Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with FB


  • This topic is locked This topic is locked
27 replies to this topic

#1 Morje

Morje

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 22 June 2012 - 02:57 PM

I saw http://www.bleepingcomputer.com/forums/topic457373.html . He had the same problem as i have now. So I am asking you for help. I downloaded and used program OTL as he did, but now i dont know what to do next. This is my OTL.txt:



OTL logfile created on: 21.6.2012 10:25:51 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\uporabnik\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000424 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,79% Memory free
6,00 Gb Paging File | 4,56 Gb Available in Paging File | 75,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,51 Gb Total Space | 90,12 Gb Free Space | 36,86% Space Free | Partition Type: NTFS
Drive D: | 351,56 Gb Total Space | 345,20 Gb Free Space | 98,19% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 75,17 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 70,16 Mb Free Space | 70,17% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: uporabnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\uporabnik\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\utorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\SpeechGrid\SpeechGridService.exe (SpeechGrid)
PRC - C:\Program Files\SpeechGrid\SpeechGrid.exe (SpeechGrid)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe (GARMIN Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SpeechGridService) -- C:\Program Files\SpeechGrid\SpeechGridService.exe (SpeechGrid)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\UPORAB~1\AppData\Local\Temp\catchme.sys File not found
DRV - (ASPI32) -- File not found
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DSI_SiUSBXp_3_1) -- C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys (Silicon Laboratories)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=brn1&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7c4547bb000000000000e0cb4e5a68fa&tlver=1.4.19.19&affID=17159
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{5B32B225-4565-4200-A0AF-8863F38B96A5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^SI&apn_uid=98a2a89f-4297-4c6d-81e7-2623295525cb&apn_sauid=B4DD89B9-EDF6-4B9E-BC10-0CF7C9C41DFB
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_sl
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A81E8B08-9C2A-4B43-B648-9E4EFABB4CEC}&mid=b7b262dc97af47d08541318208be8109-ac8a6102c3993f907a5a4425232a5aff4a08754e&lang=en&ds=qw011&pr=sa&d=2012-05-19 11:24:53&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={09F97730-CA52-11E0-BBE5-E0CB4E5A68FA}
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.si/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: downloader@freeyoutubetomp3converter.org:1.0.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.746
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.7
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B4bf5a099-ecb0-4e48-9b1c-1f4c479e1834%7D&mid=b7b262dc97af47d08541318208be8109-ac8a6102c3993f907a5a4425232a5aff4a08754e&ds=qw011&v=11.1.0.7&lang=en&pr=sa&d=2012-05-19%2011%3A24%3A53&sap=ku&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com/?l=dis&o=1586&gct=hp"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=7c4547bb000000000000e0cb4e5a68fa&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@freeyoutubetomp3converter.org: C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox [2011.08.15 19:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.01.02 19:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.05.19 11:25:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.06.20 09:24:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.25 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.25 23:16:28 | 000,000,000 | ---D | M]

[2010.07.26 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Extensions
[2012.05.26 19:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions
[2011.03.29 22:14:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.15 01:07:42 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.08.19 12:57:44 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.05.26 19:15:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com
[2011.07.15 01:10:45 | 000,002,399 | ---- | M] () -- C:\Users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\searchplugins\askcom.xml
[2011.08.19 12:57:39 | 000,003,915 | ---- | M] () -- C:\Users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\searchplugins\sweetim.xml
[2012.05.25 23:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.10.15 18:15:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.15 19:59:34 | 000,000,000 | ---D | M] (FreeYouTubeToMP3TURBOConverter plugin for Mozilla Firefox) -- C:\PROGRAM FILES\FREEYOUTUBETOMP3TURBOCONVERTER\FIREFOX
[2012.05.19 11:25:06 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012.05.25 23:16:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.19 11:24:46 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.04.09 18:05:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.05.25 23:16:23 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
[2011.08.15 19:59:39 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.10.26 17:57:38 | 000,002,036 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb.xml
[2012.05.25 23:16:23 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml
[2012.05.25 23:16:23 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
[2012.05.25 23:16:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.05.25 23:16:23 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml

O1 HOSTS File: ([2012.06.21 09:41:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Javaô Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [gStart] C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [SpeechGrid] C:\Program Files\SpeechGrid\SpeechGrid.exe (SpeechGrid)
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\uporabnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\uporabnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 70.38.38.4 4.30.72.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B10552E-FDE7-4C22-92CA-37B6F0D4891B}: DhcpNameServer = 70.38.38.4 4.30.72.150
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.30 13:22:58 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.21 09:44:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.21 09:24:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.21 09:24:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.21 09:24:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.21 09:21:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.21 09:21:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.21 08:54:01 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 08:54:00 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 08:53:20 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 08:53:20 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 08:53:19 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 08:52:57 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 08:52:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.21 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Roaming\Malwarebytes
[2012.06.21 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.20 09:25:10 | 000,112,984 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.06.20 09:24:45 | 000,196,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.06.20 09:24:45 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.06.20 09:24:40 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.06.20 09:24:25 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.06.20 09:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.06.19 21:13:23 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Roaming\Notepad++
[2012.06.19 21:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012.06.14 00:49:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.14 00:49:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.14 00:49:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.14 00:49:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.14 00:49:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.14 00:49:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.14 00:49:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 23:59:02 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.13 23:59:01 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.13 23:59:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.13 23:59:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.05.28 19:00:01 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Local\SpeechGrid
[2012.05.28 18:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpeechGrid
[2012.05.28 18:59:43 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Roaming\OpenCandy
[2012.05.28 18:58:44 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.28 18:58:39 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.28 18:58:31 | 000,772,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2012.05.28 18:58:30 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100u.dll
[2012.05.28 18:58:30 | 000,419,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2012.05.28 18:58:30 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl100.dll
[2012.05.28 18:58:30 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcm100u.dll
[2012.05.25 23:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.25 23:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

========== Files - Modified Within 30 Days ==========

[2012.06.21 10:03:49 | 000,000,161 | ---- | M] () -- C:\Users\uporabnik\Desktop\router.bat
[2012.06.21 10:00:12 | 000,020,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 10:00:12 | 000,020,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 09:57:01 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.21 09:51:58 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.21 09:51:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.21 09:51:23 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 09:41:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.21 09:37:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.21 09:10:14 | 000,000,176 | ---- | M] () -- C:\Users\uporabnik\defogger_reenable
[2012.06.21 09:05:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.06.21 09:05:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.06.20 18:10:00 | 000,624,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.20 18:10:00 | 000,110,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.20 09:24:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.06.20 09:21:32 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.06.15 14:45:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.15 14:45:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.14 17:55:10 | 002,442,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.05.28 18:58:44 | 000,001,360 | ---- | M] () -- C:\Users\uporabnik\Desktop\Free YouTube to MP3 Converter.lnk
[2012.05.25 23:16:30 | 000,001,994 | ---- | M] () -- C:\Users\uporabnik\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012.06.21 10:03:49 | 000,000,161 | ---- | C] () -- C:\Users\uporabnik\Desktop\router.bat
[2012.06.21 09:24:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.21 09:24:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.21 09:24:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.21 09:24:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.21 09:24:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.21 09:09:52 | 000,000,176 | ---- | C] () -- C:\Users\uporabnik\defogger_reenable
[2012.06.21 09:05:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.06.21 09:05:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.06.20 09:21:32 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.06.09 21:43:04 | 000,076,901 | ---- | C] () -- C:\Users\uporabnik\Desktop\Justin.Bieber.Never.Say.Never.2011.BRRip.x264.RmD.srt
[2012.05.28 18:59:56 | 000,001,023 | ---- | C] () -- C:\Users\uporabnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeechGrid.lnk
[2012.05.25 23:16:31 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.08.28 20:07:38 | 000,000,097 | ---- | C] () -- C:\Users\uporabnik\AppData\Local\fusioncache.dat
[2011.05.03 18:54:47 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.11.12 21:23:20 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.12 21:23:13 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.12 21:23:06 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.10.31 11:34:22 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.09.27 15:41:43 | 000,004,096 | -H-- | C] () -- C:\Users\uporabnik\AppData\Local\keyfile3.drm
[2010.08.20 16:32:49 | 000,007,168 | ---- | C] () -- C:\Users\uporabnik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.25 15:23:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cdTextCtl.dll
[2010.07.24 21:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.23 18:48:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:88050731
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB

< End of report >

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 23 June 2012 - 07:20 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Morje

Morje
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 23 June 2012 - 03:48 PM

Thank you for quick response an thank you for your time.

