Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with rootkit virus, trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 casper5

casper5

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 25 August 2012 - 12:10 AM

I had download AVG to help clean my computer. My results showed that I have 28 rootkits infecting my computer. I have tried removing, but have not been successfully. Please help!! I ran rtkill, the results are at the bottom. Thank you!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by Owner at 23:53:19 on 2012-08-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2242 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: MRI_DISABLED - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C77C2D4B-A76C-4947-9B1D-B4A7D39D8519} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: MRI_DISABLED - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: HelloWorldBHO - No File
BHO-X64: HP Smart BHO Class - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-5 135664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe -service --> C:\Windows\system32\lxdicoms.exe -service [?]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdiserv.exe [2007-6-11 33712]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-23 655944]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-8-2 830048]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-5 135664]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-25 03:19:18 20480 ----a-w- C:\Windows\svchost.exe
2012-08-25 03:19:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-24 01:56:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-08-24 01:56:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-24 01:56:19 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 01:56:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-23 04:03:15 98816 ----a-w- C:\Windows\sed.exe
2012-08-23 04:03:15 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-23 04:03:15 256000 ----a-w- C:\Windows\PEV.exe
2012-08-23 04:03:15 208896 ----a-w- C:\Windows\MBR.exe
2012-08-22 05:46:28 17142744 ----a-w- C:\Windows-KB890830-x64-V4.11.exe
2012-08-22 03:20:56 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2012-08-22 02:12:09 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-22 02:03:19 -------- d-----w- C:\Windows\System32\MpEngineStore
2012-08-22 01:53:34 -------- d-----w- C:\95aa27cf44611ba284628d440715
2012-08-03 01:55:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVG2012
2012-08-03 01:52:02 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-03 01:51:54 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-03 01:51:04 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-03 01:39:05 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-08-03 01:39:04 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-08-03 01:39:04 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-08-03 01:39:04 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-08-03 01:39:04 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-08-03 01:39:04 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-08-03 01:34:57 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{625595A0-CC88-4ED6-BEB4-85EC64DF3C62}\mpengine.dll
2012-08-03 01:33:32 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-03 01:33:21 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-08-03 01:33:06 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-08-03 01:33:06 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-08-03 01:11:18 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2BE53998-B967-43A5-B163-956C1718C5D3}\mpengine.dll
2012-08-02 02:31:59 -------- d-----w- C:\Users\Owner\AppData\Local\HP
2012-08-02 02:31:03 -------- d-----w- C:\Users\Owner\AppData\Local\AVG Secure Search
2012-08-02 02:30:29 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-02 02:29:41 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-02 02:27:54 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-02 02:27:54 -------- d-----w- C:\ProgramData\AVG2012
2012-08-02 02:27:54 -------- d-----w- C:\$AVG
2012-08-02 02:26:46 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-02 02:22:58 -------- d--h--w- C:\ProgramData\Common Files
2012-08-02 02:22:58 -------- d-----w- C:\ProgramData\MFAData
2012-07-31 11:25:35 -------- d-----w- C:\Program Files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-07 01:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 23:54:17.01 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2010 9:44:14 PM
System Uptime: 8/24/2012 10:17:51 PM (1 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 228.106 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.992 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP387: 7/24/2012 10:03:17 PM - Windows Update
RP389: 7/26/2012 7:40:52 PM - Windows Defender Checkpoint
RP390: 7/29/2012 9:05:30 AM - HPSF Restore Point
RP391: 7/30/2012 6:36:58 AM - HPSF Restore Point
RP392: 7/31/2012 6:03:40 AM - HPSF Applying updates
RP393: 7/31/2012 6:05:22 AM - Windows Update
RP394: 7/31/2012 6:11:51 AM - Installed HP Support Assistant
RP395: 7/31/2012 6:20:11 AM - Windows Update
RP396: 8/1/2012 9:26:13 PM - Installed AVG 2012
RP397: 8/1/2012 9:27:06 PM - Installed AVG 2012
RP398: 8/2/2012 7:55:21 PM - Restore Operation
RP399: 8/2/2012 8:32:36 PM - Windows Update
RP400: 8/2/2012 8:34:37 PM - Windows Update
RP401: 8/2/2012 8:49:25 PM - Installed AVG 2012
RP402: 8/2/2012 8:49:58 PM - Installed AVG 2012
RP403: 8/3/2012 5:51:43 AM - Windows Update
RP404: 8/21/2012 8:53:05 PM - Windows Update
RP405: 8/22/2012 1:01:31 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2 MUI
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bing Bar
BufferChm
Choice Guard
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
D1500
DeviceDiscovery
DJ_SF_03_D1500_Software_Min
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0156
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Image Plugin
Java™ 6 Update 14
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Toolbars
Skype™ 4.2
SolutionCenter
Statistics
Statistics (Fall 2009 Student Version)
Statistics (Fall 2010 Student)
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Wal-Mart Digital Photo Manager
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/24/2012 10:19:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/24/2012 10:19:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/24/2012 10:19:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/24/2012 10:19:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/24/2012 10:18:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
8/24/2012 10:18:30 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/24/2012 10:17:21 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/24/2012 10:16:46 PM, Error: Application Popup [1060] - \??\C:\sub\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/24/2012 10:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/23/2012 6:21:57 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.
8/23/2012 6:17:01 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/23/2012 6:02:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Image Acquisition (WIA) service to connect.
8/23/2012 6:02:35 AM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2012 5:47:11 AM, Error: Service Control Manager [7023] - The hpqcxs08 service terminated with the following error: %%-2147467243
8/23/2012 12:04:30 AM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
8/23/2012 12:04:30 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
8/23/2012 12:04:30 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
8/23/2012 12:04:28 AM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/23/2012 12:04:28 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/23/2012 12:04:28 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
8/23/2012 12:04:28 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
8/23/2012 12:04:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/23/2012 12:04:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/23/2012 12:04:24 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
8/23/2012 12:04:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the vToolbarUpdater12.1.5 service to connect.
8/23/2012 12:04:16 AM, Error: Service Control Manager [7000] - The vToolbarUpdater12.1.5 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2012 10:57:41 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
8/22/2012 10:57:41 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
8/22/2012 10:43:41 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 2 time(s).
8/22/2012 10:13:23 PM, Error: Service Control Manager [7022] - The WLAN AutoConfig service hung on starting.
8/21/2012 11:41:22 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
8/21/2012 11:41:22 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
8/21/2012 10:21:58 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/21/2012 10:19:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/21/2012 10:19:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/21/2012 10:18:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/21/2012 10:18:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fd16ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082112-34413-01.
8/21/2012 10:18:45 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/21/2012 10:18:45 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/21/2012 10:18:45 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/21/2012 10:18:45 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/21/2012 10:18:45 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/21/2012 10:18:43 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/21/2012 10:18:43 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/21/2012 10:18:43 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/21/2012 10:18:43 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/21/2012 10:18:43 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 08/24/2012 at 22:31:08.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 08/24/2012 at 22:31:11.

