-23 10:58 . 2011-12-23 10:58 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2011-12-23 10:58 . 2011-12-23 10:58 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2011-12-23 10:58 . 2011-12-23 10:58 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2011-12-23 10:58 . 2011-12-23 10:58 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2011-12-23 10:58 . 2011-12-23 10:58 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2011-12-23 10:58 . 2011-12-23 10:58 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2011-12-23 10:58 . 2011-12-23 10:58 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2011-12-23 10:58 . 2011-12-23 10:58 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2011-12-23 10:58 . 2011-12-23 10:58 172032 ----a-w- c:\windows\SysWow64\muzapp.exe
2011-12-23 10:58 . 2011-12-23 10:58 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2011-12-23 10:58 . 2011-12-23 10:58 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2011-12-23 10:58 . 2011-12-23 10:58 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2011-12-23 10:58 . 2011-12-23 10:58 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2011-12-23 10:58 . 2011-12-23 10:58 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2011-12-23 10:58 . 2011-12-23 10:58 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2011-12-23 10:58 . 2011-12-23 10:58 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2011-12-23 10:58 . 2012-01-09 06:59 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-12-23 10:58 . 2012-01-09 06:59 20032 ----a-w- c:\windows\SysWow64\drivers\dgderdrv.sys
2011-12-23 10:58 . 2009-06-26 22:32 319456 ----a-w- c:\windows\SysWow64\DIFxAPI.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll" [2011-01-17 175912]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-01-17 06:54 175912 ----a-w- c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll" [2011-01-17 175912]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-02-28 3478936]
"UniKey"="c:\program files\UniKey\UniKeyNT.exe" [2006-04-18 217088]
"Window Hide Tool"="c:\program files (x86)\Window Hide Tool\Window Hide Tool.exe" [2008-01-18 307200]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"NDSTray.exe"="NDSTray.exe" [BU]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-07 801792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-04-24 432640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-21 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2008-01-21 02:50]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21 03:29]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21 03:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 237056]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll" [2006-11-21 31744]
"lxcjmon.exe"="c:\program files (x86)\Lexmark 8300 Series\lxcjmon.exe" [2007-05-08 205744]
"EzPrint"="c:\program files (x86)\Lexmark 8300 Series\ezprint.exe" [2007-05-08 103344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52040
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 61.9.211.1 61.9.211.33
TCP: Interfaces\{9F4EB1ED-17DF-48E7-A8FB-7F035A68D045}: NameServer = 61.9.211.1,61.9.211.33
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\bme34tlc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52040
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
Wow6432Node-HKCU-Run-38B.exe - c:\users\Jenny\AppData\Roaming\Microsoft\B1C3\38B.exe
Wow6432Node-HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
Wow6432Node-HKLM-Run-Driver Genius - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EA0969B3-6E12-4AC0-B6C9-148E81247954} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
AddRemove-Xilisoft Video Converter Ultimate - c:\program files (x86)\Xilisoft\Video Converter Ultimate 6\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Jenny\AppData\Local\Temp\0058DD1.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va006]
"ImagePath"="\??\c:\users\Jenny\AppData\Local\Temp\0067101.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3e,03,4b,2a,b6,c8,c4,8e,c3,c4,e5,c1,f4,af,11,b0,2d,88,76,6a,81,
83,f6,0f,24,13,d2,99,4a,09,46,a8,92,43,3f,09,95,89,12,54,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5a,4b,a7,64,ba,a4,aa,67,25,39,ea,f5,a3,51,1e,b9,41,8c,f0,7a,9c,
eb,7c,07,04,68,3a,71,fb,d8,3b,57,6b,01,c2,30,d1,a0,c1,d4,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000_Classes\Wow6432Node\CLSID\{88412f34-002a-4479-8295-6911f4d47fcf}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000135
"Therad"=dword:00000017
"MData"=hex(0):e8,1d,87,0d,cf,2d,53,0c,7a,36,66,08,e2,98,d7,bf,4a,c4,a2,37,ad,
5e,7f,a5,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000_Classes\Wow6432Node\CLSID\{b04d9db3-d119-45c5-aca8-ea8999b06f76}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e9
"Therad"=dword:0000001b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2FA91FDF5DD20D3A8A61195FDDF92AB4\1038C85769625584FA5435B4210089A0]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_E86C38970BB681EEDD579C871AA7A5FA"
"ComponentVersion"="6.2.3104.0"
"ProductVersion"="2.1.1"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\58C08B5EAAD5A5198FDDE6B364A469AA\1038C85769625584FA5435B4210089A0]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_B2ABF4E631D4F0653F82F77DE2FDB99B"
"ComponentVersion"="11.0.5358.4827"
"ProductVersion"="2.1.1"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\99C418E1C4294E65B6FA6F781D73F309\1038C85769625584FA5435B4210089A0]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_3F52010C24CBE22EDE25B83E28F74340"
"ComponentVersion"="6.1.7600.16385"
"ProductVersion"="2.1.1"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DCC8D3DA412DC2CC5AE71FE50B0F6D56\1038C85769625584FA5435B4210089A0]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_FF4FA08090940EB9CDA0AA0E1725DD9A"
"ComponentVersion"="5.1.2600.2180"
"ProductVersion"="2.1.1"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\SysWOW64\atwtusb.exe
c:\program files (x86)\grasssoft\mouse recorder\MacroServiceWnd.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-03-18 22:01:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 12:01
.
Pre-Run: 176,833,888,256 bytes free
Post-Run: 176,870,666,240 bytes free
.
- - End Of File - - 7DD953D7598D8DF33C805BFF2A517EFE

During the ComboFix scan, it encountered "Illegal operation attempted on a registery key that has been marked for deletion." Also while ComboFix was generating the log file, pev.3XE Bad Image error started to pop up constantly. The problem still exists.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 18 March 2012 - 07:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DEANUH

DEANUH
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 19 March 2012 - 04:34 AM