1. I didnt have any problem with computer.
2. With my computer is like it was.
3. Security check:

Results of screen317's Security Check version 0.99.42
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.2)
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 afwServ.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


4.Combofix:

ComboFix 12-06-23.05 - uporabnik 23.06.2012 22:11:45.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.386.1060.18.3071.2110 [GMT 2:00]
Running from: c:\users\uporabnik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\864NSV9L\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-06-23 20:26 . 2012-06-23 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 19:57 . 2012-06-23 19:57 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7C0F408-85EF-463D-BC55-89372A1D8DB0}\offreg.dll
2012-06-22 07:20 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7C0F408-85EF-463D-BC55-89372A1D8DB0}\mpengine.dll
2012-06-21 09:51 . 2012-06-21 09:52 -------- d-----w- C:\uninstall
2012-06-21 06:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 06:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:53 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 06:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 06:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 06:52 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:52 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 22:03 . 2012-06-20 22:03 -------- d-----w- c:\users\uporabnik\AppData\Roaming\Malwarebytes
2012-06-20 22:02 . 2012-06-20 22:02 -------- d-----w- c:\programdata\Malwarebytes
2012-06-20 07:25 . 2012-03-06 23:04 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-06-20 07:24 . 2012-03-06 23:03 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-06-20 07:24 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-20 07:24 . 2012-03-06 23:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-06-20 07:24 . 2012-03-06 22:44 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-06-19 19:13 . 2012-06-21 07:05 -------- d-----w- c:\users\uporabnik\AppData\Roaming\Notepad++
2012-06-19 19:13 . 2012-06-21 07:05 -------- d-----w- c:\program files\Notepad++
2012-06-13 21:59 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:59 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:59 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:59 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:59 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:59 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:58 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:58 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:58 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:58 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-05-28 17:00 . 2012-06-23 07:59 -------- d-----w- c:\users\uporabnik\AppData\Local\SpeechGrid
2012-05-28 16:59 . 2012-05-28 16:59 -------- d-----w- c:\program files\SpeechGrid
2012-05-28 16:59 . 2012-05-28 16:59 -------- d-----w- c:\users\uporabnik\AppData\Roaming\OpenCandy
2012-05-28 16:58 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll
2012-05-28 16:58 . 2012-04-18 11:49 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-05-28 16:58 . 2012-03-06 13:43 772248 ----a-w- c:\windows\system32\msvcr100.dll
2012-05-28 16:58 . 2012-03-06 13:43 80024 ----a-w- c:\windows\system32\mfcm100u.dll
2012-05-28 16:58 . 2012-03-06 13:43 4421272 ----a-w- c:\windows\system32\mfc100u.dll
2012-05-28 16:58 . 2012-03-06 13:43 419480 ----a-w- c:\windows\system32\msvcp100.dll
2012-05-28 16:58 . 2012-03-06 13:43 136344 ----a-w- c:\windows\system32\atl100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 10:37 . 2012-04-08 08:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 10:37 . 2011-06-08 06:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 04:46 . 2012-05-09 13:09 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-09 13:09 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-30 10:29 . 2012-05-09 13:09 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-25 21:16 . 2012-05-25 21:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBrot.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-19 09:24 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\Brothersoft\tbBrot.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 13:58 1499440 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBrot.dll" [2010-06-13 2734688]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-05-19 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBrot.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-22 892304]
"ANT Agent"="c:\program files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe" [2011-04-14 12036968]
"gStart"="c:\program files\Garmin\gStart.exe" [2008-08-13 1891416]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-22 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"SpeechGrid"="c:\program files\SpeechGrid\SpeechGrid.exe" [2011-09-22 275312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-19 1104440]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Storitev Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-22 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-22 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-25 129976]
R3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-25 691696]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2012-03-06 134920]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 SpeechGridService;SpeechGridService;c:\program files\SpeechGrid\SpeechGridService.exe [2011-09-22 47984]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-05-19 935480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 10:37]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-22 07:38]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-22 07:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.si/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\uporabnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\uporabnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 70.38.38.4 4.30.72.150
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4bf5a099-ecb0-4e48-9b1c-1f4c479e1834%7D&mid=b7b262dc97af47d08541318208be8109-ac8a6102c3993f907a5a4425232a5aff4a08754e&ds=qw011&v=11.1.0.7&lang=en&pr=sa&d=2012-05-19%2011%3A24%3A53&sap=ku&q=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-23 22:36:55
ComboFix-quarantined-files.txt 2012-06-23 20:36
ComboFix2.txt 2012-06-21 07:44
.
Pre-Run: 103.021.862.912 bytes free
Post-Run: 103.234.830.336 bytes free
.
- - End Of File - - B7FB444974C294C91D150442584AD4A7

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 23 June 2012 - 04:03 PM

Greetings

2. With my computer is like it was.


like it was before the virus (still with problem)

like it was before you ran our tools (problem is fixed)

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Morje

Morje
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 23 June 2012 - 04:38 PM

From previous post: it is like it was before I used programs.
When i saved programs it was TDSSKiller_exe and aswMBR_exe. So i just changed _ to .