Edited by casper5, 25 August 2012 - 12:29 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 PM

Posted 25 August 2012 - 04:56 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 casper5

casper5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 25 August 2012 - 07:41 PM

Below are the logs that you have requested. Thank you so much for your help.

Scan result of Farbar Recovery Scan Tool Version: 25-08-2012
Ran by SYSTEM at 25-08-2012 19:30:47
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [lxdimon.exe] "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [434856 2009-04-27] ()
HKLM\...\Run: [lxdiamon] "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [25256 2009-04-27] ()
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1147488 2012-08-02] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-05] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 lxdiCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [33712 2007-06-11] (Lexmark International, Inc.)
2 lxdi_device; C:\Windows\system32\lxdicoms.exe -service [876976 2007-06-11] ( )
2 lxdi_device; C:\Windows\SysWow64\lxdicoms.exe -service [517040 2007-06-11] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [830048 2012-08-02] ()

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-02] (AVG Technologies)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 catchme; \??\C:\sub\catchme.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-25 16:12 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-24 21:17 - 2012-08-24 21:17 - 00018216 ____A C:\Users\Owner\Desktop\attach1.txt
2012-08-24 21:16 - 2012-08-24 21:16 - 00020514 ____A C:\Users\Owner\Desktop\DDS.txt
2012-08-24 21:16 - 2012-08-24 21:16 - 00018233 ____A C:\Users\Owner\Desktop\Attach.txt
2012-08-24 20:51 - 2012-08-24 20:51 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-08-24 20:50 - 2012-08-24 20:50 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-08-24 20:50 - 2012-08-24 20:50 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-08-24 20:47 - 2012-08-24 20:47 - 00050477 ____A C:\Users\Owner\Desktop\Defogger.exe
2012-08-24 19:26 - 2012-08-24 19:26 - 00025394 ____A C:\ComboFix.txt
2012-08-24 17:34 - 2012-08-24 19:32 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-24 17:31 - 2012-08-24 17:31 - 04737458 ____R (Swearware) C:\Users\Owner\Desktop\sub.exe
2012-08-24 17:27 - 2012-08-24 17:27 - 10651816 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\baby.exe
2012-08-23 20:31 - 2012-08-23 20:31 - 01008141 ____A C:\Users\Owner\Desktop\ford.com
2012-08-23 17:56 - 2012-08-24 19:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-23 17:56 - 2012-08-23 17:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-08-23 17:56 - 2012-08-23 17:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-23 17:56 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-23 17:49 - 2012-08-24 19:31 - 00000395 ____A C:\rkill.log
2012-08-22 20:03 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-22 20:03 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-22 20:03 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-22 19:57 - 2012-08-24 19:26 - 00000000 ____D C:\Qoobox
2012-08-22 19:57 - 2012-08-22 19:57 - 04736524 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-08-22 19:39 - 2012-08-22 20:34 - 00000000 ____D C:\Windows\erdnt
2012-08-21 21:46 - 2012-08-21 21:46 - 17142744 ____A (Microsoft Corporation) C:\Windows-KB890830-x64-V4.11.exe
2012-08-21 19:18 - 2012-08-21 19:18 - 00277336 ____A C:\Windows\Minidump\082112-34413-01.dmp
2012-08-21 18:23 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-21 18:23 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-21 18:23 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-21 18:23 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-21 18:23 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-21 18:23 - 2012-06-15 21:16 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-21 18:23 - 2012-06-15 21:15 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-21 18:23 - 2012-06-15 20:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-21 18:23 - 2012-06-15 20:26 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-21 18:23 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-21 18:23 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-21 18:23 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-21 18:23 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-21 18:23 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-21 18:23 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-21 18:22 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-21 18:22 - 2012-06-26 23:06 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-21 18:22 - 2012-06-26 23:06 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-21 18:22 - 2012-06-26 23:06 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-21 18:22 - 2012-06-26 23:03 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-21 18:22 - 2012-06-26 23:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-21 18:22 - 2012-06-26 23:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-21 18:22 - 2012-06-26 23:02 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-21 18:22 - 2012-06-26 23:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-21 18:22 - 2012-06-26 23:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-21 18:22 - 2012-06-26 23:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-21 18:22 - 2012-06-26 21:53 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-21 18:22 - 2012-06-26 21:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-21 18:22 - 2012-06-26 21:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-21 18:22 - 2012-06-26 21:51 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-21 18:22 - 2012-06-26 21:51 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-21 18:22 - 2012-06-26 21:51 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-21 18:22 - 2012-06-26 21:50 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-21 18:22 - 2012-06-26 21:50 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-21 18:22 - 2012-06-26 21:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-21 18:22 - 2012-06-26 21:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-21 18:22 - 2012-06-26 20:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-21 18:22 - 2012-06-26 20:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-21 18:12 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-21 18:03 - 2012-08-21 22:08 - 00000000 ____D C:\Windows\System32\MpEngineStore
2012-08-21 17:53 - 2012-08-21 17:53 - 00000000 ____D C:\95aa27cf44611ba284628d440715
2012-08-04 03:00 - 2012-08-04 03:40 - 00005692 ____A C:\Users\Owner\Desktop\avgrep.txt
2012-08-03 02:57 - 2012-08-03 02:57 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-08-03 02:41 - 2012-08-21 19:18 - 452164498 ____A C:\Windows\MEMORY.DMP
2012-08-03 02:41 - 2012-08-21 19:18 - 00000000 ____D C:\Windows\Minidump
2012-08-03 02:41 - 2012-08-03 02:41 - 00277360 ____A C:\Windows\Minidump\080312-46425-01.dmp
2012-08-02 17:55 - 2012-08-02 17:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVG2012
2012-08-02 17:52 - 2012-08-02 17:52 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-02 17:51 - 2012-08-02 17:52 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-08-02 17:51 - 2012-08-02 17:51 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-08-02 17:39 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-02 17:39 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-02 17:39 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-02 17:39 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-02 17:39 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-02 17:39 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-08-02 17:39 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-08-02 17:38 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-02 17:38 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-08-02 17:38 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-08-02 17:38 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-02 17:38 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-02 17:38 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-02 17:38 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-02 17:38 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-02 17:38 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-02 17:38 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-02 17:38 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-02 17:38 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-02 17:33 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-08-02 17:33 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-08-02 17:33 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-08-02 17:33 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-08-02 17:33 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-08-02 17:33 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-08-02 17:33 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-08-02 17:33 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-08-02 17:33 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-08-01 18:31 - 2012-08-01 18:31 - 00000000 ____D C:\Users\Owner\AppData\Local\HP
2012-08-01 18:31 - 2012-08-01 18:31 - 00000000 ____D C:\Users\Owner\AppData\Local\AVG Secure Search
2012-08-01 18:30 - 2012-08-21 17:49 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-08-01 18:27 - 2012-08-23 20:34 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-01 18:27 - 2012-08-23 03:23 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-08-01 18:27 - 2012-08-01 18:27 - 00000000 ____D C:\$AVG
2012-08-01 18:26 - 2012-08-01 18:26 - 00000000 ____D C:\Program Files (x86)\AVG
2012-08-01 18:22 - 2012-08-23 03:23 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-31 03:25 - 2012-08-02 17:04 - 00000000 ____D C:\Program Files\Microsoft Security Client