22:29:58.0553 4640 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:30:00.0555 4640 ============================================================
22:30:00.0555 4640 Current date / time: 2012/03/18 22:30:00.0555
22:30:00.0555 4640 SystemInfo:
22:30:00.0555 4640
22:30:00.0556 4640 OS Version: 6.0.6002 ServicePack: 2.0
22:30:00.0556 4640 Product type: Workstation
22:30:00.0556 4640 ComputerName: LAPTOP
22:30:01.0761 4640 UserName: Jenny
22:30:01.0761 4640 Windows directory: C:\Windows
22:30:01.0761 4640 System windows directory: C:\Windows
22:30:02.0456 4640 Running under WOW64
22:30:02.0456 4640 Processor architecture: Intel x64
22:30:02.0456 4640 Number of processors: 2
22:30:02.0456 4640 Page size: 0x1000
22:30:02.0456 4640 Boot type: Normal boot
22:30:02.0456 4640 ============================================================
22:30:03.0250 4640 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:30:03.0254 4640 \Device\Harddisk0\DR0:
22:30:03.0254 4640 MBR used
22:30:03.0254 4640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2D34A800
22:30:03.0295 4640 Initialize success
22:30:03.0295 4640 ============================================================
22:30:07.0926 5040 ============================================================
22:30:07.0926 5040 Scan started
22:30:07.0926 5040 Mode: Manual;
22:30:07.0926 5040 ============================================================
22:30:08.0847 5040 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:30:08.0851 5040 ACPI - ok
22:30:08.0946 5040 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:30:08.0954 5040 adp94xx - ok
22:30:09.0073 5040 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:30:09.0079 5040 adpahci - ok
22:30:09.0166 5040 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:30:09.0168 5040 adpu160m - ok
22:30:09.0274 5040 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:30:09.0297 5040 adpu320 - ok
22:30:09.0351 5040 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:30:09.0357 5040 AFD - ok
22:30:09.0493 5040 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:30:09.0494 5040 agp440 - ok
22:30:09.0528 5040 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:30:09.0529 5040 aic78xx - ok
22:30:09.0557 5040 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
22:30:09.0558 5040 aliide - ok
22:30:09.0738 5040 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
22:30:09.0739 5040 amdide - ok
22:30:09.0820 5040 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:30:09.0822 5040 AmdK8 - ok
22:30:10.0275 5040 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:30:10.0563 5040 amdkmdag - ok
22:30:10.0692 5040 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:30:10.0694 5040 amdkmdap - ok
22:30:10.0783 5040 ApfiltrService (411300ea5b84fa57c8cb7601092b0e92) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:30:10.0786 5040 ApfiltrService - ok
22:30:10.0908 5040 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:30:10.0909 5040 arc - ok
22:30:10.0994 5040 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:30:11.0016 5040 arcsas - ok
22:30:11.0060 5040 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:11.0061 5040 AsyncMac - ok
22:30:11.0160 5040 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:30:11.0161 5040 atapi - ok
22:30:11.0239 5040 AtiHDAudioService (9e66c9e321a7c596ca12d839a77fcb95) C:\Windows\system32\drivers\AtihdLH6.sys
22:30:11.0240 5040 AtiHDAudioService - ok
22:30:11.0552 5040 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:30:11.0617 5040 atikmdag - ok
22:30:11.0731 5040 Beep - ok
22:30:11.0786 5040 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:30:11.0788 5040 blbdrive - ok
22:30:11.0921 5040 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:30:11.0922 5040 bowser - ok
22:30:11.0973 5040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:30:11.0974 5040 BrFiltLo - ok
22:30:12.0102 5040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:30:12.0103 5040 BrFiltUp - ok
22:30:12.0250 5040 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:30:12.0251 5040 Brserid - ok
22:30:12.0276 5040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:30:12.0277 5040 BrSerWdm - ok
22:30:12.0413 5040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:30:12.0457 5040 BrUsbMdm - ok
22:30:12.0475 5040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:30:12.0476 5040 BrUsbSer - ok
22:30:12.0565 5040 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:30:12.0566 5040 BTHMODEM - ok
22:30:12.0571 5040 catchme - ok
22:30:12.0664 5040 CAXHWAZL (cd69e6640bc4778eb4159d34a707106e) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
22:30:12.0686 5040 CAXHWAZL - ok
22:30:12.0757 5040 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:30:12.0759 5040 cdfs - ok
22:30:12.0871 5040 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:30:12.0873 5040 cdrom - ok
22:30:12.0913 5040 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:30:12.0914 5040 circlass - ok
22:30:13.0035 5040 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:30:13.0040 5040 CLFS - ok
22:30:13.0107 5040 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:30:13.0108 5040 CmBatt - ok
22:30:13.0181 5040 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
22:30:13.0182 5040 cmdide - ok
22:30:13.0267 5040 CnxtHdAudService (5a220d86c6e0dd92ea0ea157ed3ca267) C:\Windows\system32\drivers\CHDRT64.sys
22:30:13.0270 5040 CnxtHdAudService - ok
22:30:13.0311 5040 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:30:13.0312 5040 Compbatt - ok
22:30:13.0438 5040 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:30:13.0439 5040 crcdisk - ok
22:30:13.0497 5040 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:30:13.0499 5040 DfsC - ok
22:30:13.0621 5040 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
22:30:13.0623 5040 dg_ssudbus - ok
22:30:13.0673 5040 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:30:13.0675 5040 disk - ok
22:30:13.0740 5040 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:30:13.0762 5040 drmkaud - ok
22:30:13.0940 5040 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:30:13.0950 5040 DXGKrnl - ok
22:30:14.0093 5040 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:30:14.0096 5040 E1G60 - ok
22:30:14.0107 5040 EagleX64 - ok
22:30:14.0158 5040 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:30:14.0161 5040 Ecache - ok
22:30:14.0344 5040 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:30:14.0349 5040 elxstor - ok
22:30:14.0496 5040 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:30:14.0497 5040 ErrDev - ok
22:30:14.0606 5040 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:30:14.0609 5040 exfat - ok
22:30:14.0768 5040 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:30:14.0772 5040 fastfat - ok
22:30:14.0815 5040 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:30:14.0816 5040 fdc - ok
22:30:14.0942 5040 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:30:14.0943 5040 FileInfo - ok
22:30:14.0975 5040 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:30:14.0976 5040 Filetrace - ok
22:30:15.0114 5040 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:30:15.0115 5040 flpydisk - ok
22:30:15.0151 5040 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:30:15.0154 5040 FltMgr - ok
22:30:15.0284 5040 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:30:15.0285 5040 Fs_Rec - ok
22:30:15.0310 5040 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:30:15.0311 5040 gagp30kx - ok
22:30:15.0472 5040 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:30:15.0473 5040 GEARAspiWDM - ok
22:30:15.0623 5040 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
22:30:15.0627 5040 HdAudAddService - ok
22:30:15.0697 5040 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:30:15.0708 5040 HDAudBus - ok
22:30:15.0844 5040 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:30:15.0845 5040 HidBth - ok
22:30:15.0868 5040 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:30:15.0869 5040 HidIr - ok
22:30:15.0949 5040 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:30:15.0950 5040 HidUsb - ok
22:30:16.0044 5040 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:30:16.0045 5040 HpCISSs - ok
22:30:16.0163 5040 HSF_DPV (ebdba99c2362457be429f024396b63be) C:\Windows\system32\DRIVERS\CAX_DPV.sys
22:30:16.0180 5040 HSF_DPV - ok
22:30:16.0282 5040 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:30:16.0290 5040 HTTP - ok
22:30:16.0417 5040 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:30:16.0440 5040 i2omp - ok
22:30:16.0470 5040 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:30:16.0471 5040 i8042prt - ok
22:30:16.0578 5040 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
22:30:16.0580 5040 iaStor - ok
22:30:16.0681 5040 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:30:16.0685 5040 iaStorV - ok
22:30:16.0826 5040 IDMWFP (5534e14ef27ebe8563cdbce6b88501a3) C:\Windows\system32\DRIVERS\idmwfp.sys
22:30:16.0828 5040 IDMWFP - ok
22:30:16.0927 5040 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:30:16.0928 5040 iirsp - ok
22:30:17.0022 5040 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
22:30:17.0023 5040 intelide - ok
22:30:17.0051 5040 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:30:17.0052 5040 intelppm - ok
22:30:17.0089 5040 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:30:17.0091 5040 IpFilterDriver - ok
22:30:17.0187 5040 IpInIp - ok
22:30:17.0243 5040 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:30:17.0244 5040 IPMIDRV - ok
22:30:17.0275 5040 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:30:17.0277 5040 IPNAT - ok
22:30:17.0422 5040 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:30:17.0423 5040 IRENUM - ok
22:30:17.0507 5040 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:30:17.0508 5040 isapnp - ok
22:30:17.0567 5040 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:30:17.0570 5040 iScsiPrt - ok
22:30:17.0672 5040 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:30:17.0673 5040 iteatapi - ok
22:30:17.0770 5040 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:30:17.0771 5040 iteraid - ok
22:30:17.0859 5040 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:30:17.0860 5040 kbdclass - ok
22:30:17.0993 5040 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:30:17.0993 5040 kbdhid - ok
22:30:18.0512 5040 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
22:30:18.0518 5040 KSecDD - ok
22:30:19.0225 5040 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:30:19.0226 5040 ksthunk - ok
22:30:19.0382 5040 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:30:19.0383 5040 lltdio - ok
22:30:19.0421 5040 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:30:19.0422 5040 LSI_FC - ok
22:30:19.0563 5040 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:30:19.0565 5040 LSI_SAS - ok
22:30:19.0589 5040 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:30:19.0592 5040 LSI_SCSI - ok
22:30:19.0624 5040 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:30:19.0626 5040 luafv - ok
22:30:19.0664 5040 MBAMProtector (4a46fa98de81ff55a7cfc0c26262cb33) C:\Windows\system32\drivers\mbam.sys
22:30:19.0665 5040 MBAMProtector - ok
22:30:19.0834 5040 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:30:19.0835 5040 mdmxsdk - ok
22:30:19.0892 5040 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:30:19.0893 5040 megasas - ok
22:30:20.0043 5040 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:30:20.0048 5040 MegaSR - ok
22:30:20.0103 5040 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:30:20.0104 5040 Modem - ok