1. TDSSKiller:

23:27:19.0920 6296 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
23:27:20.0513 6296 ============================================================
23:27:20.0513 6296 Current date / time: 2012/06/23 23:27:20.0513
23:27:20.0513 6296 SystemInfo:
23:27:20.0513 6296
23:27:20.0514 6296 OS Version: 6.1.7600 ServicePack: 0.0
23:27:20.0514 6296 Product type: Workstation
23:27:20.0514 6296 ComputerName: HOMEPC
23:27:20.0518 6296 UserName: uporabnik
23:27:20.0518 6296 Windows directory: C:\Windows
23:27:20.0518 6296 System windows directory: C:\Windows
23:27:20.0518 6296 Processor architecture: Intel x86
23:27:20.0518 6296 Number of processors: 2
23:27:20.0518 6296 Page size: 0x1000
23:27:20.0518 6296 Boot type: Normal boot
23:27:20.0518 6296 ============================================================
23:27:21.0944 6296 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x47B84, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
23:27:21.0961 6296 Drive \Device\Harddisk1\DR6 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:27:21.0993 6296 ============================================================
23:27:21.0993 6296 \Device\Harddisk0\DR0:
23:27:21.0993 6296 MBR partitions:
23:27:21.0993 6296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:27:21.0993 6296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E905800
23:27:21.0993 6296 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E938000, BlocksNum 0x2BF1F800
23:27:21.0993 6296 \Device\Harddisk1\DR6:
23:27:21.0993 6296 MBR partitions:
23:27:21.0993 6296 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:27:21.0993 6296 ============================================================
23:27:22.0013 6296 C: <-> \Device\Harddisk0\DR0\Partition1
23:27:22.0048 6296 D: <-> \Device\Harddisk0\DR0\Partition2
23:27:22.0068 6296 F: <-> \Device\Harddisk1\DR6\Partition0
23:27:22.0099 6296 J: <-> \Device\Harddisk0\DR0\Partition0
23:27:22.0099 6296 ============================================================
23:27:22.0099 6296 Initialize success
23:27:22.0099 6296 ============================================================
23:27:24.0491 5744 ============================================================
23:27:24.0491 5744 Scan started
23:27:24.0491 5744 Mode: Manual;
23:27:24.0491 5744 ============================================================
23:27:25.0938 5744 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:27:25.0940 5744 1394ohci - ok
23:27:25.0966 5744 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:27:25.0970 5744 ACPI - ok
23:27:25.0989 5744 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:27:25.0990 5744 AcpiPmi - ok
23:27:26.0050 5744 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
23:27:26.0051 5744 adfs - ok
23:27:26.0158 5744 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
23:27:26.0162 5744 Adobe Version Cue CS4 - ok
23:27:26.0252 5744 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:27:26.0253 5744 AdobeARMservice - ok
23:27:26.0355 5744 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:27:26.0359 5744 AdobeFlashPlayerUpdateSvc - ok
23:27:26.0399 5744 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:27:26.0405 5744 adp94xx - ok
23:27:26.0423 5744 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:27:26.0427 5744 adpahci - ok
23:27:26.0458 5744 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:27:26.0461 5744 adpu320 - ok
23:27:26.0493 5744 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:27:26.0494 5744 AeLookupSvc - ok
23:27:26.0552 5744 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
23:27:26.0556 5744 AFD - ok
23:27:26.0571 5744 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:27:26.0572 5744 agp440 - ok
23:27:26.0586 5744 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:27:26.0588 5744 aic78xx - ok
23:27:26.0610 5744 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:27:26.0612 5744 ALG - ok
23:27:26.0627 5744 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:27:26.0629 5744 aliide - ok
23:27:26.0668 5744 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
23:27:26.0670 5744 AMD External Events Utility - ok
23:27:26.0682 5744 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:27:26.0684 5744 amdagp - ok
23:27:26.0704 5744 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:27:26.0705 5744 amdide - ok
23:27:26.0723 5744 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:27:26.0724 5744 AmdK8 - ok
23:27:26.0739 5744 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:27:26.0740 5744 AmdPPM - ok
23:27:26.0773 5744 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
23:27:26.0774 5744 amdsata - ok
23:27:26.0798 5744 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:27:26.0801 5744 amdsbs - ok
23:27:26.0811 5744 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
23:27:26.0812 5744 amdxata - ok
23:27:26.0827 5744 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:27:26.0828 5744 AppID - ok
23:27:26.0833 5744 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:27:26.0835 5744 AppIDSvc - ok
23:27:26.0857 5744 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
23:27:26.0859 5744 Appinfo - ok
23:27:26.0915 5744 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:27:26.0916 5744 Apple Mobile Device - ok
23:27:26.0949 5744 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
23:27:26.0952 5744 AppMgmt - ok
23:27:26.0968 5744 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:27:26.0970 5744 arc - ok
23:27:26.0991 5744 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:27:26.0993 5744 arcsas - ok
23:27:27.0006 5744 ASPI32 - ok
23:27:27.0062 5744 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:27:27.0064 5744 aspnet_state - ok
23:27:27.0074 5744 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
23:27:27.0074 5744 aswFsBlk - ok
23:27:27.0133 5744 aswFW (80beddcbb4a1417cec0c78a61cac0f66) C:\Windows\system32\drivers\aswFW.sys
23:27:27.0135 5744 aswFW - ok
23:27:27.0184 5744 aswKbd (81e695913fefd4e23360a69c0f151797) C:\Windows\system32\drivers\aswKbd.sys
23:27:27.0185 5744 aswKbd - ok
23:27:27.0217 5744 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
23:27:27.0219 5744 aswMonFlt - ok
23:27:27.0251 5744 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
23:27:27.0252 5744 aswNdis - ok
23:27:27.0284 5744 aswNdis2 (72c8f79d72b4ff6e1627276ddf4b01c9) C:\Windows\system32\drivers\aswNdis2.sys
23:27:27.0287 5744 aswNdis2 - ok
23:27:27.0319 5744 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
23:27:27.0320 5744 aswRdr - ok
23:27:27.0375 5744 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
23:27:27.0381 5744 aswSnx - ok
23:27:27.0424 5744 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
23:27:27.0428 5744 aswSP - ok
23:27:27.0437 5744 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
23:27:27.0438 5744 aswTdi - ok
23:27:27.0456 5744 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:27:27.0457 5744 AsyncMac - ok
23:27:27.0474 5744 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:27:27.0474 5744 atapi - ok
23:27:27.0717 5744 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
23:27:27.0801 5744 atikmdag - ok
23:27:27.0900 5744 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
23:27:27.0907 5744 AudioEndpointBuilder - ok
23:27:27.0918 5744 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
23:27:27.0921 5744 Audiosrv - ok
23:27:27.0977 5744 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
23:27:27.0979 5744 Autodesk Licensing Service - ok
23:27:28.0024 5744 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:27:28.0025 5744 avast! Antivirus - ok
23:27:28.0061 5744 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\Alwil Software\Avast5\afwServ.exe
23:27:28.0063 5744 avast! Firewall - ok
23:27:28.0081 5744 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
23:27:28.0083 5744 AxInstSV - ok
23:27:28.0133 5744 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:27:28.0142 5744 b06bdrv - ok
23:27:28.0168 5744 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:27:28.0171 5744 b57nd60x - ok
23:27:28.0189 5744 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:27:28.0191 5744 BDESVC - ok
23:27:28.0207 5744 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:27:28.0209 5744 Beep - ok
23:27:28.0262 5744 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
23:27:28.0279 5744 BFE - ok
23:27:28.0340 5744 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
23:27:28.0377 5744 BITS - ok
23:27:28.0390 5744 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:27:28.0391 5744 blbdrive - ok
23:27:28.0467 5744 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:27:28.0470 5744 Bonjour Service - ok
23:27:28.0510 5744 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
23:27:28.0512 5744 bowser - ok
23:27:28.0526 5744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:27:28.0527 5744 BrFiltLo - ok
23:27:28.0539 5744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:27:28.0540 5744 BrFiltUp - ok
23:27:28.0598 5744 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
23:27:28.0600 5744 BridgeMP - ok
23:27:28.0612 5744 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
23:27:28.0614 5744 Browser - ok
23:27:28.0644 5744 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:27:28.0648 5744 Brserid - ok
23:27:28.0670 5744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:27:28.0672 5744 BrSerWdm - ok
23:27:28.0680 5744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:27:28.0681 5744 BrUsbMdm - ok
23:27:28.0685 5744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:27:28.0686 5744 BrUsbSer - ok
23:27:28.0719 5744 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
23:27:28.0720 5744 BthAvrcp - ok
23:27:28.0756 5744 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
23:27:28.0757 5744 BthEnum - ok
23:27:28.0766 5744 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:27:28.0768 5744 BTHMODEM - ok
23:27:28.0802 5744 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
23:27:28.0804 5744 BthPan - ok
23:27:28.0847 5744 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
23:27:28.0851 5744 BTHPORT - ok
23:27:28.0866 5744 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:27:28.0869 5744 bthserv - ok
23:27:28.0891 5744 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
23:27:28.0893 5744 BTHUSB - ok
23:27:28.0988 5744 catchme - ok
23:27:29.0011 5744 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:27:29.0012 5744 cdfs - ok
23:27:29.0036 5744 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:27:29.0038 5744 cdrom - ok
23:27:29.0057 5744 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
23:27:29.0059 5744 CertPropSvc - ok
23:27:29.0079 5744 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:27:29.0080 5744 circlass - ok
23:27:29.0108 5744 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:27:29.0112 5744 CLFS - ok
23:27:29.0166 5744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:27:29.0169 5744 clr_optimization_v2.0.50727_32 - ok
23:27:29.0219 5744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:27:29.0221 5744 clr_optimization_v4.0.30319_32 - ok
23:27:29.0232 5744 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:27:29.0233 5744 CmBatt - ok
23:27:29.0260 5744 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:27:29.0261 5744 cmdide - ok
23:27:29.0308 5744 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
23:27:29.0313 5744 CNG - ok
23:27:29.0333 5744 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:27:29.0334 5744 Compbatt - ok
23:27:29.0359 5744 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:27:29.0361 5744 CompositeBus - ok
23:27:29.0369 5744 COMSysApp - ok
23:27:29.0376 5744 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:27:29.0377 5744 crcdisk - ok
23:27:29.0422 5744 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
23:27:29.0425 5744 CryptSvc - ok
23:27:29.0463 5744 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:27:29.0467 5744 CSC - ok
23:27:29.0508 5744 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
23:27:29.0515 5744 CscService - ok
23:27:29.0556 5744 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
23:27:29.0564 5744 DcomLaunch - ok
23:27:29.0592 5744 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:27:29.0596 5744 defragsvc - ok
23:27:29.0640 5744 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
23:27:29.0642 5744 DfsC - ok
23:27:29.0673 5744 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
23:27:29.0677 5744 Dhcp - ok
23:27:29.0698 5744 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:27:29.0699 5744 discache - ok
23:27:29.0732 5744 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:27:29.0734 5744 Disk - ok
23:27:29.0773 5744 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
23:27:29.0777 5744 Dnscache - ok
23:27:29.0798 5744 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
23:27:29.0803 5744 dot3svc - ok
23:27:29.0821 5744 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
23:27:29.0825 5744 DPS - ok
23:27:29.0845 5744 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:27:29.0846 5744 drmkaud - ok
23:27:29.0892 5744 DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
23:27:29.0893 5744 DSI_SiUSBXp_3_1 - ok
23:27:29.0942 5744 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
23:27:29.0954 5744 DXGKrnl - ok
23:27:29.0981 5744 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:27:29.0984 5744 EapHost - ok
23:27:30.0105 5744 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:27:30.0157 5744 ebdrv - ok
23:27:30.0237 5744 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
23:27:30.0239 5744 EFS - ok
23:27:30.0304 5744 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
23:27:30.0319 5744 ehRecvr - ok
23:27:30.0370 5744 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:27:30.0372 5744 ehSched - ok
23:27:30.0404 5744 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:27:30.0412 5744 elxstor - ok
23:27:30.0438 5744 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:27:30.0439 5744 ErrDev - ok
23:27:30.0467 5744 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:27:30.0472 5744 EventSystem - ok
23:27:30.0518 5744 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:27:30.0520 5744 exfat - ok
23:27:30.0541 5744 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:27:30.0544 5744 fastfat - ok
23:27:30.0575 5744 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
23:27:30.0600 5744 Fax - ok
23:27:30.0622 5744 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:27:30.0623 5744 fdc - ok
23:27:30.0642 5744 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:27:30.0644 5744 fdPHost - ok
23:27:30.0660 5744 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:27:30.0663 5744 FDResPub - ok
23:27:30.0671 5744 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:27:30.0673 5744 FileInfo - ok
23:27:30.0686 5744 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:27:30.0687 5744 Filetrace - ok
23:27:30.0776 5744 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:27:30.0790 5744 FLEXnet Licensing Service - ok
23:27:30.0794 5744 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:27:30.0796 5744 flpydisk - ok
23:27:30.0823 5744 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:27:30.0826 5744 FltMgr - ok
23:27:30.0895 5744 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
23:27:30.0916 5744 FontCache - ok
23:27:30.0962 5744 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:27:30.0963 5744 FontCache3.0.0.0 - ok
23:27:30.0986 5744 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:27:30.0988 5744 FsDepends - ok
23:27:31.0007 5744 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
23:27:31.0008 5744 Fs_Rec - ok
23:27:31.0038 5744 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
23:27:31.0042 5744 fvevol - ok
23:27:31.0060 5744 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:27:31.0061 5744 gagp30kx - ok
23:27:31.0111 5744 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:27:31.0113 5744 GEARAspiWDM - ok
23:27:31.0149 5744 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
23:27:31.0164 5744 gpsvc - ok
23:27:31.0288 5744 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:27:31.0290 5744 gupdate - ok
23:27:31.0317 5744 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:27:31.0319 5744 gupdatem - ok
23:27:31.0348 5744 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:27:31.0350 5744 gusvc - ok
23:27:31.0355 5744 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:27:31.0356 5744 hcw85cir - ok