============ 3 Months Modified Files ========================

2012-08-25 16:26 - 2009-11-14 02:12 - 00000290 ____A C:\Users\All Users\hpqp.ini
2012-08-25 16:25 - 2010-07-05 17:40 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-25 16:25 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-25 16:25 - 2009-07-13 20:51 - 00162409 ____A C:\Windows\setupact.log
2012-08-25 16:11 - 2010-01-03 20:36 - 00185788 ____A C:\Windows\PFRO.log
2012-08-24 21:17 - 2012-08-24 21:17 - 00018216 ____A C:\Users\Owner\Desktop\attach1.txt
2012-08-24 21:16 - 2012-08-24 21:16 - 00020514 ____A C:\Users\Owner\Desktop\DDS.txt
2012-08-24 21:16 - 2012-08-24 21:16 - 00018233 ____A C:\Users\Owner\Desktop\Attach.txt
2012-08-24 20:51 - 2012-08-24 20:51 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-08-24 20:50 - 2012-08-24 20:50 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-08-24 20:50 - 2012-08-24 20:50 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-08-24 20:47 - 2012-08-24 20:47 - 00050477 ____A C:\Users\Owner\Desktop\Defogger.exe
2012-08-24 19:32 - 2012-08-24 17:34 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-24 19:31 - 2012-08-23 17:49 - 00000395 ____A C:\rkill.log
2012-08-24 19:26 - 2012-08-24 19:26 - 00025394 ____A C:\ComboFix.txt
2012-08-24 19:19 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-24 18:37 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-24 17:31 - 2012-08-24 17:31 - 04737458 ____R (Swearware) C:\Users\Owner\Desktop\sub.exe
2012-08-24 17:27 - 2012-08-24 17:27 - 10651816 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\baby.exe
2012-08-23 20:45 - 2009-11-14 01:50 - 01617168 ____A C:\Windows\WindowsUpdate.log
2012-08-23 20:42 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-23 20:42 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-23 20:31 - 2012-08-23 20:31 - 01008141 ____A C:\Users\Owner\Desktop\ford.com
2012-08-23 17:11 - 2010-07-05 17:40 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-22 19:57 - 2012-08-22 19:57 - 04736524 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-08-22 19:12 - 2009-07-13 20:45 - 00398872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-21 21:46 - 2012-08-21 21:46 - 17142744 ____A (Microsoft Corporation) C:\Windows-KB890830-x64-V4.11.exe
2012-08-21 19:18 - 2012-08-21 19:18 - 00277336 ____A C:\Windows\Minidump\082112-34413-01.dmp
2012-08-21 19:18 - 2012-08-03 02:41 - 452164498 ____A C:\Windows\MEMORY.DMP
2012-08-21 18:51 - 2011-06-28 19:10 - 00001854 ____A C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml
2012-08-21 17:55 - 2011-05-20 17:52 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-04 03:40 - 2012-08-04 03:00 - 00005692 ____A C:\Users\Owner\Desktop\avgrep.txt
2012-08-03 02:57 - 2012-08-03 02:57 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-08-03 02:41 - 2012-08-03 02:41 - 00277360 ____A C:\Windows\Minidump\080312-46425-01.dmp
2012-08-03 01:27 - 2010-01-03 20:32 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-02 18:24 - 2012-02-06 20:04 - 00000334 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2012-08-02 17:54 - 2011-01-03 18:12 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-02 17:52 - 2012-08-02 17:52 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-07-18 10:15 - 2012-08-21 18:22 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:16 - 2012-08-21 18:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-21 18:23 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-21 18:23 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-21 18:23 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-21 18:23 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 10:46 - 2012-08-23 17:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 23:06 - 2012-08-21 18:22 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-26 23:06 - 2012-08-21 18:22 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-26 23:06 - 2012-08-21 18:22 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-26 23:03 - 2012-08-21 18:22 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-26 23:03 - 2012-08-21 18:22 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-26 23:03 - 2012-08-21 18:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-26 23:02 - 2012-08-21 18:22 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-26 23:02 - 2012-08-21 18:22 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-26 23:02 - 2012-08-21 18:22 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-26 23:02 - 2012-08-21 18:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-26 21:53 - 2012-08-21 18:22 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-26 21:53 - 2012-08-21 18:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-26 21:53 - 2012-08-21 18:22 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-26 21:51 - 2012-08-21 18:22 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-26 21:51 - 2012-08-21 18:22 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-26 21:51 - 2012-08-21 18:22 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-26 21:50 - 2012-08-21 18:22 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-26 21:50 - 2012-08-21 18:22 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-26 21:50 - 2012-08-21 18:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 21:50 - 2012-08-21 18:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-26 20:53 - 2012-08-21 18:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-26 20:10 - 2012-08-21 18:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-15 21:16 - 2012-08-21 18:23 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-15 21:15 - 2012-08-21 18:23 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-15 20:26 - 2012-08-21 18:23 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-15 20:26 - 2012-08-21 18:23 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-06-14 17:03 - 2009-07-13 21:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-08 21:43 - 2012-08-02 17:39 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-08-02 17:38 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 17:59 - 2012-06-06 17:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-05 22:06 - 2012-08-02 17:39 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-08-02 17:39 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-08-02 17:38 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-08-02 17:39 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-08-02 17:39 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-08-02 17:38 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-08-02 17:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-08-02 17:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-08-02 17:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-08-02 17:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-08-02 17:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-08-02 17:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-08-02 17:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-08-02 17:33 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-08-02 17:33 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-08-02 17:38 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-08-02 17:38 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-08-02 17:38 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-08-02 17:38 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-08-02 17:38 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-08-02 17:38 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-08-02 17:38 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-08-02 17:38 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-08-02 17:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 09:25 - 2010-01-24 23:06 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