22:30:20.0195 5040 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:30:20.0196 5040 monitor - ok
22:30:20.0239 5040 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:30:20.0240 5040 mouclass - ok
22:30:20.0339 5040 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:30:20.0339 5040 mouhid - ok
22:30:20.0366 5040 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:30:20.0368 5040 MountMgr - ok
22:30:20.0445 5040 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:30:20.0447 5040 mpio - ok
22:30:20.0473 5040 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:30:20.0475 5040 mpsdrv - ok
22:30:20.0518 5040 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:30:20.0519 5040 Mraid35x - ok
22:30:20.0685 5040 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:30:20.0688 5040 MRxDAV - ok
22:30:20.0746 5040 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:30:20.0748 5040 mrxsmb - ok
22:30:20.0790 5040 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:30:20.0794 5040 mrxsmb10 - ok
22:30:20.0919 5040 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:30:20.0921 5040 mrxsmb20 - ok
22:30:20.0959 5040 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
22:30:20.0960 5040 msahci - ok
22:30:21.0080 5040 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:30:21.0082 5040 msdsm - ok
22:30:21.0217 5040 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:30:21.0217 5040 Msfs - ok
22:30:21.0325 5040 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:30:21.0326 5040 msisadrv - ok
22:30:21.0378 5040 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:30:21.0379 5040 MSKSSRV - ok
22:30:21.0453 5040 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:30:21.0454 5040 MSPCLOCK - ok
22:30:21.0563 5040 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:30:21.0564 5040 MSPQM - ok
22:30:21.0652 5040 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:30:21.0656 5040 MsRPC - ok
22:30:21.0734 5040 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:30:21.0735 5040 mssmbios - ok
22:30:21.0832 5040 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:30:21.0833 5040 MSTEE - ok
22:30:21.0938 5040 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:30:21.0939 5040 Mup - ok
22:30:22.0051 5040 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:30:22.0053 5040 NativeWifiP - ok
22:30:22.0151 5040 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:30:22.0156 5040 NDIS - ok
22:30:22.0292 5040 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:30:22.0293 5040 NdisTapi - ok
22:30:22.0392 5040 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:30:22.0393 5040 Ndisuio - ok
22:30:22.0484 5040 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:30:22.0487 5040 NdisWan - ok
22:30:22.0507 5040 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:30:22.0508 5040 NDProxy - ok
22:30:22.0584 5040 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:30:22.0585 5040 NetBIOS - ok
22:30:22.0672 5040 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:30:22.0675 5040 netbt - ok
22:30:22.0973 5040 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
22:30:23.0172 5040 NETw5v64 - ok
22:30:23.0511 5040 NETwNv64 (b72c97693a13e7c5806f05adfdb2388d) C:\Windows\system32\DRIVERS\NETwNv64.sys
22:30:23.0561 5040 NETwNv64 - ok
22:30:23.0750 5040 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:30:23.0751 5040 nfrd960 - ok
22:30:23.0796 5040 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:30:23.0797 5040 Npfs - ok
22:30:23.0904 5040 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:30:23.0905 5040 nsiproxy - ok
22:30:23.0969 5040 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:30:23.0978 5040 Ntfs - ok
22:30:24.0089 5040 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:30:24.0089 5040 Null - ok
22:30:24.0126 5040 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:30:24.0128 5040 nvraid - ok
22:30:24.0275 5040 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:30:24.0276 5040 nvstor - ok
22:30:24.0284 5040 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:30:24.0286 5040 nv_agp - ok
22:30:24.0292 5040 NwlnkFlt - ok
22:30:24.0299 5040 NwlnkFwd - ok
22:30:24.0345 5040 O2MDRDR (6531dced1f12f8863f5c335c4a89a02e) C:\Windows\system32\DRIVERS\o2mdx64.sys
22:30:24.0346 5040 O2MDRDR - ok
22:30:24.0458 5040 O2SDRDR (e91b345d7e8ffaf29164b81311623941) C:\Windows\system32\DRIVERS\o2sdx64.sys
22:30:24.0459 5040 O2SDRDR - ok
22:30:24.0492 5040 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:30:24.0493 5040 ohci1394 - ok
22:30:24.0663 5040 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:30:24.0665 5040 Parport - ok
22:30:24.0712 5040 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:30:24.0713 5040 partmgr - ok
22:30:24.0844 5040 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:30:24.0846 5040 pci - ok
22:30:24.0915 5040 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\DRIVERS\pciide.sys
22:30:24.0916 5040 pciide - ok
22:30:24.0956 5040 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:30:24.0959 5040 pcmcia - ok
22:30:25.0109 5040 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys
22:30:25.0111 5040 PCTBD - ok
22:30:25.0157 5040 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:30:25.0165 5040 PEAUTH - ok
22:30:25.0308 5040 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:30:25.0309 5040 Point64 - ok
22:30:25.0339 5040 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:30:25.0340 5040 PptpMiniport - ok
22:30:25.0465 5040 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:30:25.0466 5040 Processor - ok
22:30:25.0521 5040 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:30:25.0522 5040 PSched - ok
22:30:25.0621 5040 PVUSB - ok
22:30:25.0691 5040 QIOMem (030176bd0b4aaea01a651b51efe295bb) C:\Windows\system32\DRIVERS\QIOMem.sys
22:30:25.0692 5040 QIOMem - ok
22:30:25.0826 5040 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:30:25.0840 5040 ql2300 - ok
22:30:25.0965 5040 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:30:25.0967 5040 ql40xx - ok
22:30:26.0106 5040 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:30:26.0107 5040 QWAVEdrv - ok
22:30:26.0232 5040 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:30:26.0233 5040 RasAcd - ok
22:30:26.0281 5040 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:30:26.0283 5040 Rasl2tp - ok
22:30:26.0425 5040 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:30:26.0426 5040 RasPppoe - ok
22:30:26.0556 5040 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:30:26.0557 5040 RasSstp - ok
22:30:26.0649 5040 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:30:26.0653 5040 rdbss - ok
22:30:26.0742 5040 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:30:26.0742 5040 RDPCDD - ok
22:30:26.0835 5040 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:30:26.0839 5040 rdpdr - ok
22:30:26.0927 5040 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:30:26.0927 5040 RDPENCDD - ok
22:30:27.0072 5040 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:30:27.0075 5040 RDPWD - ok
22:30:27.0230 5040 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:30:27.0231 5040 rspndr - ok
22:30:27.0374 5040 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:30:27.0376 5040 sbp2port - ok
22:30:27.0543 5040 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
22:30:27.0545 5040 sdbus - ok
22:30:27.0586 5040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:30:27.0587 5040 secdrv - ok
22:30:27.0766 5040 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:30:27.0767 5040 Serenum - ok
22:30:27.0776 5040 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:30:27.0778 5040 Serial - ok
22:30:27.0917 5040 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:30:27.0918 5040 sermouse - ok
22:30:28.0062 5040 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:30:28.0063 5040 sffdisk - ok
22:30:28.0070 5040 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:30:28.0071 5040 sffp_mmc - ok
22:30:28.0089 5040 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:30:28.0090 5040 sffp_sd - ok
22:30:28.0222 5040 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:30:28.0223 5040 sfloppy - ok
22:30:28.0391 5040 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:30:28.0392 5040 SiSRaid2 - ok
22:30:28.0400 5040 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:30:28.0401 5040 SiSRaid4 - ok
22:30:28.0540 5040 SmartDefragDriver (327383124d31ac398b98f4ae300421e8) C:\Windows\system32\Drivers\SmartDefragDriver.sys
22:30:28.0541 5040 SmartDefragDriver - ok
22:30:28.0606 5040 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:30:28.0608 5040 Smb - ok
22:30:28.0785 5040 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:30:28.0786 5040 spldr - ok
22:30:28.0836 5040 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:30:28.0841 5040 srv - ok
22:30:28.0958 5040 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:30:28.0960 5040 srv2 - ok
22:30:29.0093 5040 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:30:29.0095 5040 srvnet - ok
22:30:29.0159 5040 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
22:30:29.0162 5040 ssudmdm - ok
22:30:29.0267 5040 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:30:29.0268 5040 swenum - ok
22:30:29.0311 5040 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:30:29.0312 5040 Symc8xx - ok
22:30:29.0400 5040 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:30:29.0401 5040 Sym_hi - ok
22:30:29.0408 5040 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:30:29.0410 5040 Sym_u3 - ok
22:30:29.0491 5040 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
22:30:29.0499 5040 Tcpip - ok
22:30:29.0658 5040 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
22:30:29.0667 5040 Tcpip6 - ok
22:30:29.0850 5040 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:30:29.0851 5040 tcpipreg - ok
22:30:29.0931 5040 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:30:29.0932 5040 tdcmdpst - ok
22:30:29.0986 5040 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:30:29.0986 5040 TDPIPE - ok
22:30:29.0994 5040 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:30:29.0995 5040 TDTCP - ok
22:30:30.0043 5040 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:30:30.0044 5040 tdx - ok
22:30:30.0146 5040 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:30:30.0147 5040 TermDD - ok
22:30:30.0156 5040 TfFsMon - ok
22:30:30.0164 5040 TfNetMon - ok
22:30:30.0172 5040 TFSysMon - ok
22:30:30.0232 5040 tosrfec (fa427f666e4d425acb193e406f2c3fa1) C:\Windows\system32\DRIVERS\tosrfec.sys
22:30:30.0233 5040 tosrfec - ok
22:30:30.0378 5040 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
22:30:30.0385 5040 tos_sps64 - ok
22:30:30.0439 5040 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:30:30.0440 5040 tssecsrv - ok
22:30:30.0544 5040 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:30:30.0545 5040 tunmp - ok
22:30:30.0575 5040 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:30:30.0576 5040 tunnel - ok
22:30:30.0653 5040 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:30:30.0654 5040 TVALZ - ok
22:30:30.0745 5040 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:30:30.0746 5040 uagp35 - ok
22:30:30.0862 5040 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:30:30.0867 5040 udfs - ok
22:30:30.0980 5040 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:30:30.0981 5040 uliagpkx - ok
22:30:31.0022 5040 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:30:31.0025 5040 uliahci - ok
22:30:31.0071 5040 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:30:31.0074 5040 UlSata - ok