23:27:31.0395 5744 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:27:31.0399 5744 HdAudAddService - ok
23:27:31.0429 5744 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:27:31.0431 5744 HDAudBus - ok
23:27:31.0435 5744 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:27:31.0436 5744 HidBatt - ok
23:27:31.0455 5744 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:27:31.0457 5744 HidBth - ok
23:27:31.0468 5744 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:27:31.0469 5744 HidIr - ok
23:27:31.0491 5744 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
23:27:31.0494 5744 hidserv - ok
23:27:31.0530 5744 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:27:31.0532 5744 HidUsb - ok
23:27:31.0563 5744 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
23:27:31.0567 5744 hkmsvc - ok
23:27:31.0590 5744 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
23:27:31.0595 5744 HomeGroupListener - ok
23:27:31.0628 5744 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
23:27:31.0633 5744 HomeGroupProvider - ok
23:27:31.0653 5744 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:27:31.0655 5744 HpSAMD - ok
23:27:31.0690 5744 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:27:31.0706 5744 HTTP - ok
23:27:31.0718 5744 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:27:31.0719 5744 hwpolicy - ok
23:27:31.0744 5744 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:27:31.0745 5744 i8042prt - ok
23:27:31.0786 5744 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
23:27:31.0790 5744 iaStorV - ok
23:27:31.0871 5744 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:27:31.0872 5744 IDriverT - ok
23:27:31.0932 5744 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:27:31.0950 5744 idsvc - ok
23:27:32.0023 5744 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:27:32.0024 5744 iirsp - ok
23:27:32.0094 5744 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
23:27:32.0095 5744 IJPLMSVC - ok
23:27:32.0136 5744 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
23:27:32.0149 5744 IKEEXT - ok
23:27:32.0162 5744 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:27:32.0164 5744 intelide - ok
23:27:32.0178 5744 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:27:32.0180 5744 intelppm - ok
23:27:32.0198 5744 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:27:32.0201 5744 IPBusEnum - ok
23:27:32.0218 5744 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:27:32.0220 5744 IpFilterDriver - ok
23:27:32.0263 5744 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
23:27:32.0270 5744 iphlpsvc - ok
23:27:32.0328 5744 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:27:32.0330 5744 IPMIDRV - ok
23:27:32.0343 5744 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:27:32.0346 5744 IPNAT - ok
23:27:32.0426 5744 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
23:27:32.0432 5744 iPod Service - ok
23:27:32.0462 5744 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:27:32.0463 5744 IRENUM - ok
23:27:32.0474 5744 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:27:32.0476 5744 isapnp - ok
23:27:32.0492 5744 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:27:32.0495 5744 iScsiPrt - ok
23:27:32.0500 5744 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:27:32.0501 5744 kbdclass - ok
23:27:32.0506 5744 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:27:32.0507 5744 kbdhid - ok
23:27:32.0537 5744 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:27:32.0541 5744 KeyIso - ok
23:27:32.0560 5744 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
23:27:32.0562 5744 KSecDD - ok
23:27:32.0579 5744 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
23:27:32.0581 5744 KSecPkg - ok
23:27:32.0614 5744 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:27:32.0620 5744 KtmRm - ok
23:27:32.0836 5744 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
23:27:32.0842 5744 LanmanServer - ok
23:27:32.0854 5744 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
23:27:32.0859 5744 LanmanWorkstation - ok
23:27:32.0891 5744 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:27:32.0893 5744 lltdio - ok
23:27:32.0914 5744 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:27:32.0919 5744 lltdsvc - ok
23:27:32.0935 5744 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:27:32.0938 5744 lmhosts - ok
23:27:32.0962 5744 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:27:32.0963 5744 LSI_FC - ok
23:27:32.0974 5744 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:27:32.0976 5744 LSI_SAS - ok
23:27:32.0985 5744 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:27:32.0987 5744 LSI_SAS2 - ok
23:27:33.0002 5744 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:27:33.0004 5744 LSI_SCSI - ok
23:27:33.0018 5744 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:27:33.0021 5744 luafv - ok
23:27:33.0052 5744 LVUSBSta (c7fcb579956b7fde002e6e9de36728d3) C:\Windows\system32\DRIVERS\LVUSBSta.sys
23:27:33.0054 5744 LVUSBSta - ok
23:27:33.0076 5744 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
23:27:33.0080 5744 Mcx2Svc - ok
23:27:33.0160 5744 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:27:33.0163 5744 MDM - ok
23:27:33.0168 5744 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:27:33.0170 5744 megasas - ok
23:27:33.0182 5744 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:27:33.0185 5744 MegaSR - ok
23:27:33.0217 5744 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:27:33.0219 5744 Microsoft Office Groove Audit Service - ok
23:27:33.0238 5744 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:27:33.0242 5744 MMCSS - ok
23:27:33.0247 5744 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:27:33.0249 5744 Modem - ok
23:27:33.0261 5744 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:27:33.0263 5744 monitor - ok
23:27:33.0284 5744 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:27:33.0285 5744 mouclass - ok
23:27:33.0303 5744 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:27:33.0304 5744 mouhid - ok
23:27:33.0322 5744 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:27:33.0324 5744 mountmgr - ok
23:27:33.0391 5744 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:27:33.0393 5744 MozillaMaintenance - ok
23:27:33.0402 5744 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:27:33.0404 5744 mpio - ok
23:27:33.0417 5744 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:27:33.0419 5744 mpsdrv - ok
23:27:33.0455 5744 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
23:27:33.0471 5744 MpsSvc - ok
23:27:33.0495 5744 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:27:33.0497 5744 MRxDAV - ok
23:27:33.0528 5744 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:27:33.0530 5744 mrxsmb - ok
23:27:33.0567 5744 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:27:33.0570 5744 mrxsmb10 - ok
23:27:33.0590 5744 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:27:33.0592 5744 mrxsmb20 - ok
23:27:33.0596 5744 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:27:33.0597 5744 msahci - ok
23:27:33.0606 5744 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:27:33.0609 5744 msdsm - ok
23:27:33.0633 5744 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:27:33.0637 5744 MSDTC - ok
23:27:33.0652 5744 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:27:33.0653 5744 Msfs - ok
23:27:33.0659 5744 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:27:33.0660 5744 mshidkmdf - ok
23:27:33.0677 5744 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:27:33.0678 5744 msisadrv - ok
23:27:33.0706 5744 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:27:33.0710 5744 MSiSCSI - ok
23:27:33.0714 5744 msiserver - ok
23:27:33.0739 5744 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:27:33.0741 5744 MSKSSRV - ok
23:27:33.0756 5744 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:27:33.0758 5744 MSPCLOCK - ok
23:27:33.0770 5744 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:27:33.0771 5744 MSPQM - ok
23:27:33.0795 5744 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:27:33.0797 5744 MsRPC - ok
23:27:33.0805 5744 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:27:33.0807 5744 mssmbios - ok
23:27:33.0814 5744 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:27:33.0815 5744 MSTEE - ok
23:27:33.0820 5744 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:27:33.0821 5744 MTConfig - ok
23:27:33.0851 5744 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
23:27:33.0852 5744 MTsensor - ok
23:27:33.0861 5744 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:27:33.0862 5744 Mup - ok
23:27:33.0884 5744 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
23:27:33.0892 5744 napagent - ok
23:27:33.0919 5744 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:27:33.0922 5744 NativeWifiP - ok
23:27:33.0961 5744 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:27:33.0967 5744 NDIS - ok
23:27:33.0972 5744 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:27:33.0974 5744 NdisCap - ok
23:27:33.0997 5744 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:27:33.0999 5744 NdisTapi - ok
23:27:34.0019 5744 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:27:34.0020 5744 Ndisuio - ok
23:27:34.0038 5744 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:27:34.0041 5744 NdisWan - ok
23:27:34.0055 5744 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:27:34.0057 5744 NDProxy - ok
23:27:34.0070 5744 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:27:34.0071 5744 NetBIOS - ok
23:27:34.0095 5744 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:27:34.0098 5744 NetBT - ok
23:27:34.0126 5744 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:27:34.0129 5744 Netlogon - ok
23:27:34.0156 5744 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:27:34.0163 5744 Netman - ok
23:27:34.0196 5744 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:27:34.0204 5744 netprofm - ok
23:27:34.0261 5744 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:27:34.0263 5744 NetTcpPortSharing - ok
23:27:34.0277 5744 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:27:34.0278 5744 nfrd960 - ok
23:27:34.0505 5744 NIHardwareService (f035afd5c9f4ec4a7f9b503d3b5c609e) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
23:27:34.0528 5744 NIHardwareService - ok
23:27:34.0612 5744 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
23:27:34.0617 5744 NlaSvc - ok
23:27:34.0648 5744 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:27:34.0650 5744 Npfs - ok
23:27:34.0674 5744 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:27:34.0678 5744 nsi - ok
23:27:34.0688 5744 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:27:34.0689 5744 nsiproxy - ok
23:27:34.0770 5744 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
23:27:34.0847 5744 Ntfs - ok
23:27:34.0857 5744 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:27:34.0859 5744 Null - ok
23:27:34.0892 5744 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
23:27:34.0894 5744 nvraid - ok
23:27:34.0930 5744 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
23:27:34.0933 5744 nvstor - ok
23:27:34.0952 5744 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:27:34.0954 5744 nv_agp - ok
23:27:35.0024 5744 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:27:35.0029 5744 odserv - ok
23:27:35.0052 5744 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:27:35.0053 5744 ohci1394 - ok
23:27:35.0094 5744 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:27:35.0096 5744 ose - ok
23:27:35.0113 5744 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:27:35.0119 5744 p2pimsvc - ok
23:27:35.0145 5744 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:27:35.0152 5744 p2psvc - ok
23:27:35.0163 5744 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:27:35.0165 5744 Parport - ok
23:27:35.0196 5744 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
23:27:35.0197 5744 partmgr - ok
23:27:35.0214 5744 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:27:35.0216 5744 Parvdm - ok
23:27:35.0235 5744 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:27:35.0240 5744 PcaSvc - ok
23:27:35.0290 5744 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
23:27:35.0291 5744 pccsmcfd - ok
23:27:35.0316 5744 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:27:35.0319 5744 pci - ok
23:27:35.0330 5744 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:27:35.0331 5744 pciide - ok
23:27:35.0349 5744 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:27:35.0351 5744 pcmcia - ok
23:27:35.0366 5744 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:27:35.0368 5744 pcw - ok
23:27:35.0401 5744 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:27:35.0414 5744 PEAUTH - ok
23:27:35.0468 5744 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
23:27:35.0496 5744 PeerDistSvc - ok
23:27:35.0564 5744 PID_0928 (03e86718bb5aa2716c7349a854ff6203) C:\Windows\system32\DRIVERS\LV561AV.SYS
23:27:35.0567 5744 PID_0928 - ok
23:27:35.0654 5744 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
23:27:35.0679 5744 pla - ok
23:27:35.0784 5744 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
23:27:35.0792 5744 PlugPlay - ok
23:27:35.0823 5744 PnkBstrA (19e83b09ab8ee1d837665da941e2ac44) C:\Windows\system32\PnkBstrA.exe
23:27:35.0827 5744 PnkBstrA - ok
23:27:35.0835 5744 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:27:35.0840 5744 PNRPAutoReg - ok
23:27:35.0857 5744 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:27:35.0862 5744 PNRPsvc - ok
23:27:35.0898 5744 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
23:27:35.0903 5744 PolicyAgent - ok
23:27:35.0926 5744 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
23:27:35.0931 5744 Power - ok
23:27:35.0957 5744 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:27:35.0959 5744 PptpMiniport - ok
23:27:35.0975 5744 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:27:35.0976 5744 Processor - ok
23:27:36.0022 5744 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
23:27:36.0027 5744 ProfSvc - ok
23:27:36.0059 5744 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:27:36.0063 5744 ProtectedStorage - ok
23:27:36.0071 5744 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:27:36.0073 5744 Psched - ok
23:27:36.0107 5744 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
23:27:36.0109 5744 PxHelp20 - ok
23:27:36.0175 5744 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:27:36.0194 5744 ql2300 - ok
23:27:36.0264 5744 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:27:36.0266 5744 ql40xx - ok
23:27:36.0285 5744 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:27:36.0291 5744 QWAVE - ok
23:27:36.0310 5744 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:27:36.0312 5744 QWAVEdrv - ok
23:27:36.0315 5744 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:27:36.0317 5744 RasAcd - ok
23:27:36.0332 5744 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:27:36.0333 5744 RasAgileVpn - ok
23:27:36.0345 5744 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:27:36.0350 5744 RasAuto - ok
23:27:36.0360 5744 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:27:36.0362 5744 Rasl2tp - ok
23:27:36.0394 5744 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
23:27:36.0401 5744 RasMan - ok
23:27:36.0416 5744 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:27:36.0418 5744 RasPppoe - ok
23:27:36.0431 5744 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:27:36.0433 5744 RasSstp - ok
23:27:36.0453 5744 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:27:36.0457 5744 rdbss - ok
23:27:36.0521 5744 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:27:36.0522 5744 rdpbus - ok
23:27:36.0527 5744 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:27:36.0529 5744 RDPCDD - ok
23:27:36.0560 5744 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:27:36.0562 5744 RDPDR - ok
23:27:36.0576 5744 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:27:36.0577 5744 RDPENCDD - ok
23:27:36.0591 5744 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:27:36.0592 5744 RDPREFMP - ok
23:27:36.0619 5744 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
23:27:36.0623 5744 RDPWD - ok
23:27:36.0644 5744 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:27:36.0647 5744 rdyboost - ok
23:27:36.0670 5744 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:27:36.0674 5744 RemoteAccess - ok