Type 00 partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: -> 2012-07-24 19:03:29
Restore point made on: -> 2012-07-26 16:41:09
Restore point made on: -> 2012-07-29 06:05:42
Restore point made on: -> 2012-07-30 03:37:10
Restore point made on: -> 2012-07-31 03:03:56
Restore point made on: -> 2012-07-31 03:05:29
Restore point made on: -> 2012-07-31 03:12:15
Restore point made on: -> 2012-07-31 03:20:34
Restore point made on: -> 2012-08-01 18:26:36
Restore point made on: -> 2012-08-01 18:27:13
Restore point made on: -> 2012-08-02 16:55:34
Restore point made on: -> 2012-08-02 17:32:51
Restore point made on: -> 2012-08-02 17:34:43
Restore point made on: -> 2012-08-02 17:49:31
Restore point made on: -> 2012-08-02 17:50:09
Restore point made on: -> 2012-08-03 02:52:18
Restore point made on: -> 2012-08-21 17:54:15
Restore point made on: -> 2012-08-21 22:01:53

===================== Memory info ==========================

Percentage of memory in use: 22%
Total physical RAM: 3003.19 MB
Available physical RAM: 2331.4 MB
Total Pagefile: 3001.34 MB
Available Pagefile: 2322.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

===================== Partitions ===========================

1 Drive c: () (Fixed) (Total:285.98 GB) (Free:228.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:1.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (UDISK) (Removable) (Total:1.89 GB) (Free:1.88 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1944 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 285 GB 200 MB
Partition 3 Primary 11 GB 286 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 285 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1943 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G UDISK FAT32 Removable 1943 MB Healthy

==================================================================================

Last Boot: 2012-07-30 03:33

======================= End Of Log ==========================


Farbar Recovery Scan Tool Version: 25-08-2012
Ran by SYSTEM at 2012-08-25 19:32:40
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-08-22 20:34] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Thank you!!

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 PM

Posted 25 August 2012 - 07:54 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-08-25 16:12 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
TDL4: custom:26000022 <===== ATTENTION!
cmd: bootrec /FixMbr
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 casper5

casper5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 26 August 2012 - 12:00 AM

Below are the requested logs. Once again, thank you!!

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-08-2012
Ran by SYSTEM at 2012-08-25 23:35:36 Run:1
Running from G:\

==============================================

C:\Windows\svchost.exe moved successfully.