22:30:31.0164 5040 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:30:31.0167 5040 ulsata2 - ok
22:30:31.0229 5040 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:30:31.0229 5040 umbus - ok
22:30:31.0325 5040 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:30:31.0327 5040 USBAAPL64 - ok
22:30:31.0388 5040 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:30:31.0389 5040 usbccgp - ok
22:30:31.0466 5040 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:30:31.0468 5040 usbcir - ok
22:30:31.0574 5040 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:30:31.0575 5040 usbehci - ok
22:30:31.0674 5040 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:30:31.0678 5040 usbhub - ok
22:30:31.0762 5040 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:30:31.0763 5040 usbohci - ok
22:30:31.0866 5040 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:30:31.0867 5040 usbprint - ok
22:30:31.0996 5040 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
22:30:31.0997 5040 usbscan - ok
22:30:32.0041 5040 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:30:32.0042 5040 USBSTOR - ok
22:30:32.0164 5040 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:30:32.0165 5040 usbuhci - ok
22:30:32.0193 5040 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
22:30:32.0195 5040 usbvideo - ok
22:30:32.0326 5040 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
22:30:32.0327 5040 UVCFTR - ok
22:30:32.0411 5040 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:30:32.0412 5040 vga - ok
22:30:32.0503 5040 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:30:32.0504 5040 VgaSave - ok
22:30:32.0533 5040 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
22:30:32.0534 5040 viaide - ok
22:30:32.0636 5040 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:30:32.0638 5040 volmgr - ok
22:30:32.0765 5040 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:30:32.0771 5040 volmgrx - ok
22:30:32.0877 5040 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:30:32.0880 5040 volsnap - ok
22:30:32.0955 5040 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:30:32.0958 5040 vsmraid - ok
22:30:33.0074 5040 VSTWinDriver6 (e72b7f6ad60ec55b2bbef6c6202cde2a) C:\Windows\system32\drivers\VSTwindrvr6.sys
22:30:33.0077 5040 VSTWinDriver6 - ok
22:30:33.0228 5040 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:30:33.0229 5040 WacomPen - ok
22:30:33.0267 5040 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:30:33.0268 5040 Wanarp - ok
22:30:33.0272 5040 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:30:33.0273 5040 Wanarpv6 - ok
22:30:33.0387 5040 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:30:33.0388 5040 Wd - ok
22:30:33.0442 5040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:30:33.0450 5040 Wdf01000 - ok
22:30:33.0646 5040 winachsf (9e6c63f94d2c3d884a8936e448b1028b) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
22:30:33.0655 5040 winachsf - ok
22:30:33.0802 5040 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
22:30:33.0803 5040 WinUSB - ok
22:30:33.0854 5040 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:30:33.0855 5040 WmiAcpi - ok
22:30:33.0964 5040 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:30:33.0965 5040 WpdUsb - ok
22:30:34.0020 5040 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:30:34.0021 5040 ws2ifsl - ok
22:30:34.0144 5040 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:30:34.0146 5040 WUDFRd - ok
22:30:34.0192 5040 X6va001 - ok
22:30:34.0243 5040 X6va003 - ok
22:30:34.0314 5040 X6va005 - ok
22:30:34.0327 5040 X6va006 - ok
22:30:34.0448 5040 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
22:30:34.0449 5040 XAudio - ok
22:30:34.0653 5040 yukonx64 (3373a1402397bd13455608e5852e1505) C:\Windows\system32\DRIVERS\yk60x64.sys
22:30:34.0657 5040 yukonx64 - ok
22:30:34.0686 5040 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:30:34.0762 5040 \Device\Harddisk0\DR0 - ok
22:30:34.0765 5040 Boot (0x1200) (1e770b6ae85001bceda5f7ec7b23aa9a) \Device\Harddisk0\DR0\Partition0
22:30:34.0766 5040 \Device\Harddisk0\DR0\Partition0 - ok
22:30:34.0767 5040 ============================================================
22:30:34.0767 5040 Scan finished
22:30:34.0767 5040 ============================================================
22:30:34.0779 4764 Detected object count: 0
22:30:34.0779 4764 Actual detected object count: 0
22:31:23.0250 4552 ============================================================
22:31:23.0250 4552 Scan started
22:31:23.0250 4552 Mode: Manual;
22:31:23.0250 4552 ============================================================
22:31:23.0963 4552 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:31:23.0966 4552 ACPI - ok
22:31:24.0063 4552 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:31:24.0066 4552 adp94xx - ok
22:31:24.0179 4552 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:31:24.0181 4552 adpahci - ok
22:31:24.0260 4552 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:31:24.0261 4552 adpu160m - ok
22:31:24.0369 4552 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:31:24.0370 4552 adpu320 - ok
22:31:24.0445 4552 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:31:24.0448 4552 AFD - ok
22:31:24.0598 4552 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:31:24.0599 4552 agp440 - ok
22:31:24.0622 4552 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:31:24.0623 4552 aic78xx - ok
22:31:24.0652 4552 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
22:31:24.0652 4552 aliide - ok
22:31:24.0733 4552 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
22:31:24.0733 4552 amdide - ok
22:31:24.0848 4552 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:31:24.0849 4552 AmdK8 - ok
22:31:25.0292 4552 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:25.0352 4552 amdkmdag - ok
22:31:25.0542 4552 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:31:25.0544 4552 amdkmdap - ok
22:31:25.0677 4552 ApfiltrService (411300ea5b84fa57c8cb7601092b0e92) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:31:25.0679 4552 ApfiltrService - ok
22:31:25.0891 4552 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:31:25.0892 4552 arc - ok
22:31:25.0977 4552 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:31:25.0978 4552 arcsas - ok
22:31:25.0999 4552 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:26.0000 4552 AsyncMac - ok
22:31:26.0088 4552 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:31:26.0089 4552 atapi - ok
22:31:26.0122 4552 AtiHDAudioService (9e66c9e321a7c596ca12d839a77fcb95) C:\Windows\system32\drivers\AtihdLH6.sys
22:31:26.0123 4552 AtiHDAudioService - ok
22:31:26.0470 4552 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:26.0530 4552 atikmdag - ok
22:31:26.0636 4552 Beep - ok
22:31:26.0692 4552 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:31:26.0693 4552 blbdrive - ok
22:31:26.0827 4552 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:31:26.0827 4552 bowser - ok
22:31:26.0868 4552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:31:26.0868 4552 BrFiltLo - ok
22:31:27.0008 4552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:31:27.0009 4552 BrFiltUp - ok
22:31:27.0033 4552 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:31:27.0034 4552 Brserid - ok
22:31:27.0170 4552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:31:27.0171 4552 BrSerWdm - ok
22:31:27.0185 4552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:31:27.0185 4552 BrUsbMdm - ok
22:31:27.0270 4552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:31:27.0270 4552 BrUsbSer - ok
22:31:27.0293 4552 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:31:27.0293 4552 BTHMODEM - ok
22:31:27.0299 4552 catchme - ok
22:31:27.0391 4552 CAXHWAZL (cd69e6640bc4778eb4159d34a707106e) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
22:31:27.0393 4552 CAXHWAZL - ok
22:31:27.0529 4552 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:31:27.0530 4552 cdfs - ok
22:31:27.0588 4552 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:31:27.0588 4552 cdrom - ok
22:31:27.0752 4552 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:31:27.0752 4552 circlass - ok
22:31:27.0796 4552 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:31:27.0798 4552 CLFS - ok
22:31:27.0902 4552 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:27.0902 4552 CmBatt - ok
22:31:27.0931 4552 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
22:31:27.0932 4552 cmdide - ok
22:31:28.0028 4552 CnxtHdAudService (5a220d86c6e0dd92ea0ea157ed3ca267) C:\Windows\system32\drivers\CHDRT64.sys
22:31:28.0029 4552 CnxtHdAudService - ok
22:31:28.0095 4552 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:28.0095 4552 Compbatt - ok
22:31:28.0222 4552 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:31:28.0222 4552 crcdisk - ok
22:31:28.0269 4552 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:31:28.0270 4552 DfsC - ok
22:31:28.0382 4552 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
22:31:28.0383 4552 dg_ssudbus - ok
22:31:28.0434 4552 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:31:28.0435 4552 disk - ok
22:31:28.0478 4552 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:31:28.0479 4552 drmkaud - ok
22:31:28.0589 4552 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:28.0594 4552 DXGKrnl - ok
22:31:28.0721 4552 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:31:28.0722 4552 E1G60 - ok
22:31:28.0780 4552 EagleX64 - ok
22:31:28.0842 4552 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:31:28.0843 4552 Ecache - ok
22:31:28.0961 4552 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:31:28.0964 4552 elxstor - ok
22:31:29.0046 4552 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:31:29.0046 4552 ErrDev - ok
22:31:29.0167 4552 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:31:29.0168 4552 exfat - ok
22:31:29.0273 4552 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:31:29.0275 4552 fastfat - ok
22:31:29.0398 4552 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:31:29.0399 4552 fdc - ok
22:31:29.0480 4552 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:31:29.0481 4552 FileInfo - ok
22:31:29.0569 4552 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:31:29.0570 4552 Filetrace - ok
22:31:29.0597 4552 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:29.0598 4552 flpydisk - ok
22:31:29.0679 4552 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:31:29.0681 4552 FltMgr - ok
22:31:29.0767 4552 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:29.0768 4552 Fs_Rec - ok
22:31:29.0849 4552 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:31:29.0849 4552 gagp30kx - ok
22:31:29.0955 4552 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:29.0956 4552 GEARAspiWDM - ok
22:31:30.0050 4552 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
22:31:30.0052 4552 HdAudAddService - ok
22:31:30.0169 4552 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:31:30.0174 4552 HDAudBus - ok
22:31:30.0306 4552 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:31:30.0306 4552 HidBth - ok
22:31:30.0396 4552 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:31:30.0396 4552 HidIr - ok
22:31:30.0521 4552 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:30.0522 4552 HidUsb - ok
22:31:30.0605 4552 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:31:30.0606 4552 HpCISSs - ok
22:31:30.0746 4552 HSF_DPV (ebdba99c2362457be429f024396b63be) C:\Windows\system32\DRIVERS\CAX_DPV.sys
22:31:30.0754 4552 HSF_DPV - ok
22:31:30.0899 4552 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:31:30.0903 4552 HTTP - ok