23:27:36.0687 5744 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:27:36.0692 5744 RemoteRegistry - ok
23:27:36.0738 5744 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
23:27:36.0740 5744 RFCOMM - ok
23:27:36.0760 5744 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:27:36.0765 5744 RpcEptMapper - ok
23:27:36.0778 5744 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:27:36.0782 5744 RpcLocator - ok
23:27:36.0813 5744 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\System32\rpcss.dll
23:27:36.0819 5744 RpcSs - ok
23:27:36.0832 5744 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:27:36.0834 5744 rspndr - ok
23:27:36.0865 5744 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:27:36.0867 5744 RTL8167 - ok
23:27:36.0883 5744 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:27:36.0884 5744 s3cap - ok
23:27:36.0888 5744 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:27:36.0892 5744 SamSs - ok
23:27:36.0908 5744 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:27:36.0910 5744 sbp2port - ok
23:27:36.0932 5744 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:27:36.0938 5744 SCardSvr - ok
23:27:36.0956 5744 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:27:36.0958 5744 scfilter - ok
23:27:37.0011 5744 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
23:27:37.0034 5744 Schedule - ok
23:27:37.0057 5744 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
23:27:37.0059 5744 SCPolicySvc - ok
23:27:37.0068 5744 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
23:27:37.0074 5744 SDRSVC - ok
23:27:37.0083 5744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:27:37.0084 5744 secdrv - ok
23:27:37.0096 5744 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:27:37.0100 5744 seclogon - ok
23:27:37.0106 5744 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
23:27:37.0111 5744 SENS - ok
23:27:37.0144 5744 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:27:37.0149 5744 SensrSvc - ok
23:27:37.0157 5744 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:27:37.0158 5744 Serenum - ok
23:27:37.0176 5744 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:27:37.0178 5744 Serial - ok
23:27:37.0192 5744 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:27:37.0193 5744 sermouse - ok
23:27:37.0276 5744 ServiceLayer (e802089fec30a95fdfd218995308f9b3) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:27:37.0281 5744 ServiceLayer - ok
23:27:37.0306 5744 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
23:27:37.0312 5744 SessionEnv - ok
23:27:37.0326 5744 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:27:37.0327 5744 sffdisk - ok
23:27:37.0334 5744 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:27:37.0335 5744 sffp_mmc - ok
23:27:37.0351 5744 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:27:37.0352 5744 sffp_sd - ok
23:27:37.0362 5744 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:27:37.0363 5744 sfloppy - ok
23:27:37.0391 5744 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:27:37.0397 5744 SharedAccess - ok
23:27:37.0424 5744 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
23:27:37.0431 5744 ShellHWDetection - ok
23:27:37.0454 5744 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:27:37.0456 5744 sisagp - ok
23:27:37.0478 5744 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:27:37.0479 5744 SiSRaid2 - ok
23:27:37.0492 5744 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:27:37.0494 5744 SiSRaid4 - ok
23:27:37.0572 5744 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
23:27:37.0575 5744 SkypeUpdate - ok
23:27:37.0587 5744 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:27:37.0589 5744 Smb - ok
23:27:37.0617 5744 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:27:37.0623 5744 SNMPTRAP - ok
23:27:37.0699 5744 SpeechGridService (992caae7354663fe7cfadb6749ae9318) C:\Program Files\SpeechGrid\SpeechGridService.exe
23:27:37.0700 5744 SpeechGridService - ok
23:27:37.0709 5744 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:27:37.0710 5744 spldr - ok
23:27:37.0756 5744 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
23:27:37.0764 5744 Spooler - ok
23:27:37.0907 5744 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
23:27:37.0969 5744 sppsvc - ok
23:27:38.0038 5744 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
23:27:38.0043 5744 sppuinotify - ok
23:27:38.0142 5744 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
23:27:38.0156 5744 sptd - ok
23:27:38.0195 5744 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
23:27:38.0200 5744 srv - ok
23:27:38.0243 5744 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
23:27:38.0248 5744 srv2 - ok
23:27:38.0292 5744 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
23:27:38.0294 5744 srvnet - ok
23:27:38.0307 5744 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:27:38.0313 5744 SSDPSRV - ok
23:27:38.0381 5744 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:27:38.0386 5744 SstpSvc - ok
23:27:38.0399 5744 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:27:38.0400 5744 stexstor - ok
23:27:38.0433 5744 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
23:27:38.0451 5744 StiSvc - ok
23:27:38.0482 5744 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:27:38.0484 5744 storflt - ok
23:27:38.0506 5744 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
23:27:38.0511 5744 StorSvc - ok
23:27:38.0543 5744 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:27:38.0544 5744 storvsc - ok
23:27:38.0558 5744 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:27:38.0559 5744 swenum - ok
23:27:38.0588 5744 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:27:38.0596 5744 swprv - ok
23:27:38.0658 5744 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
23:27:38.0680 5744 SysMain - ok
23:27:38.0700 5744 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
23:27:38.0705 5744 TabletInputService - ok
23:27:38.0732 5744 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
23:27:38.0739 5744 TapiSrv - ok
23:27:38.0756 5744 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:27:38.0761 5744 TBS - ok
23:27:38.0842 5744 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
23:27:38.0863 5744 Tcpip - ok
23:27:38.0887 5744 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
23:27:38.0894 5744 TCPIP6 - ok
23:27:38.0908 5744 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:27:38.0910 5744 tcpipreg - ok
23:27:38.0932 5744 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:27:38.0933 5744 TDPIPE - ok
23:27:38.0962 5744 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
23:27:38.0964 5744 TDTCP - ok
23:27:38.0981 5744 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
23:27:38.0983 5744 tdx - ok
23:27:39.0000 5744 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:27:39.0001 5744 TermDD - ok
23:27:39.0034 5744 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
23:27:39.0050 5744 TermService - ok
23:27:39.0068 5744 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:27:39.0073 5744 Themes - ok
23:27:39.0082 5744 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:27:39.0086 5744 THREADORDER - ok
23:27:39.0099 5744 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:27:39.0105 5744 TrkWks - ok
23:27:39.0149 5744 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
23:27:39.0152 5744 TrustedInstaller - ok
23:27:39.0159 5744 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:27:39.0161 5744 tssecsrv - ok
23:27:39.0179 5744 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:27:39.0182 5744 tunnel - ok
23:27:39.0197 5744 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:27:39.0198 5744 uagp35 - ok
23:27:39.0229 5744 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:27:39.0232 5744 udfs - ok
23:27:39.0256 5744 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:27:39.0261 5744 UI0Detect - ok
23:27:39.0274 5744 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:27:39.0276 5744 uliagpkx - ok
23:27:39.0293 5744 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:27:39.0295 5744 umbus - ok
23:27:39.0306 5744 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:27:39.0308 5744 UmPass - ok
23:27:39.0329 5744 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
23:27:39.0335 5744 UmRdpService - ok
23:27:39.0357 5744 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:27:39.0365 5744 upnphost - ok
23:27:39.0401 5744 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
23:27:39.0403 5744 USBAAPL - ok
23:27:39.0441 5744 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
23:27:39.0444 5744 usbaudio - ok
23:27:39.0475 5744 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
23:27:39.0477 5744 usbccgp - ok
23:27:39.0490 5744 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:27:39.0492 5744 usbcir - ok
23:27:39.0533 5744 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
23:27:39.0535 5744 usbehci - ok
23:27:39.0584 5744 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
23:27:39.0588 5744 usbhub - ok
23:27:39.0622 5744 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
23:27:39.0623 5744 usbohci - ok
23:27:39.0641 5744 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:27:39.0642 5744 usbprint - ok
23:27:39.0668 5744 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
23:27:39.0670 5744 usbscan - ok
23:27:39.0714 5744 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:27:39.0716 5744 USBSTOR - ok
23:27:39.0746 5744 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
23:27:39.0747 5744 usbuhci - ok
23:27:39.0760 5744 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:27:39.0766 5744 UxSms - ok
23:27:39.0786 5744 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:27:39.0788 5744 VaultSvc - ok
23:27:39.0806 5744 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:27:39.0808 5744 vdrvroot - ok
23:27:39.0841 5744 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
23:27:39.0860 5744 vds - ok
23:27:39.0883 5744 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:27:39.0884 5744 vga - ok
23:27:39.0904 5744 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:27:39.0905 5744 VgaSave - ok
23:27:39.0915 5744 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:27:39.0918 5744 vhdmp - ok
23:27:39.0935 5744 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:27:39.0937 5744 viaagp - ok
23:27:39.0954 5744 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:27:39.0955 5744 ViaC7 - ok
23:27:39.0970 5744 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:27:39.0971 5744 viaide - ok
23:27:40.0013 5744 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:27:40.0016 5744 vmbus - ok
23:27:40.0027 5744 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:27:40.0028 5744 VMBusHID - ok
23:27:40.0049 5744 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:27:40.0051 5744 volmgr - ok
23:27:40.0078 5744 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:27:40.0083 5744 volmgrx - ok
23:27:40.0132 5744 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:27:40.0136 5744 volsnap - ok
23:27:40.0154 5744 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:27:40.0157 5744 vsmraid - ok
23:27:40.0210 5744 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
23:27:40.0226 5744 VSS - ok
23:27:40.0345 5744 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
23:27:40.0350 5744 vToolbarUpdater11.1.0 - ok
23:27:40.0456 5744 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:27:40.0457 5744 vwifibus - ok
23:27:40.0479 5744 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:27:40.0487 5744 W32Time - ok
23:27:40.0494 5744 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:27:40.0496 5744 WacomPen - ok
23:27:40.0559 5744 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:27:40.0561 5744 WANARP - ok
23:27:40.0564 5744 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:27:40.0566 5744 Wanarpv6 - ok
23:27:40.0648 5744 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
23:27:40.0666 5744 WatAdminSvc - ok
23:27:40.0722 5744 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
23:27:40.0744 5744 wbengine - ok
23:27:40.0770 5744 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:27:40.0778 5744 WbioSrvc - ok
23:27:40.0814 5744 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
23:27:40.0822 5744 wcncsvc - ok
23:27:40.0842 5744 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:27:40.0847 5744 WcsPlugInService - ok
23:27:40.0855 5744 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:27:40.0857 5744 Wd - ok
23:27:40.0887 5744 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:27:40.0906 5744 Wdf01000 - ok
23:27:40.0922 5744 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:27:40.0928 5744 WdiServiceHost - ok
23:27:40.0931 5744 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:27:40.0937 5744 WdiSystemHost - ok
23:27:40.0977 5744 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
23:27:40.0984 5744 WebClient - ok
23:27:41.0004 5744 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:27:41.0011 5744 Wecsvc - ok
23:27:41.0024 5744 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:27:41.0029 5744 wercplsupport - ok
23:27:41.0039 5744 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:27:41.0045 5744 WerSvc - ok
23:27:41.0059 5744 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:27:41.0060 5744 WfpLwf - ok
23:27:41.0077 5744 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:27:41.0078 5744 WIMMount - ok
23:27:41.0131 5744 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:27:41.0139 5744 WinDefend - ok
23:27:41.0145 5744 WinHttpAutoProxySvc - ok
23:27:41.0195 5744 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:27:41.0199 5744 Winmgmt - ok
23:27:41.0269 5744 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
23:27:41.0293 5744 WinRM - ok
23:27:41.0330 5744 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
23:27:41.0332 5744 WinUsb - ok
23:27:41.0380 5744 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:27:41.0400 5744 Wlansvc - ok
23:27:41.0537 5744 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:27:41.0548 5744 wlidsvc - ok
23:27:41.0594 5744 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:27:41.0596 5744 WmiAcpi - ok
23:27:41.0626 5744 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:27:41.0629 5744 wmiApSrv - ok
23:27:41.0682 5744 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:27:41.0695 5744 WMPNetworkSvc - ok
23:27:41.0704 5744 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:27:41.0710 5744 WPCSvc - ok
23:27:41.0726 5744 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
23:27:41.0732 5744 WPDBusEnum - ok
23:27:41.0751 5744 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:27:41.0753 5744 ws2ifsl - ok
23:27:41.0781 5744 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
23:27:41.0787 5744 wscsvc - ok
23:27:41.0791 5744 WSearch - ok
23:27:41.0902 5744 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
23:27:41.0919 5744 wuauserv - ok
23:27:41.0951 5744 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:27:41.0954 5744 WudfPf - ok
23:27:41.0978 5744 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:27:41.0981 5744 WUDFRd - ok
23:27:41.0995 5744 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
23:27:42.0001 5744 wudfsvc - ok
23:27:42.0026 5744 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:27:42.0033 5744 WwanSvc - ok
23:27:42.0056 5744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:27:42.0390 5744 \Device\Harddisk0\DR0 - ok
23:27:42.0401 5744 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR6
23:27:42.0405 5744 \Device\Harddisk1\DR6 - ok
23:27:42.0408 5744 Boot (0x1200) (5544140a3032111c7d0e52d003b4d9ad) \Device\Harddisk0\DR0\Partition0
23:27:42.0409 5744 \Device\Harddisk0\DR0\Partition0 - ok
23:27:42.0420 5744 Boot (0x1200) (2c17b8e6a5e1d060a0b80042f6b1e733) \Device\Harddisk0\DR0\Partition1
23:27:42.0421 5744 \Device\Harddisk0\DR0\Partition1 - ok
23:27:42.0438 5744 Boot (0x1200) (353f669bf0e37bc9360e7cf4059f9b6a) \Device\Harddisk0\DR0\Partition2
23:27:42.0439 5744 \Device\Harddisk0\DR0\Partition2 - ok
23:27:42.0443 5744 Boot (0x1200) (5f2f1e40bbccf2012bedc04cf695bb17) \Device\Harddisk1\DR6\Partition0
23:27:42.0445 5744 \Device\Harddisk1\DR6\Partition0 - ok
23:27:42.0445 5744 ============================================================
23:27:42.0445 5744 Scan finished
23:27:42.0445 5744 ============================================================
23:27:42.0459 1836 Detected object count: 0
23:27:42.0459 1836 Actual detected object count: 0