The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====


23:43:12.0167 2552 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:43:12.0214 2552 ============================================================
23:43:12.0214 2552 Current date / time: 2012/08/25 23:43:12.0214
23:43:12.0214 2552 SystemInfo:
23:43:12.0214 2552
23:43:12.0214 2552 OS Version: 6.1.7601 ServicePack: 1.0
23:43:12.0214 2552 Product type: Workstation
23:43:12.0214 2552 ComputerName: OWNER-PC
23:43:12.0214 2552 UserName: Owner
23:43:12.0214 2552 Windows directory: C:\Windows
23:43:12.0214 2552 System windows directory: C:\Windows
23:43:12.0214 2552 Running under WOW64
23:43:12.0214 2552 Processor architecture: Intel x64
23:43:12.0214 2552 Number of processors: 2
23:43:12.0214 2552 Page size: 0x1000
23:43:12.0214 2552 Boot type: Normal boot
23:43:12.0214 2552 ============================================================
23:43:14.0398 2552 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:43:14.0398 2552 Drive \Device\Harddisk1\DR1 - Size: 0x79800000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:43:14.0398 2552 ============================================================
23:43:14.0398 2552 \Device\Harddisk0\DR0:
23:43:14.0398 2552 MBR partitions:
23:43:14.0398 2552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:43:14.0398 2552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23BF8000
23:43:14.0398 2552 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C5C000, BlocksNum 0x17D2000
23:43:14.0398 2552 \Device\Harddisk1\DR1:
23:43:14.0398 2552 MBR partitions:
23:43:14.0398 2552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0x3CBFC0
23:43:14.0398 2552 ============================================================
23:43:14.0429 2552 C: <-> \Device\Harddisk0\DR0\Partition2
23:43:14.0491 2552 D: <-> \Device\Harddisk0\DR0\Partition3
23:43:14.0491 2552 ============================================================
23:43:14.0491 2552 Initialize success
23:43:14.0491 2552 ============================================================
23:43:39.0888 1072 ============================================================
23:43:39.0888 1072 Scan started
23:43:39.0888 1072 Mode: Manual; TDLFS;
23:43:39.0888 1072 ============================================================
23:43:41.0651 1072 ================ Scan system memory ========================
23:43:41.0651 1072 System memory - ok
23:43:41.0651 1072 ================ Scan services =============================
23:43:41.0994 1072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:43:42.0010 1072 1394ohci - ok
23:43:42.0088 1072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:43:42.0088 1072 ACPI - ok
23:43:42.0150 1072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:43:42.0166 1072 AcpiPmi - ok
23:43:42.0244 1072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:43:42.0259 1072 adp94xx - ok
23:43:42.0353 1072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:43:42.0353 1072 adpahci - ok
23:43:42.0400 1072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:43:42.0415 1072 adpu320 - ok
23:43:42.0447 1072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:43:42.0447 1072 AeLookupSvc - ok
23:43:42.0525 1072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:43:42.0540 1072 AFD - ok
23:43:42.0618 1072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:43:42.0634 1072 agp440 - ok
23:43:42.0712 1072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:43:42.0727 1072 ALG - ok
23:43:42.0805 1072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:43:42.0805 1072 aliide - ok
23:43:42.0837 1072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:43:42.0837 1072 amdide - ok
23:43:42.0993 1072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:43:42.0993 1072 AmdK8 - ok
23:43:43.0055 1072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:43:43.0055 1072 AmdPPM - ok
23:43:43.0117 1072 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:43:43.0133 1072 amdsata - ok
23:43:43.0164 1072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:43:43.0164 1072 amdsbs - ok
23:43:43.0180 1072 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:43:43.0180 1072 amdxata - ok
23:43:43.0242 1072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:43:43.0242 1072 AppID - ok
23:43:43.0273 1072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:43:43.0273 1072 AppIDSvc - ok
23:43:43.0351 1072 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:43:43.0351 1072 Appinfo - ok
23:43:43.0679 1072 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:43:43.0679 1072 Apple Mobile Device - ok
23:43:44.0069 1072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:43:44.0069 1072 arc - ok
23:43:44.0100 1072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:43:44.0100 1072 arcsas - ok
23:43:44.0147 1072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:43:44.0147 1072 AsyncMac - ok
23:43:44.0209 1072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:43:44.0209 1072 atapi - ok
23:43:44.0350 1072 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:43:44.0365 1072 athr - ok
23:43:44.0459 1072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:43:44.0459 1072 AudioEndpointBuilder - ok
23:43:44.0521 1072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:43:44.0537 1072 AudioSrv - ok
23:43:46.0128 1072 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
23:43:46.0331 1072 AVGIDSAgent - ok
23:43:46.0378 1072 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:43:46.0378 1072 AVGIDSDriver - ok
23:43:46.0456 1072 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