22:31:31.0023 4552 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:31:31.0023 4552 i2omp - ok
22:31:31.0053 4552 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:31:31.0054 4552 i8042prt - ok
22:31:31.0105 4552 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
22:31:31.0108 4552 iaStor - ok
22:31:31.0242 4552 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:31:31.0244 4552 iaStorV - ok
22:31:31.0320 4552 IDMWFP (5534e14ef27ebe8563cdbce6b88501a3) C:\Windows\system32\DRIVERS\idmwfp.sys
22:31:31.0321 4552 IDMWFP - ok
22:31:31.0455 4552 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:31:31.0455 4552 iirsp - ok
22:31:31.0494 4552 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
22:31:31.0495 4552 intelide - ok
22:31:31.0568 4552 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:31.0568 4552 intelppm - ok
22:31:31.0617 4552 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:31.0618 4552 IpFilterDriver - ok
22:31:31.0681 4552 IpInIp - ok
22:31:31.0772 4552 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:31:31.0772 4552 IPMIDRV - ok
22:31:31.0803 4552 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:31:31.0804 4552 IPNAT - ok
22:31:31.0884 4552 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:31:31.0884 4552 IRENUM - ok
22:31:31.0979 4552 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:31:31.0979 4552 isapnp - ok
22:31:32.0028 4552 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:32.0030 4552 iScsiPrt - ok
22:31:32.0122 4552 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:31:32.0123 4552 iteatapi - ok
22:31:32.0209 4552 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:31:32.0210 4552 iteraid - ok
22:31:32.0243 4552 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:32.0243 4552 kbdclass - ok
22:31:32.0331 4552 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:32.0332 4552 kbdhid - ok
22:31:32.0428 4552 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
22:31:32.0431 4552 KSecDD - ok
22:31:32.0449 4552 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:31:32.0449 4552 ksthunk - ok
22:31:32.0532 4552 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:32.0533 4552 lltdio - ok
22:31:32.0626 4552 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:31:32.0627 4552 LSI_FC - ok
22:31:32.0735 4552 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:31:32.0736 4552 LSI_SAS - ok
22:31:32.0817 4552 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:31:32.0818 4552 LSI_SCSI - ok
22:31:32.0852 4552 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:31:32.0853 4552 luafv - ok
22:31:32.0892 4552 MBAMProtector (4a46fa98de81ff55a7cfc0c26262cb33) C:\Windows\system32\drivers\mbam.sys
22:31:32.0892 4552 MBAMProtector - ok
22:31:32.0929 4552 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:31:32.0929 4552 mdmxsdk - ok
22:31:33.0053 4552 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:31:33.0054 4552 megasas - ok
22:31:33.0149 4552 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:31:33.0151 4552 MegaSR - ok
22:31:33.0309 4552 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:31:33.0309 4552 Modem - ok
22:31:33.0389 4552 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:31:33.0390 4552 monitor - ok
22:31:33.0456 4552 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:33.0457 4552 mouclass - ok
22:31:33.0522 4552 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:33.0522 4552 mouhid - ok
22:31:33.0633 4552 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:31:33.0634 4552 MountMgr - ok
22:31:33.0717 4552 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:31:33.0719 4552 mpio - ok
22:31:33.0756 4552 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:31:33.0757 4552 mpsdrv - ok
22:31:33.0835 4552 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:31:33.0835 4552 Mraid35x - ok
22:31:33.0946 4552 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:31:33.0948 4552 MRxDAV - ok
22:31:34.0040 4552 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:34.0041 4552 mrxsmb - ok
22:31:34.0074 4552 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:34.0075 4552 mrxsmb10 - ok
22:31:34.0103 4552 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:34.0103 4552 mrxsmb20 - ok
22:31:34.0209 4552 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
22:31:34.0209 4552 msahci - ok
22:31:34.0264 4552 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:31:34.0265 4552 msdsm - ok
22:31:34.0278 4552 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:31:34.0279 4552 Msfs - ok
22:31:34.0330 4552 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:31:34.0331 4552 msisadrv - ok
22:31:34.0416 4552 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:34.0417 4552 MSKSSRV - ok
22:31:34.0492 4552 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:34.0492 4552 MSPCLOCK - ok
22:31:34.0557 4552 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:31:34.0558 4552 MSPQM - ok
22:31:34.0613 4552 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:31:34.0615 4552 MsRPC - ok
22:31:34.0684 4552 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:31:34.0684 4552 mssmbios - ok
22:31:34.0771 4552 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:31:34.0772 4552 MSTEE - ok
22:31:34.0865 4552 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:31:34.0866 4552 Mup - ok
22:31:35.0023 4552 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:35.0025 4552 NativeWifiP - ok
22:31:35.0124 4552 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:31:35.0128 4552 NDIS - ok
22:31:35.0219 4552 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:35.0220 4552 NdisTapi - ok
22:31:35.0287 4552 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:35.0287 4552 Ndisuio - ok
22:31:35.0379 4552 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:35.0380 4552 NdisWan - ok
22:31:35.0457 4552 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:31:35.0458 4552 NDProxy - ok
22:31:35.0523 4552 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:31:35.0524 4552 NetBIOS - ok
22:31:35.0599 4552 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:31:35.0601 4552 netbt - ok
22:31:35.0834 4552 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
22:31:35.0860 4552 NETw5v64 - ok
22:31:36.0195 4552 NETwNv64 (b72c97693a13e7c5806f05adfdb2388d) C:\Windows\system32\DRIVERS\NETwNv64.sys
22:31:36.0242 4552 NETwNv64 - ok
22:31:36.0389 4552 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:31:36.0389 4552 nfrd960 - ok
22:31:36.0435 4552 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:31:36.0435 4552 Npfs - ok
22:31:36.0554 4552 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:31:36.0555 4552 nsiproxy - ok
22:31:36.0619 4552 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:31:36.0627 4552 Ntfs - ok
22:31:36.0750 4552 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:31:36.0751 4552 Null - ok
22:31:36.0787 4552 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:31:36.0788 4552 nvraid - ok
22:31:36.0813 4552 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:31:36.0814 4552 nvstor - ok
22:31:36.0871 4552 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:31:36.0872 4552 nv_agp - ok
22:31:36.0937 4552 NwlnkFlt - ok
22:31:36.0945 4552 NwlnkFwd - ok
22:31:36.0984 4552 O2MDRDR (6531dced1f12f8863f5c335c4a89a02e) C:\Windows\system32\DRIVERS\o2mdx64.sys
22:31:36.0984 4552 O2MDRDR - ok
22:31:37.0008 4552 O2SDRDR (e91b345d7e8ffaf29164b81311623941) C:\Windows\system32\DRIVERS\o2sdx64.sys
22:31:37.0009 4552 O2SDRDR - ok
22:31:37.0087 4552 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:31:37.0088 4552 ohci1394 - ok
22:31:37.0191 4552 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:31:37.0192 4552 Parport - ok
22:31:37.0295 4552 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:31:37.0296 4552 partmgr - ok
22:31:37.0394 4552 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:31:37.0395 4552 pci - ok
22:31:37.0465 4552 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\DRIVERS\pciide.sys
22:31:37.0465 4552 pciide - ok
22:31:37.0551 4552 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:31:37.0553 4552 pcmcia - ok
22:31:37.0604 4552 PCTBD (7b92f2574a45a99da507a153c7920e8a) C:\Windows\system32\Drivers\PCTBD64.sys
22:31:37.0604 4552 PCTBD - ok
22:31:37.0707 4552 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:31:37.0711 4552 PEAUTH - ok
22:31:37.0813 4552 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:31:37.0814 4552 Point64 - ok
22:31:37.0951 4552 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:37.0952 4552 PptpMiniport - ok
22:31:38.0048 4552 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:31:38.0049 4552 Processor - ok
22:31:38.0170 4552 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:31:38.0412 4552 PSched - ok
22:31:38.0615 4552 PVUSB - ok
22:31:38.0975 4552 QIOMem (030176bd0b4aaea01a651b51efe295bb) C:\Windows\system32\DRIVERS\QIOMem.sys
22:31:38.0975 4552 QIOMem - ok
22:31:39.0376 4552 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:31:39.0383 4552 ql2300 - ok
22:31:39.0649 4552 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:31:39.0650 4552 ql40xx - ok
22:31:39.0989 4552 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:31:39.0990 4552 QWAVEdrv - ok
22:31:40.0182 4552 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:31:40.0182 4552 RasAcd - ok
22:31:40.0231 4552 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:40.0232 4552 Rasl2tp - ok
22:31:40.0308 4552 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:40.0309 4552 RasPppoe - ok
22:31:40.0394 4552 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:31:40.0395 4552 RasSstp - ok
22:31:40.0466 4552 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:31:40.0468 4552 rdbss - ok
22:31:40.0485 4552 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:40.0485 4552 RDPCDD - ok
22:31:40.0718 4552 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:31:40.0720 4552 rdpdr - ok
22:31:40.0754 4552 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:31:40.0755 4552 RDPENCDD - ok
22:31:40.0855 4552 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:31:40.0857 4552 RDPWD - ok
22:31:40.0979 4552 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:31:40.0980 4552 rspndr - ok
22:31:41.0080 4552 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:31:41.0080 4552 sbp2port - ok
22:31:41.0116 4552 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
22:31:41.0117 4552 sdbus - ok
22:31:41.0225 4552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:31:41.0225 4552 secdrv - ok
22:31:41.0271 4552 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:31:41.0272 4552 Serenum - ok
22:31:41.0305 4552 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:31:41.0306 4552 Serial - ok
22:31:41.0337 4552 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:31:41.0338 4552 sermouse - ok
22:31:41.0423 4552 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:31:41.0424 4552 sffdisk - ok
22:31:41.0507 4552 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:31:41.0508 4552 sffp_mmc - ok
22:31:41.0661 4552 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:31:41.0661 4552 sffp_sd - ok
22:31:41.0715 4552 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:31:41.0715 4552 sfloppy - ok
22:31:41.0797 4552 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:31:41.0797 4552 SiSRaid2 - ok
22:31:41.0886 4552 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:31:41.0887 4552 SiSRaid4 - ok
22:31:41.0990 4552 SmartDefragDriver (327383124d31ac398b98f4ae300421e8) C:\Windows\system32\Drivers\SmartDefragDriver.sys
22:31:41.0990 4552 SmartDefragDriver - ok