2.aswMBR (it didnt ask me to download extra definitions) Like you wrote in previous post

wMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 23:33:18
-----------------------------
23:33:18.641 OS Version: Windows 6.1.7600
23:33:18.641 Number of processors: 2 586 0x170A
23:33:18.642 ComputerName: HOMEPC UserName:
23:33:19.415 Initialize success
23:33:22.811 AVAST engine defs: 12062301
23:33:43.324 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
23:33:43.328 Disk 0 Vendor: WDC_WD6400AARS-00Y5B1 80.00A80 Size: 610480MB BusType: 3
23:33:43.342 Disk 0 MBR read successfully
23:33:43.346 Disk 0 MBR scan
23:33:43.351 Disk 0 Windows 7 default MBR code
23:33:43.355 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:33:43.360 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 250379 MB offset 206848
23:33:43.377 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 359999 MB offset 512983040
23:33:43.386 Disk 0 scanning sectors +1250260992
23:33:43.408 Disk 0 scanning C:\Windows\system32\drivers
23:33:53.974 Service scanning
23:34:10.173 Modules scanning
23:34:14.550 Disk 0 trace - called modules:
23:34:14.896 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
23:34:14.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86176310]
23:34:14.926 3 CLASSPNP.SYS[8b5ad59e] -> nt!IofCallDriver -> [0x85cad918]
23:34:14.931 5 ACPI.sys[8b0af3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85cc7908]
23:34:15.500 AVAST engine scan C:\Windows
23:34:18.005 AVAST engine scan C:\Windows\system32
23:36:13.785 AVAST engine scan C:\Windows\system32\drivers
23:36:23.908 AVAST engine scan C:\Users\uporabnik
23:37:44.060 Disk 0 MBR has been saved successfully to "C:\Users\uporabnik\Desktop\virus\prva stvar\MBR.dat"
23:37:44.065 The log file has been saved successfully to "C:\Users\uporabnik\Desktop\virus\prva stvar\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 23 June 2012 - 09:04 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Morje