23:43:46.0456 1072 AVGIDSFilter - ok
23:43:46.0534 1072 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
23:43:46.0534 1072 AVGIDSHA - ok
23:43:46.0581 1072 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
23:43:46.0581 1072 Avgldx64 - ok
23:43:46.0643 1072 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
23:43:46.0643 1072 Avgmfx64 - ok
23:43:46.0690 1072 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
23:43:46.0690 1072 Avgrkx64 - ok
23:43:46.0721 1072 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
23:43:46.0721 1072 Avgtdia - ok
23:43:46.0783 1072 [ E1B8EC60C85A266CB604CD46921606B4 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
23:43:46.0783 1072 avgtp - ok
23:43:46.0861 1072 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:43:46.0861 1072 avgwd - ok
23:43:46.0955 1072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:43:46.0971 1072 AxInstSV - ok
23:43:47.0033 1072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:43:47.0064 1072 b06bdrv - ok
23:43:47.0142 1072 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:43:47.0173 1072 b57nd60a - ok
23:43:47.0314 1072 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:43:47.0329 1072 BBSvc - ok
23:43:47.0392 1072 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:43:47.0392 1072 BBUpdate - ok
23:43:47.0439 1072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:43:47.0439 1072 BDESVC - ok
23:43:47.0501 1072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:43:47.0501 1072 Beep - ok
23:43:47.0626 1072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:43:47.0657 1072 BFE - ok
23:43:47.0782 1072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:43:47.0797 1072 BITS - ok
23:43:47.0875 1072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:43:47.0891 1072 blbdrive - ok
23:43:48.0094 1072 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
23:43:48.0094 1072 Bonjour Service - ok
23:43:48.0156 1072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:43:48.0156 1072 bowser - ok
23:43:48.0234 1072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:43:48.0250 1072 BrFiltLo - ok
23:43:48.0281 1072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:43:48.0297 1072 BrFiltUp - ok
23:43:48.0390 1072 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:43:48.0390 1072 BridgeMP - ok
23:43:48.0468 1072 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:43:48.0468 1072 Browser - ok
23:43:48.0515 1072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:43:48.0515 1072 Brserid - ok
23:43:48.0531 1072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:43:48.0531 1072 BrSerWdm - ok
23:43:48.0577 1072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:43:48.0577 1072 BrUsbMdm - ok
23:43:48.0593 1072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:43:48.0609 1072 BrUsbSer - ok
23:43:48.0640 1072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:43:48.0655 1072 BTHMODEM - ok
23:43:48.0765 1072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:43:48.0765 1072 bthserv - ok
23:43:48.0811 1072 catchme - ok
23:43:48.0905 1072 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
23:43:48.0936 1072 CAXHWAZL - ok
23:43:48.0967 1072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:43:48.0967 1072 cdfs - ok
23:43:49.0045 1072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:43:49.0045 1072 cdrom - ok
23:43:49.0108 1072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:43:49.0123 1072 CertPropSvc - ok
23:43:49.0186 1072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:43:49.0186 1072 circlass - ok
23:43:49.0248 1072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:43:49.0264 1072 CLFS - ok
23:43:49.0357 1072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:43:49.0357 1072 clr_optimization_v2.0.50727_32 - ok
23:43:49.0451 1072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:43:49.0451 1072 clr_optimization_v2.0.50727_64 - ok
23:43:49.0545 1072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:43:49.0576 1072 clr_optimization_v4.0.30319_32 - ok
23:43:49.0623 1072 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:43:49.0623 1072 clr_optimization_v4.0.30319_64 - ok
23:43:49.0701 1072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:43:49.0732 1072 CmBatt - ok
23:43:49.0747 1072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:43:49.0747 1072 cmdide - ok
23:43:49.0810 1072 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:43:49.0825 1072 CNG - ok
23:43:49.0935 1072 [ 3CB10294F7A59FD22501F4BAD915F250 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:43:49.0935 1072 CnxtHdAudService - ok
23:43:50.0091 1072 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:43:50.0091 1072 Com4QLBEx - ok
23:43:50.0184 1072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:43:50.0200 1072 Compbatt - ok
23:43:50.0262 1072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:43:50.0278 1072 CompositeBus - ok
23:43:50.0309 1072 COMSysApp - ok
23:43:50.0356 1072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:43:50.0356 1072 crcdisk - ok
23:43:50.0434 1072 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:43:50.0449 1072 CryptSvc - ok
23:43:50.0512 1072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:43:50.0512 1072 DcomLaunch - ok
23:43:50.0559 1072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:43:50.0574 1072 defragsvc - ok
23:43:50.0621 1072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:43:50.0621 1072 DfsC - ok
23:43:50.0730 1072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:43:50.0730 1072 Dhcp - ok