22:31:42.0067 4552 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:31:42.0068 4552 Smb - ok
22:31:42.0201 4552 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:31:42.0202 4552 spldr - ok
22:31:42.0252 4552 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:31:42.0255 4552 srv - ok
22:31:42.0374 4552 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:31:42.0376 4552 srv2 - ok
22:31:42.0410 4552 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:42.0411 4552 srvnet - ok
22:31:42.0475 4552 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
22:31:42.0477 4552 ssudmdm - ok
22:31:42.0672 4552 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:31:42.0673 4552 swenum - ok
22:31:42.0716 4552 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:31:42.0717 4552 Symc8xx - ok
22:31:42.0816 4552 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:31:42.0817 4552 Sym_hi - ok
22:31:42.0826 4552 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:31:42.0827 4552 Sym_u3 - ok
22:31:42.0908 4552 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
22:31:42.0916 4552 Tcpip - ok
22:31:43.0063 4552 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
22:31:43.0071 4552 Tcpip6 - ok
22:31:43.0189 4552 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:31:43.0189 4552 tcpipreg - ok
22:31:43.0303 4552 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:31:43.0304 4552 tdcmdpst - ok
22:31:43.0335 4552 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:31:43.0336 4552 TDPIPE - ok
22:31:43.0416 4552 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:31:43.0417 4552 TDTCP - ok
22:31:43.0459 4552 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:31:43.0460 4552 tdx - ok
22:31:43.0585 4552 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:31:43.0586 4552 TermDD - ok
22:31:43.0627 4552 TfFsMon - ok
22:31:43.0635 4552 TfNetMon - ok
22:31:43.0643 4552 TFSysMon - ok
22:31:43.0705 4552 tosrfec (fa427f666e4d425acb193e406f2c3fa1) C:\Windows\system32\DRIVERS\tosrfec.sys
22:31:43.0705 4552 tosrfec - ok
22:31:44.0117 4552 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
22:31:44.0120 4552 tos_sps64 - ok
22:31:44.0422 4552 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:44.0423 4552 tssecsrv - ok
22:31:44.0430 4552 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:31:44.0431 4552 tunmp - ok
22:31:44.0480 4552 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:31:44.0481 4552 tunnel - ok
22:31:44.0547 4552 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:31:44.0548 4552 TVALZ - ok
22:31:44.0584 4552 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:31:44.0584 4552 uagp35 - ok
22:31:44.0701 4552 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:31:44.0703 4552 udfs - ok
22:31:44.0819 4552 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:31:44.0819 4552 uliagpkx - ok
22:31:44.0850 4552 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:31:44.0852 4552 uliahci - ok
22:31:44.0934 4552 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:31:44.0935 4552 UlSata - ok
22:31:45.0059 4552 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:31:45.0060 4552 ulsata2 - ok
22:31:45.0145 4552 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:31:45.0146 4552 umbus - ok
22:31:45.0242 4552 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:31:45.0243 4552 USBAAPL64 - ok
22:31:45.0315 4552 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:45.0316 4552 usbccgp - ok
22:31:45.0416 4552 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:31:45.0417 4552 usbcir - ok
22:31:45.0502 4552 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:31:45.0503 4552 usbehci - ok
22:31:45.0635 4552 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:31:45.0637 4552 usbhub - ok
22:31:45.0723 4552 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:31:45.0724 4552 usbohci - ok
22:31:45.0827 4552 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:31:45.0828 4552 usbprint - ok
22:31:45.0957 4552 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
22:31:45.0958 4552 usbscan - ok
22:31:46.0013 4552 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:46.0014 4552 USBSTOR - ok
22:31:46.0058 4552 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:31:46.0059 4552 usbuhci - ok
22:31:46.0187 4552 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
22:31:46.0189 4552 usbvideo - ok
22:31:46.0221 4552 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
22:31:46.0221 4552 UVCFTR - ok
22:31:46.0261 4552 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:46.0261 4552 vga - ok
22:31:46.0297 4552 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:31:46.0298 4552 VgaSave - ok
22:31:46.0417 4552 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
22:31:46.0417 4552 viaide - ok
22:31:46.0475 4552 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:31:46.0476 4552 volmgr - ok
22:31:46.0604 4552 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:31:46.0606 4552 volmgrx - ok
22:31:46.0705 4552 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:31:46.0707 4552 volsnap - ok
22:31:46.0817 4552 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:31:46.0818 4552 vsmraid - ok
22:31:46.0880 4552 VSTWinDriver6 (e72b7f6ad60ec55b2bbef6c6202cde2a) C:\Windows\system32\drivers\VSTwindrvr6.sys
22:31:46.0881 4552 VSTWinDriver6 - ok
22:31:46.0989 4552 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:31:46.0990 4552 WacomPen - ok
22:31:47.0095 4552 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:47.0095 4552 Wanarp - ok
22:31:47.0099 4552 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:47.0100 4552 Wanarpv6 - ok
22:31:47.0170 4552 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:31:47.0170 4552 Wd - ok
22:31:47.0281 4552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:31:47.0285 4552 Wdf01000 - ok
22:31:47.0374 4552 winachsf (9e6c63f94d2c3d884a8936e448b1028b) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
22:31:47.0379 4552 winachsf - ok
22:31:47.0530 4552 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
22:31:47.0530 4552 WinUSB - ok
22:31:47.0565 4552 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:31:47.0566 4552 WmiAcpi - ok
22:31:47.0636 4552 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:31:47.0637 4552 WpdUsb - ok
22:31:47.0770 4552 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:31:47.0770 4552 ws2ifsl - ok
22:31:47.0816 4552 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:47.0817 4552 WUDFRd - ok
22:31:47.0893 4552 X6va001 - ok
22:31:47.0902 4552 X6va003 - ok
22:31:47.0986 4552 X6va005 - ok
22:31:47.0992 4552 X6va006 - ok
22:31:48.0098 4552 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
22:31:48.0099 4552 XAudio - ok
22:31:48.0235 4552 yukonx64 (3373a1402397bd13455608e5852e1505) C:\Windows\system32\DRIVERS\yk60x64.sys
22:31:48.0238 4552 yukonx64 - ok
22:31:48.0258 4552 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:31:48.0312 4552 \Device\Harddisk0\DR0 - ok
22:31:48.0315 4552 Boot (0x1200) (1e770b6ae85001bceda5f7ec7b23aa9a) \Device\Harddisk0\DR0\Partition0
22:31:48.0316 4552 \Device\Harddisk0\DR0\Partition0 - ok
22:31:48.0317 4552 ============================================================
22:31:48.0317 4552 Scan finished
22:31:48.0317 4552 ============================================================
22:31:48.0326 0880 Detected object count: 0
22:31:48.0326 0880 Actual detected object count: 0
22:32:22.0236 2216 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 18:45:05
-----------------------------
18:45:05.536 OS Version: Windows x64 6.0.6002 Service Pack 2
18:45:05.536 Number of processors: 2 586 0x1706
18:45:05.537 ComputerName: LAPTOP UserName: Jenny
18:45:06.943 Initialize success
18:45:13.203 AVAST engine defs: 12031700
18:45:17.114 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:45:17.116 Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
18:45:17.140 Disk 0 MBR read successfully
18:45:17.142 Disk 0 MBR scan
18:45:17.145 Disk 0 Windows VISTA default MBR code
18:45:17.154 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:45:17.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 370325 MB offset 3074048
18:45:17.210 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9728 MB offset 761499648
18:45:17.258 Disk 0 scanning C:\Windows\system32\drivers
18:45:41.935 Service scanning
18:46:26.909 Modules scanning
18:46:26.915 Disk 0 trace - called modules:
18:46:26.945 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
18:46:26.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058c0790]
18:46:26.954 3 CLASSPNP.SYS[fffffa60011d2c33] -> nt!IofCallDriver -> [0xfffffa8004b9d7e0]
18:46:26.958 5 acpi.sys[fffffa60008c1fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800539f050]
18:46:28.972 AVAST engine scan C:\Windows
18:46:35.473 AVAST engine scan C:\Windows\system32
18:53:39.716 AVAST engine scan C:\Windows\system32\drivers
18:54:06.051 AVAST engine scan C:\Users\Jenny
19:13:03.548 File: C:\Users\Jenny\AppData\Roaming\Microsoft\B1C3\17F7.exe **INFECTED** Win32:Malware-gen
19:13:03.674 File: C:\Users\Jenny\AppData\Roaming\Microsoft\B1C3\1F17.tmp **INFECTED** Win32:Cycbot-RO [Trj]
19:15:23.935 Disk 0 MBR has been saved successfully to "C:\Users\Jenny\Desktop\MBR.dat"
19:15:23.941 The log file has been saved successfully to "C:\Users\Jenny\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 18:45:05
-----------------------------
18:45:05.536 OS Version: Windows x64 6.0.6002 Service Pack 2
18:45:05.536 Number of processors: 2 586 0x1706
18:45:05.537 ComputerName: LAPTOP UserName: Jenny
18:45:06.943 Initialize success
18:45:13.203 AVAST engine defs: 12031700
18:45:17.114 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:45:17.116 Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
18:45:17.140 Disk 0 MBR read successfully
18:45:17.142 Disk 0 MBR scan
18:45:17.145 Disk 0 Windows VISTA default MBR code
18:45:17.154 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:45:17.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 370325 MB offset 3074048
18:45:17.210 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9728 MB offset 761499648
18:45:17.258 Disk 0 scanning C:\Windows\system32\drivers
18:45:41.935 Service scanning
18:46:26.909 Modules scanning
18:46:26.915 Disk 0 trace - called modules:
18:46:26.945 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
18:46:26.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058c0790]
18:46:26.954 3 CLASSPNP.SYS[fffffa60011d2c33] -> nt!IofCallDriver -> [0xfffffa8004b9d7e0]
18:46:26.958 5 acpi.sys[fffffa60008c1fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800539f050]
18:46:28.972 AVAST engine scan C:\Windows
18:46:35.473 AVAST engine scan C:\Windows\system32
18:53:39.716 AVAST engine scan C:\Windows\system32\drivers
18:54:06.051 AVAST engine scan C:\Users\Jenny
19:13:03.548 File: C:\Users\Jenny\AppData\Roaming\Microsoft\B1C3\17F7.exe **INFECTED** Win32:Malware-gen
19:13:03.674 File: C:\Users\Jenny\AppData\Roaming\Microsoft\B1C3\1F17.tmp **INFECTED** Win32:Cycbot-RO [Trj]
19:15:23.935 Disk 0 MBR has been saved successfully to "C:\Users\Jenny\Desktop\MBR.dat"
19:15:23.941 The log file has been saved successfully to "C:\Users\Jenny\Desktop\aswMBR.txt"
19:15:58.393 File: C:\Users\Jenny\Documents\Downloads\Programs\VLC_Setup.exe **INFECTED** Win32:Adware-gen [Adw]
19:23:02.015 AVAST engine scan C:\ProgramData
19:30:06.339 Scan finished successfully
19:31:46.489 Disk 0 MBR has been saved successfully to "C:\Users\Jenny\Desktop\MBR.dat"
19:31:46.819 The log file has been saved successfully to "C:\Users\Jenny\Desktop\aswMBR.txt"