Morje
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 24 June 2012 - 03:30 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : homepc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : E0-CB-4E-5A-68-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1d8c:8dd8:3d33:e28a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 24. junij 2012 10:18:57
Lease Expires . . . . . . . . . . : 25. junij 2012 10:18:52
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 249613134
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-DB-80-4C-E0-CB-4E-5A-68-FA
DNS Servers . . . . . . . . . . . : 70.38.38.4
4.30.72.150
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{5B10552E-FDE7-4C22-92CA-37B6F0D4891B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2c33:3a1b:3f57:fefc(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c33:3a1b:3f57:fefc%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 70.38.38.4

Name: google.com
Addresses: 2607:f8b0:4006:800::100e
74.125.226.206
74.125.226.194
74.125.226.198
74.125.226.192
74.125.226.201
74.125.226.197
74.125.226.195
74.125.226.196
74.125.226.200
74.125.226.193
74.125.226.199

Server: UnKnown
Address: 70.38.38.4

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging google.com [74.125.227.39] with 32 bytes of data:
Reply from 74.125.227.39: bytes=32 time=342ms TTL=47
Reply from 74.125.227.39: bytes=32 time=283ms TTL=47

Ping statistics for 74.125.227.39:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 283ms, Maximum = 342ms, Average = 312ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=258ms TTL=46
Reply from 98.139.183.24: bytes=32 time=223ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 223ms, Maximum = 258ms, Average = 240ms
===========================================================================
Interface List
11...e0 cb 4e 5a 68 fa ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fb:2c33:3a1b:3f57:fefc/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
11 276 fe80::1d8c:8dd8:3d33:e28a/128
On-link
13 306 fe80::2c33:3a1b:3f57:fefc/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 24 June 2012 - 03:35 AM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Morje

Morje
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 24 June 2012 - 03:47 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : homepc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : E0-CB-4E-5A-68-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1d8c:8dd8:3d33:e28a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 24. junij 2012 10:18:57
Lease Expires . . . . . . . . . . : 25. junij 2012 10:18:57
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 249613134
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-DB-80-4C-E0-CB-4E-5A-68-FA
DNS Servers . . . . . . . . . . . : 70.38.38.4
4.30.72.150
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{5B10552E-FDE7-4C22-92CA-37B6F0D4891B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2c33:3a1b:3f57:fefc(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c33:3a1b:3f57:fefc%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 70.38.38.4

Name: google.com
Addresses: 2607:f8b0:4006:800::1005
74.125.226.200
74.125.226.196
74.125.226.193
74.125.226.192
74.125.226.199
74.125.226.198
74.125.226.197
74.125.226.206
74.125.226.201
74.125.226.195
74.125.226.194

Server: UnKnown
Address: 70.38.38.4

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging google.com [74.125.227.70] with 32 bytes of data:
Reply from 74.125.227.70: bytes=32 time=250ms TTL=48
Reply from 74.125.227.70: bytes=32 time=268ms TTL=48

Ping statistics for 74.125.227.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 250ms, Maximum = 268ms, Average = 259ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=244ms TTL=42
Reply from 209.191.122.70: bytes=32 time=261ms TTL=42

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 244ms, Maximum = 261ms, Average = 252ms
===========================================================================
Interface List
11...e0 cb 4e 5a 68 fa ......Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fb:2c33:3a1b:3f57:fefc/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
11 276 fe80::1d8c:8dd8:3d33:e28a/128
On-link
13 306 fe80::2c33:3a1b:3f57:fefc/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Edited by Morje, 24 June 2012 - 03:50 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 24 June 2012 - 03:49 AM

I am going to signing off for awhile now but let me know how things are doing now



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Morje

Morje
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 24 June 2012 - 04:08 AM

OTL logfile created on: 24.6.2012 10:59:31 - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\uporabnik\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000424 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,61% Memory free
6,00 Gb Paging File | 4,71 Gb Available in Paging File | 78,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,51 Gb Total Space | 96,25 Gb Free Space | 39,36% Space Free | Partition Type: NTFS
Drive D: | 351,56 Gb Total Space | 345,20 Gb Free Space | 98,19% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 73,81 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 70,16 Mb Free Space | 70,17% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: uporabnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\uporabnik\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\utorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\SpeechGrid\SpeechGridService.exe (SpeechGrid)
PRC - C:\Program Files\SpeechGrid\SpeechGrid.exe (SpeechGrid)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe (GARMIN Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SpeechGridService) -- C:\Program Files\SpeechGrid\SpeechGridService.exe (SpeechGrid)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\UPORAB~1\AppData\Local\Temp\catchme.sys File not found
DRV - (ASPI32) -- File not found
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DSI_SiUSBXp_3_1) -- C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys (Silicon Laboratories)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=brn1&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7c4547bb000000000000e0cb4e5a68fa&tlver=1.4.19.19&affID=17159
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{5B32B225-4565-4200-A0AF-8863F38B96A5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^SI&apn_uid=98a2a89f-4297-4c6d-81e7-2623295525cb&apn_sauid=B4DD89B9-EDF6-4B9E-BC10-0CF7C9C41DFB
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_sl
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A81E8B08-9C2A-4B43-B648-9E4EFABB4CEC}&mid=b7b262dc97af47d08541318208be8109-ac8a6102c3993f907a5a4425232a5aff4a08754e&lang=en&ds=qw011&pr=sa&d=2012-05-19 11:24:53&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={09F97730-CA52-11E0-BBE5-E0CB4E5A68FA}
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.si/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: downloader@freeyoutubetomp3converter.org:1.0.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.746
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.7
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B4bf5a099-ecb0-4e48-9b1c-1f4c479e1834%7D&mid=b7b262dc97af47d08541318208be8109-ac8a6102c3993f907a5a4425232a5aff4a08754e&ds=qw011&v=11.1.0.7&lang=en&pr=sa&d=2012-05-19%2011%3A24%3A53&sap=ku&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com/?l=dis&o=1586&gct=hp"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=7c4547bb000000000000e0cb4e5a68fa&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@freeyoutubetomp3converter.org: C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox [2011.08.15 19:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.01.02 19:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.05.19 11:25:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.06.20 09:24:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.25 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.25 23:16:28 | 000,000,000 | ---D | M]