23:43:50.0746 1072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:43:50.0761 1072 discache - ok
23:43:50.0808 1072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:43:50.0808 1072 Disk - ok
23:43:50.0902 1072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:43:50.0902 1072 Dnscache - ok
23:43:50.0980 1072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:43:50.0980 1072 dot3svc - ok
23:43:51.0058 1072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:43:51.0073 1072 DPS - ok
23:43:51.0198 1072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:43:51.0214 1072 drmkaud - ok
23:43:51.0276 1072 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:43:51.0292 1072 DXGKrnl - ok
23:43:51.0370 1072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:43:51.0370 1072 EapHost - ok
23:43:51.0760 1072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:43:51.0853 1072 ebdrv - ok
23:43:51.0900 1072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:43:51.0900 1072 EFS - ok
23:43:52.0009 1072 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:43:52.0025 1072 ehRecvr - ok
23:43:52.0087 1072 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:43:52.0103 1072 ehSched - ok
23:43:52.0134 1072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:43:52.0165 1072 elxstor - ok
23:43:52.0197 1072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:43:52.0197 1072 ErrDev - ok
23:43:52.0275 1072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:43:52.0290 1072 EventSystem - ok
23:43:52.0337 1072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:43:52.0353 1072 exfat - ok
23:43:52.0368 1072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:43:52.0368 1072 fastfat - ok
23:43:52.0462 1072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:43:52.0462 1072 Fax - ok
23:43:52.0477 1072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:43:52.0477 1072 fdc - ok
23:43:52.0540 1072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:43:52.0555 1072 fdPHost - ok
23:43:52.0587 1072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:43:52.0587 1072 FDResPub - ok
23:43:52.0633 1072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:43:52.0649 1072 FileInfo - ok
23:43:52.0665 1072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:43:52.0665 1072 Filetrace - ok
23:43:52.0727 1072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:43:52.0727 1072 flpydisk - ok
23:43:52.0805 1072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:43:52.0821 1072 FltMgr - ok
23:43:52.0961 1072 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:43:52.0977 1072 FontCache - ok
23:43:53.0039 1072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:43:53.0039 1072 FontCache3.0.0.0 - ok
23:43:53.0070 1072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:43:53.0070 1072 FsDepends - ok
23:43:53.0117 1072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:43:53.0117 1072 Fs_Rec - ok
23:43:53.0257 1072 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:43:53.0273 1072 fvevol - ok
23:43:53.0304 1072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:43:53.0320 1072 gagp30kx - ok
23:43:53.0413 1072 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:43:53.0413 1072 GameConsoleService - ok
23:43:53.0445 1072 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:43:53.0445 1072 GEARAspiWDM - ok
23:43:53.0647 1072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:43:53.0663 1072 gpsvc - ok
23:43:53.0835 1072 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:43:53.0835 1072 gupdate - ok
23:43:53.0866 1072 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:43:53.0866 1072 gupdatem - ok
23:43:53.0897 1072 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:43:53.0913 1072 gusvc - ok
23:43:53.0928 1072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:43:53.0928 1072 hcw85cir - ok
23:43:54.0069 1072 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:43:54.0084 1072 HdAudAddService - ok
23:43:54.0147 1072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:43:54.0147 1072 HDAudBus - ok
23:43:54.0178 1072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:43:54.0178 1072 HidBatt - ok
23:43:54.0225 1072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:43:54.0240 1072 HidBth - ok
23:43:54.0256 1072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:43:54.0256 1072 HidIr - ok
23:43:54.0303 1072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:43:54.0318 1072 hidserv - ok
23:43:54.0381 1072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:43:54.0381 1072 HidUsb - ok
23:43:54.0427 1072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:43:54.0443 1072 hkmsvc - ok
23:43:54.0521 1072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:43:54.0537 1072 HomeGroupListener - ok
23:43:54.0583 1072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:43:54.0599 1072 HomeGroupProvider - ok
23:43:54.0724 1072 [ BE78357FB49759B79CCC01894BCFDDDB ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
23:43:54.0724 1072 HP Health Check Service - ok
23:43:54.0880 1072 [ 2DFB151FD34DF104DAC0ADF070EDA83C ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:43:54.0880 1072 HPDrvMntSvc.exe - ok
23:43:55.0098 1072 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:43:55.0098 1072 hpqcxs08 - ok
23:43:55.0176 1072 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:43:55.0176 1072 hpqddsvc - ok
23:43:55.0223 1072 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:43:55.0254 1072 HpqKbFiltr - ok
23:43:55.0519 1072 [ 184C500CB9F69585F3FE85E1D2667CD8 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:43:55.0535 1072 hpqwmiex - ok