While running aswMBR the first time, the computer crashed with a blue screen but I don't think it was BSOD. The aswMBR scan worked fine the second time.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 19 March 2012 - 12:26 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
AtJob::

File::
c:\users\Jenny\AppData\Local\Temp\0058DD1.tmp
c:\users\Jenny\AppData\Local\Temp\0067101.tmp

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:52040

Firefox::
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\bme34tlc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52040

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2FA91FDF5DD20D3A8A61195FDDF92AB4\1038C85769625584FA5435B4210089A0]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\58C08B5EAAD5A5198FDDE6B364A469AA\1038C85769625584FA5435B4210089A0]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\99C418E1C4294E65B6FA6F781D73F309\1038C85769625584FA5435B4210089A0]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DCC8D3DA412DC2CC5AE71FE50B0F6D56\1038C85769625584FA5435B4210089A0]

RegLockDel::
[HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000_Classes\Wow6432Node\CLSID\{88412f34-002a-4479-8295-6911f4d47fcf}]
[HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000_Classes\Wow6432Node\CLSID\{b04d9db3-d119-45c5-aca8-ea8999b06f76}]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DEANUH

DEANUH
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 20 March 2012 - 05:41 AM

ComboFix 12-03-17.01 - Jenny 20/03/2012 18:15:30.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.4060.2689 [GMT 10:00]
Running from: c:\users\Jenny\Desktop\ComboFix.exe
Command switches used :: c:\users\Jenny\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jenny\AppData\Local\Temp\0058DD1.tmp"
"c:\users\Jenny\AppData\Local\Temp\0067101.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 08:22 . 2012-03-20 08:26 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2012-03-20 08:22 . 2012-03-20 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 07:22 . 2012-03-16 07:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-16 07:22 . 2012-03-16 07:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-05 11:06 . 2012-03-05 11:06 -------- d-----w- c:\users\Jenny\AppData\Local\Threat Expert
2012-03-03 08:54 . 2012-03-03 08:54 3584 ----a-r- c:\users\Jenny\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-03-03 08:54 . 2012-03-03 08:54 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up
2012-03-01 07:35 . 2012-03-01 07:35 -------- d-----w- c:\program files\Tracker Software
2012-03-01 06:47 . 2012-03-01 06:47 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-01 06:47 . 2012-03-01 06:47 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-01 06:47 . 2012-03-01 06:47 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-01 06:47 . 2012-03-01 06:47 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-29 06:21 . 2012-02-29 06:21 -------- d-----w- c:\program files (x86)\WinDjView
2012-02-28 09:42 . 2012-02-08 01:13 149640 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-02-27 03:41 . 2012-03-17 10:26 -------- d-----w- c:\programdata\Messenger Plus! for Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 23:19 . 2011-06-22 11:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 08:09 . 2012-02-02 08:09 46080 ----a-w- c:\users\Jenny\AppData\Roaming\Microsoft\B1C3\17F7.exe
2012-02-02 08:06 . 2012-02-02 08:06 99840 ----a-w- c:\users\Jenny\AppData\Roaming\Microsoft\B1C3\1F17.tmp
2012-01-16 06:28 . 2012-02-04 05:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-16 06:28 . 2012-02-04 05:47 2246608 ----a-w- c:\windows\PCTBDCore.dll
2012-01-16 06:28 . 2012-02-04 05:47 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-01-16 06:28 . 2012-02-04 05:47 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-11 06:19 . 2012-02-04 05:42 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-12-30 07:02 . 2012-01-26 05:31 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-23 10:58 . 2012-01-09 06:59 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-12-23 10:58 . 2011-12-23 10:58 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-12-23 10:58 . 2011-12-23 10:58 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-12-23 10:58 . 2011-12-23 10:58 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-12-23 10:58 . 2011-12-23 10:58 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2011-12-23 10:58 . 2011-12-23 10:58 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-12-23 10:58 . 2011-12-23 10:58 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-12-23 10:58 . 2011-12-23 10:58 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2011-12-23 10:58 . 2011-12-23 10:58 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2011-12-23 10:58 . 2011-12-23 10:58 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2011-12-23 10:58 . 2011-12-23 10:58 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2011-12-23 10:58 . 2011-12-23 10:58 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2011-12-23 10:58 . 2011-12-23 10:58 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2011-12-23 10:58 . 2011-12-23 10:58 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2011-12-23 10:58 . 2011-12-23 10:58 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2011-12-23 10:58 . 2011-12-23 10:58 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2011-12-23 10:58 . 2011-12-23 10:58 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2011-12-23 10:58 . 2011-12-23 10:58 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2011-12-23 10:58 . 2011-12-23 10:58 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2011-12-23 10:58 . 2011-12-23 10:58 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2011-12-23 10:58 . 2011-12-23 10:58 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2011-12-23 10:58 . 2011-12-23 10:58 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2011-12-23 10:58 . 2011-12-23 10:58 172032 ----a-w- c:\windows\SysWow64\muzapp.exe
2011-12-23 10:58 . 2011-12-23 10:58 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2011-12-23 10:58 . 2011-12-23 10:58 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2011-12-23 10:58 . 2011-12-23 10:58 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2011-12-23 10:58 . 2011-12-23 10:58 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2011-12-23 10:58 . 2011-12-23 10:58 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2011-12-23 10:58 . 2011-12-23 10:58 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2011-12-23 10:58 . 2011-12-23 10:58 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2011-12-23 10:58 . 2012-01-09 06:59 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-12-23 10:58 . 2012-01-09 06:59 20032 ----a-w- c:\windows\SysWow64\drivers\dgderdrv.sys
2011-12-23 10:58 . 2009-06-26 22:32 319456 ----a-w- c:\windows\SysWow64\DIFxAPI.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-18_11.53.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-03-20 08:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-03-18 11:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-03-18 11:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-20 08:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 15:45 . 2012-03-20 08:26 93068 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-26 23:48 . 2012-03-20 08:26 31210 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4166464485-1022577811-3062472859-1000_UserData.bin
+ 2009-06-26 22:49 . 2012-03-20 07:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-26 22:49 . 2012-03-17 22:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-26 22:49 . 2012-03-17 22:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-26 22:49 . 2012-03-20 07:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-26 22:49 . 2012-03-20 07:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-26 22:49 . 2012-03-17 22:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-18 11:52 . 2012-03-18 11:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 08:24 . 2012-03-20 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 08:24 . 2012-03-20 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-18 11:52 . 2012-03-18 11:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 03:20 . 2012-03-20 08:24 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 02:23 . 2012-03-20 08:26 105900 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-03-15 12:30 685296 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-19 12:04 685296 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-03-15 12:30 135008 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-03-19 12:04 135008 c:\windows\system32\perfc009.dat
+ 2011-10-14 06:23 . 2012-03-20 08:22 829696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-14 06:23 . 2012-03-18 11:51 829696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-10 06:39 . 2012-03-18 11:51 413164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-10 06:39 . 2012-03-20 08:22 413164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-16 13:28 . 2012-03-20 08:22 6810298 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4166464485-1022577811-3062472859-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll" [2011-01-17 175912]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-01-17 06:54 175912 ----a-w- c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll" [2011-01-17 175912]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-02-28 3478936]
"UniKey"="c:\program files\UniKey\UniKeyNT.exe" [2006-04-18 217088]
"Window Hide Tool"="c:\program files (x86)\Window Hide Tool\Window Hide Tool.exe" [2008-01-18 307200]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"NDSTray.exe"="NDSTray.exe" [BU]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-07 801792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-04-24 432640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-21 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2008-01-21 02:50]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21 03:29]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-21 03:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 237056]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll" [2006-11-21 31744]
"lxcjmon.exe"="c:\program files (x86)\Lexmark 8300 Series\lxcjmon.exe" [2007-05-08 205744]
"EzPrint"="c:\program files (x86)\Lexmark 8300 Series\ezprint.exe" [2007-05-08 103344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: Interfaces\{9F4EB1ED-17DF-48E7-A8FB-7F035A68D045}: NameServer = 61.9.211.1,61.9.211.33
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\bme34tlc.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EA0969B3-6E12-4AC0-B6C9-148E81247954} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va005]
"ImagePath"="\??\c:\users\Jenny\AppData\Local\Temp\0058DD1.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va006]
"ImagePath"="\??\c:\users\Jenny\AppData\Local\Temp\0067101.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2FA91FDF5DD20D3A8A61195FDDF92AB4\1038C85769625584FA5435B4210089A0]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_E86C38970BB681EEDD579C871AA7A5FA"
"ComponentVersion"="6.2.3104.0"
"ProductVersion"="2.1.1"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\58C08B5EAAD5A5198FDDE6B364A469AA\1038C85769625584FA5435B4210089A0]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_B2ABF4E631D4F0653F82F77DE2FDB99B"
"ComponentVersion"="11.0.5358.4827"
"ProductVersion"="2.1.1"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\99C418E1C4294E65B6FA6F781D73F309\1038C85769625584FA5435B4210089A0]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_3F52010C24CBE22EDE25B83E28F74340"
"ComponentVersion"="6.1.7600.16385"
"ProductVersion"="2.1.1"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DCC8D3DA412DC2CC5AE71FE50B0F6D56\1038C85769625584FA5435B4210089A0]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="_FF4FA08090940EB9CDA0AA0E1725DD9A"
"ComponentVersion"="5.1.2600.2180"
"ProductVersion"="2.1.1"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\SysWOW64\atwtusb.exe
c:\program files (x86)\grasssoft\mouse recorder\MacroServiceWnd.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-03-20 18:31:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 08:31
ComboFix2.txt 2012-03-18 12:01
.
Pre-Run: 177,992,392,704 bytes free
Post-Run: 177,997,025,280 bytes free
.
- - End Of File - - 7106C5731F222657C433763D9682F2CA



No problems running ComboFix however the problem still appears .

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 20 March 2012 - 07:31 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DEANUH

DEANUH
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 21 March 2012 - 01:31 AM

OTL logfile created on: 21/03/2012 4:25:27 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Jenny\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.96 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.66% Memory free
8.12 Gb Paging File | 6.42 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 361.65 Gb Total Space | 162.57 Gb Free Space | 44.95% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroService.exe (Grass Software)
PRC - c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroServiceWnd.exe (Grass Software)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\atwtusb.exe ()
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA Corporation.)
PRC - C:\Program Files (x86)\Window Hide Tool\Window Hide Tool.exe (FOMINE SOFTWARE)
PRC - C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
PRC - c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\UniKey\UniKeyNT.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\Program Files (x86)\GrassSoft\Mouse Recorder\mk_nt.DLL ()
MOD - C:\Program Files\UniKey\UniKeyNT.exe ()
MOD - C:\Program Files\UniKey\UKHook40.dll ()
MOD - C:\Program Files (x86)\Lexmark 8300 Series\iptk.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (lxcj_device) -- C:\Windows\SysNative\lxcjcoms.exe ( )
SRV - (MsgPlusService) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (Macro Expert) -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroService.exe (Grass Software)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WTService) -- C:\Windows\SysWOW64\atwtusb.exe ()
SRV - (TNaviSrv) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA Corporation.)
SRV - (o2flash) -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (lxcj_device) -- C:\Windows\SysWOW64\lxcjcoms.exe ( )
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\DRIVERS\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (NETwNv64) ___ Intel® -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys (Intel Corporation)
DRV:64bit: - (PCTBD) -- C:\Windows\SysNative\Drivers\PCTBD64.sys (PC Tools)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\DRIVERS\point64.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (VSTWinDriver6) -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys (Jungo)
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys (O2Micro )
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys (O2Micro )
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\DRIVERS\QIOMem.sys (TOSHIBA)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (PVUSB) -- C:\Windows\SysWOW64\drivers\CESG502.SYS (Hitachi Semiconductor and Devices Sales Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BT5&o=15439&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GJ&apn_dtid=&apn_uid=4B5E6B7F-D38B-4765-9737-77D6CB234A27&apn_sauid=86FBBFE1-E7F1-47BC-A98D-C23AE1D0C673
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60452
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=b7e65004-62cd-4c35-b4d8-d7e81be1f63d&query={searchTerms}
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.97: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@firebreath.googlecode.com/Riot5Plugin: C:\Users\Jenny\AppData\Roaming\FBDevTeam\Riot5Plugin\npRiot5Plugin.dll (Firebreath Dev Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2011/05/09 11:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/02/04 15:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/01 16:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/28 10:15:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Jenny\AppData\Roaming\IDM\idmmzcc5 [2012/03/01 16:46:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Jenny\AppData\Roaming\IDM\idmmzcc5 [2012/03/01 16:46:21 | 000,000,000 | ---D | M]