[2010.07.26 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Extensions
[2012.05.26 19:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions
[2011.03.29 22:14:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.15 01:07:42 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.08.19 12:57:44 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.05.26 19:15:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com
[2011.07.15 01:10:45 | 000,002,399 | ---- | M] () -- C:\Users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\searchplugins\askcom.xml
[2011.08.19 12:57:39 | 000,003,915 | ---- | M] () -- C:\Users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\searchplugins\sweetim.xml
[2012.05.25 23:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.10.15 18:15:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.15 19:59:34 | 000,000,000 | ---D | M] (FreeYouTubeToMP3TURBOConverter plugin for Mozilla Firefox) -- C:\PROGRAM FILES\FREEYOUTUBETOMP3TURBOCONVERTER\FIREFOX
[2012.05.19 11:25:06 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012.05.25 23:16:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.19 11:24:46 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.04.09 18:05:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.05.25 23:16:23 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
[2011.08.15 19:59:39 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.10.26 17:57:38 | 000,002,036 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb.xml
[2012.05.25 23:16:23 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml
[2012.05.25 23:16:23 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
[2012.05.25 23:16:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.05.25 23:16:23 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml

O1 HOSTS File: ([2012.06.23 22:26:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT_Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [gStart] C:\Program Files\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [SpeechGrid] C:\Program Files\SpeechGrid\SpeechGrid.exe (SpeechGrid)
O4 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\uporabnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\uporabnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 70.38.38.4 4.30.72.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B10552E-FDE7-4C22-92CA-37B6F0D4891B}: DhcpNameServer = 70.38.38.4 4.30.72.150
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.30 13:22:58 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.23 23:51:03 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Local\Macromedia
[2012.06.23 22:37:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.23 22:26:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.23 22:09:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.23 22:09:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.23 22:09:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.23 22:09:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.22 12:07:08 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\Desktop\za svaki slučaj backup MC
[2012.06.21 11:51:26 | 000,000,000 | ---D | C] -- C:\uninstall
[2012.06.21 10:47:56 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\Desktop\virus
[2012.06.21 09:21:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.21 08:54:01 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 08:54:00 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 08:53:20 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 08:53:20 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 08:53:19 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 08:52:57 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 08:52:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.21 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Roaming\Malwarebytes
[2012.06.21 00:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.20 09:25:10 | 000,112,984 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.06.20 09:24:45 | 000,196,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.06.20 09:24:45 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.06.20 09:24:40 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.06.20 09:24:25 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.06.20 09:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.06.19 21:13:23 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Roaming\Notepad++
[2012.06.19 21:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012.06.14 00:49:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.14 00:49:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.14 00:49:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.14 00:49:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.14 00:49:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.14 00:49:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.14 00:49:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 23:59:02 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.13 23:59:01 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.13 23:59:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.13 23:59:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.05.28 19:00:01 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Local\SpeechGrid
[2012.05.28 18:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpeechGrid
[2012.05.28 18:59:43 | 000,000,000 | ---D | C] -- C:\Users\uporabnik\AppData\Roaming\OpenCandy
[2012.05.28 18:58:44 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.28 18:58:39 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.28 18:58:31 | 000,772,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2012.05.28 18:58:30 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100u.dll
[2012.05.28 18:58:30 | 000,419,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2012.05.28 18:58:30 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl100.dll
[2012.05.28 18:58:30 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcm100u.dll
[2012.05.25 23:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.25 23:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

========== Files - Modified Within 30 Days ==========

[2012.06.24 10:57:02 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.24 10:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.24 10:26:23 | 000,020,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 10:26:23 | 000,020,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 10:19:22 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.24 10:18:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.24 10:18:47 | 2415,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.23 22:26:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.23 12:37:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.23 12:37:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.23 00:46:28 | 000,624,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.23 00:46:28 | 000,110,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.22 21:48:35 | 029,142,111 | ---- | M] () -- C:\Users\uporabnik\Desktop\Dj Wingss - Compete.mp3
[2012.06.22 18:17:13 | 126,526,696 | ---- | M] () -- C:\Users\uporabnik\Desktop\Dj Wingss - Compete.wav
[2012.06.21 09:05:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.06.21 09:05:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.06.20 09:24:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.06.20 09:21:32 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.06.14 17:55:10 | 002,442,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.05.28 18:58:44 | 000,001,360 | ---- | M] () -- C:\Users\uporabnik\Desktop\Free YouTube to MP3 Converter.lnk
[2012.05.25 23:16:30 | 000,001,994 | ---- | M] () -- C:\Users\uporabnik\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012.06.23 22:09:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.23 22:09:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.23 22:09:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.23 22:09:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.23 22:09:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.22 18:18:44 | 029,142,111 | ---- | C] () -- C:\Users\uporabnik\Desktop\Dj Wingss - Compete.mp3
[2012.06.22 18:04:59 | 126,526,696 | ---- | C] () -- C:\Users\uporabnik\Desktop\Dj Wingss - Compete.wav
[2012.06.21 09:05:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.06.21 09:05:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.06.20 09:21:32 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.06.09 21:43:04 | 000,076,901 | ---- | C] () -- C:\Users\uporabnik\Desktop\Justin.Bieber.Never.Say.Never.2011.BRRip.x264.RmD.srt
[2012.05.28 18:59:56 | 000,001,023 | ---- | C] () -- C:\Users\uporabnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeechGrid.lnk
[2012.05.25 23:16:31 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.08.28 20:07:38 | 000,000,097 | ---- | C] () -- C:\Users\uporabnik\AppData\Local\fusioncache.dat
[2011.05.03 18:54:47 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.11.12 21:23:20 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.12 21:23:13 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.12 21:23:06 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.09.27 15:41:43 | 000,004,096 | -H-- | C] () -- C:\Users\uporabnik\AppData\Local\keyfile3.drm
[2010.08.20 16:32:49 | 000,007,168 | ---- | C] () -- C:\Users\uporabnik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.25 15:23:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cdTextCtl.dll
[2010.07.24 21:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.23 18:48:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:88050731
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 24 June 2012 - 12:11 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:88050731
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB    
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
    IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=brn1&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7c4547bb000000000000e0cb4e5a68fa&tlver=1.4.19.19&affID=17159
    IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{5B32B225-4565-4200-A0AF-8863F38B96A5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^SI&apn_uid=98a2a89f-4297-4c6d-81e7-2623295525cb&apn_sauid=B4DD89B9-EDF6-4B9E-BC10-0CF7C9C41DFB
    IE - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={09F97730-CA52-11E0-BBE5-E0CB4E5A68FA}
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://eu.ask.com/?l=dis&o=1586&gct=hp"
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=7c4547bb000000000000e0cb4e5a68fa&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
    [2011.08.19 12:57:44 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    [2012.05.26 19:15:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com
    [2011.07.15 01:10:45 | 000,002,399 | ---- | M] () -- C:\Users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\searchplugins\askcom.xml
    [2011.08.19 12:57:39 | 000,003,915 | ---- | M] () -- C:\Users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\searchplugins\sweetim.xml
    [2011.04.09 18:05:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012.05.25 23:16:23 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
    [2011.08.15 19:59:39 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
    [2010.10.26 17:57:38 | 000,002,036 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb.xml
    [2012.05.25 23:16:23 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml
    [2012.05.25 23:16:23 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
    O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKU\S-1-5-21-3205421419-3179163627-3543162922-1001\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\tbBrot.dll (Conduit Ltd.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Morje

Morje
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 24 June 2012 - 03:12 PM

I still cannot access to FB page. So nothing has changed. And I didnt have to reboot the machine.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki ...\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:88050731 deleted successfully.
ADS C:\ProgramData\TEMP:E9DC8DCB deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.
C:\Program Files\Brothersoft\tbBrot.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File C:\Program Files\Brothersoft\tbBrot.dll not found.
Registry key HKEY_USERS\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5B32B225-4565-4200-A0AF-8863F38B96A5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B32B225-4565-4200-A0AF-8863F38B96A5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems
Prefs.js: "Ask.com" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "Ask.com" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "http://eu.ask.com/?l=dis&o=1586&gct=hp" removed from browser.startup.homepage
Prefs.js: "http://search.babylon.com/?babsrc=SP_ss&mntrId=7c4547bb000000000000e0cb4e5a68fa&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\mozilla\Firefox\Profiles\srab4v3h.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\searchplugins\askcom.xml moved successfully.
C:\Users\uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\srab4v3h.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\ceneji.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File C:\Program Files\Brothersoft\tbBrot.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
File C:\Program Files\Brothersoft\tbBrot.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-3205421419-3179163627-3543162922-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}\ not found.
File C:\Program Files\Brothersoft\tbBrot.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\uporabnik\Downloads\cmd.bat deleted successfully.
C:\Users\uporabnik\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: uporabnik
->Java cache emptied: 9003795 bytes

Total Java Files Cleaned = 9,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: uporabnik
->Flash cache emptied: 34766 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06242012_220814

#14 Morje

Morje
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 24 June 2012 - 05:22 PM

I woud like to apologize, becouse I wont be home for about 3 weeks, so i wont be able to do anything... and I would like to thank you for your fast help... When I get back, I will immediately write you here.

Edited by Morje, 24 June 2012 - 05:23 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 24 June 2012 - 08:18 PM

I will close this now and when you get back I want you to send me a PM and I will open it for you



<--- to send me a pm see the two icons under my name - the one on the left will send me the pm
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users