[2011/10/23 14:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2012/01/06 11:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\bme34tlc.default\extensions
[2011/11/10 08:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/23 15:14:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/01 16:46:21 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\JENNY\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\JENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BME34TLC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/01 16:47:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/01 16:47:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/01 16:47:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: getPlusPlus for Adobe 16297 (Enabled) = C:\Program Files (x86)\NOS\bin\np_gp.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Skype Click to Call = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Users\Jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/20 18:24:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files (x86)\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Australia Toolbar) - {EA0969B3-6E12-4AC0-B6C9-148E81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LXCJCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCJtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcjmon.exe] C:\Program Files (x86)\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [TkBellExe] "realsched.exe" -osboot File not found
O4 - HKU\.DEFAULT..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000..\Run: [UniKey] C:\Program Files\UniKey\UniKeyNT.exe ()
O4 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000..\Run: [Window Hide Tool] C:\Program Files (x86)\Window Hide Tool\Window Hide Tool.exe (FOMINE SOFTWARE)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4EB1ED-17DF-48E7-A8FB-7F035A68D045}: NameServer = 61.9.211.1,61.9.211.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C021C9C5-BCE6-4C89-83FA-0D50FDE08D84}: DhcpNameServer = 61.9.211.1 61.9.211.33
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 15:56:41 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2012/03/20 18:31:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/20 18:31:48 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\temp
[2012/03/20 18:24:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/18 22:30:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jenny\Desktop\aswMBR.exe
[2012/03/18 22:29:18 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jenny\Desktop\tdsskiller.exe
[2012/03/18 21:40:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/18 21:40:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/18 21:40:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/18 21:39:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/18 21:39:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/18 21:39:39 | 004,438,697 | R--- | C] (Swearware) -- C:\Users\Jenny\Desktop\ComboFix.exe
[2012/03/16 17:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/16 17:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/16 17:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/03/05 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Threat Expert
[2012/03/03 18:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2012/03/01 17:41:12 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\UNI
[2012/03/01 17:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/03/01 17:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012/02/29 16:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
[2012/02/29 16:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDjView
[2012/02/28 19:42:36 | 000,149,640 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/02/27 13:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus! for Skype
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/21 16:11:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/21 15:56:39 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2012/03/21 15:52:19 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 15:51:48 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 15:51:48 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 15:51:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 18:24:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/19 22:04:12 | 000,807,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/19 22:04:12 | 000,685,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/19 22:04:12 | 000,135,008 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/19 19:31:46 | 000,000,512 | ---- | M] () -- C:\Users\Jenny\Desktop\MBR.dat
[2012/03/18 22:30:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jenny\Desktop\aswMBR.exe
[2012/03/18 22:29:30 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jenny\Desktop\tdsskiller.exe
[2012/03/18 22:28:23 | 013,597,222 | ---- | M] () -- C:\Users\Jenny\Desktop\WESTPAC.pdf
[2012/03/18 21:39:43 | 004,438,697 | R--- | M] (Swearware) -- C:\Users\Jenny\Desktop\ComboFix.exe
[2012/03/18 21:31:50 | 000,000,000 | ---- | M] () -- C:\Users\Jenny\defogger_reenable
[2012/03/16 17:23:03 | 000,001,068 | ---- | M] () -- C:\Users\Jenny\Desktop\Spybot - Search & Destroy.lnk
[2012/03/13 18:57:55 | 000,001,356 | ---- | M] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2012/03/03 19:40:48 | 000,041,984 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/24 09:19:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/19 19:15:23 | 000,000,512 | ---- | C] () -- C:\Users\Jenny\Desktop\MBR.dat
[2012/03/18 22:28:23 | 013,597,222 | ---- | C] () -- C:\Users\Jenny\Desktop\WESTPAC.pdf
[2012/03/18 21:40:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/18 21:40:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/18 21:40:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/18 21:40:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/18 21:40:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/18 21:31:50 | 000,000,000 | ---- | C] () -- C:\Users\Jenny\defogger_reenable
[2012/03/16 17:23:03 | 000,001,068 | ---- | C] () -- C:\Users\Jenny\Desktop\Spybot - Search & Destroy.lnk
[2012/03/03 18:54:51 | 000,002,393 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/02/04 15:47:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/17 18:34:39 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2011/09/17 13:56:49 | 000,071,680 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\chrtmp
[2011/09/13 09:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/26 20:16:54 | 000,004,096 | -H-- | C] () -- C:\Users\Jenny\AppData\Local\keyfile3.drm
[2011/04/29 22:02:41 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjserv.dll
[2011/04/29 22:02:41 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjusb1.dll
[2011/04/29 22:02:41 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjhbn3.dll
[2011/04/29 22:02:41 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcomc.dll
[2011/04/29 22:02:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjpmui.dll
[2011/04/29 22:02:41 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjlmpm.dll
[2011/04/29 22:02:41 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcoms.exe
[2011/04/29 22:02:41 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcomm.dll
[2011/04/29 22:02:41 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjinpa.dll
[2011/04/29 22:02:41 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjiesc.dll
[2011/04/29 22:02:41 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjih.exe
[2011/04/29 22:02:41 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcjcomx.dll
[2011/04/29 22:02:41 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcfg.exe
[2011/04/29 22:02:41 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcjinst.dll
[2011/04/29 22:02:41 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjppls.exe
[2011/04/29 22:02:41 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjprox.dll
[2011/04/29 22:02:41 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjpplc.dll
[2011/04/25 17:58:45 | 000,000,552 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d8caps.dat
[2011/03/26 18:59:14 | 000,000,021 | ---- | C] () -- C:\Windows\Config.ini
[2010/10/27 16:41:47 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2010/10/18 11:00:52 | 000,001,356 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2010/10/11 23:28:51 | 000,001,090 | ---- | C] () -- C:\Windows\AZPR3.INI
[2010/10/11 22:50:07 | 000,000,287 | ---- | C] () -- C:\Windows\pwc63.INI
[2010/09/05 16:06:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/28 10:24:46 | 000,372,384 | ---- | C] () -- C:\Windows\SysWow64\atwtusb.exe
[2010/06/28 10:24:45 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\InstallService.exe
[2010/06/28 10:24:44 | 001,969,824 | ---- | C] () -- C:\Windows\SysWow64\WTMKM.exe
[2010/06/28 10:24:44 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\ATWTINK.DLL
[2010/06/28 10:24:44 | 000,102,048 | ---- | C] () -- C:\Windows\RmTablet.exe
[2010/06/28 10:24:42 | 000,010,251 | ---- | C] () -- C:\Windows\SysWow64\Vista.ini
[2010/06/28 10:24:42 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\XP_2000.ini
[2010/06/28 10:24:42 | 000,000,593 | ---- | C] () -- C:\Windows\SysWow64\MKProfile.ini
[2010/06/28 10:24:40 | 000,007,261 | ---- | C] () -- C:\Windows\aiptbl.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >


No problems during OTL scan.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 21 March 2012 - 02:21 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = <http://www.searchqu.com/web?src=ieb&q={searchTerms}>
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = <http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948>
    IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\URLSearchHook: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = <http://websearch.ask.com/redirect?client=ie&tb=BT5&o=15439&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=GJ&apn_dtid=&apn_uid=4B5E6B7F-D38B-4765-9737-77D6CB234A27&apn_sauid=86FBBFE1-E7F1-47BC-A98D-C23AE1D0C673>
    IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = <http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60452>
    IE - HKU\S-1-5-21-4166464485-1022577811-3062472859-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = <http://www.searchqu.com/web?src=ieb&q={searchTerms}>
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Messenger Plus Live Australia Toolbar) - {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
    [2011/09/17 18:34:39 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
    :Files
    C:\Users\Jenny\AppData\Roaming\Microsoft\B1C3
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DEANUH

DEANUH
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 21 March 2012 - 05:38 AM

========== OTL ==========
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ deleted successfully.
C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ea0969b3-6e12-4ac0-b6c9-148e81247954} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea0969b3-6e12-4ac0-b6c9-148e81247954}\ deleted successfully.
C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll not found.
Registry value HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ea0969b3-6e12-4ac0-b6c9-148e81247954} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea0969b3-6e12-4ac0-b6c9-148e81247954}\ not found.
File C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll not found.
Registry key HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_USERS\S-1-5-21-4166464485-1022577811-3062472859-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea0969b3-6e12-4ac0-b6c9-148e81247954}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea0969b3-6e12-4ac0-b6c9-148e81247954}\ not found.
File C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll not found.
C:\Program Files (x86)\_Z2 moved successfully.
========== FILES ==========
C:\Users\Jenny\AppData\Roaming\Microsoft\B1C3 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jenny\Desktop\cmd.bat deleted successfully.
C:\Users\Jenny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Jenny
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jenny
->Flash cache emptied: 49476 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03212012_203800


No reboot was needed.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 21 March 2012 - 03:01 PM

how are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 DEANUH

DEANUH
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 22 March 2012 - 02:19 AM

Error still exists unfortunately.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users