23:43:55.0597 1072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:43:55.0613 1072 HpSAMD - ok
23:43:55.0753 1072 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
23:43:55.0785 1072 HsfXAudioService - ok
23:43:55.0894 1072 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:43:55.0909 1072 HSF_DPV - ok
23:43:56.0050 1072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:43:56.0050 1072 HTTP - ok
23:43:56.0112 1072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:43:56.0128 1072 hwpolicy - ok
23:43:56.0175 1072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:43:56.0175 1072 i8042prt - ok
23:43:56.0315 1072 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:43:56.0315 1072 iaStorV - ok
23:43:56.0409 1072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:43:56.0409 1072 idsvc - ok
23:43:57.0048 1072 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:43:57.0313 1072 igfx - ok
23:43:57.0376 1072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:43:57.0376 1072 iirsp - ok
23:43:57.0594 1072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:43:57.0625 1072 IKEEXT - ok
23:43:57.0703 1072 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
23:43:57.0703 1072 IntcHdmiAddService - ok
23:43:57.0750 1072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:43:57.0750 1072 intelide - ok
23:43:57.0813 1072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:43:57.0813 1072 intelppm - ok
23:43:57.0875 1072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:43:57.0891 1072 IPBusEnum - ok
23:43:57.0922 1072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:43:57.0937 1072 IpFilterDriver - ok
23:43:58.0000 1072 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:43:58.0015 1072 iphlpsvc - ok
23:43:58.0047 1072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:43:58.0062 1072 IPMIDRV - ok
23:43:58.0093 1072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:43:58.0093 1072 IPNAT - ok
23:43:58.0405 1072 [ A9E53E1A9C4274EEBC00D36AE5ED40DE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:43:58.0421 1072 iPod Service - ok
23:43:58.0468 1072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:43:58.0468 1072 IRENUM - ok
23:43:58.0530 1072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:43:58.0530 1072 isapnp - ok
23:43:58.0671 1072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:43:58.0686 1072 iScsiPrt - ok
23:43:58.0733 1072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:43:58.0733 1072 kbdclass - ok
23:43:58.0780 1072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:43:58.0780 1072 kbdhid - ok
23:43:58.0811 1072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:43:58.0811 1072 KeyIso - ok
23:43:58.0858 1072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:43:58.0873 1072 KSecDD - ok
23:43:58.0951 1072 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:43:58.0951 1072 KSecPkg - ok
23:43:58.0983 1072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:43:58.0983 1072 ksthunk - ok
23:43:59.0061 1072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:43:59.0061 1072 KtmRm - ok
23:43:59.0139 1072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:43:59.0170 1072 LanmanServer - ok
23:43:59.0217 1072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:43:59.0217 1072 LanmanWorkstation - ok
23:43:59.0357 1072 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:43:59.0357 1072 LightScribeService - ok
23:43:59.0435 1072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:43:59.0435 1072 lltdio - ok
23:43:59.0466 1072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:43:59.0497 1072 lltdsvc - ok
23:43:59.0513 1072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:43:59.0513 1072 lmhosts - ok
23:43:59.0591 1072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:43:59.0591 1072 LSI_FC - ok
23:43:59.0638 1072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:43:59.0669 1072 LSI_SAS - ok
23:43:59.0685 1072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:43:59.0700 1072 LSI_SAS2 - ok
23:43:59.0731 1072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:43:59.0747 1072 LSI_SCSI - ok
23:43:59.0794 1072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:43:59.0794 1072 luafv - ok
23:43:59.0965 1072 [ BAA003617D899996CF282A3D92AEE29B ] lxdiCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe
23:43:59.0965 1072 lxdiCATSCustConnectService - ok
23:43:59.0997 1072 lxdi_device - ok
23:44:00.0028 1072 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:44:00.0028 1072 MBAMProtector - ok
23:44:00.0277 1072 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:44:00.0277 1072 MBAMService - ok
23:44:00.0355 1072 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:44:00.0355 1072 Mcx2Svc - ok
23:44:00.0402 1072 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:44:00.0402 1072 mdmxsdk - ok
23:44:00.0433 1072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:44:00.0433 1072 megasas - ok
23:44:00.0543 1072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:44:00.0543 1072 MegaSR - ok
23:44:00.0574 1072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:44:00.0589 1072 MMCSS - ok
23:44:00.0605 1072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:44:00.0621 1072 Modem - ok
23:44:00.0667 1072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:44:00.0667 1072 monitor - ok
23:44:00.0714 1072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:44:00.0730 1072 mouclass - ok
23:44:00.0792 1072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:44:00.0808 1072 mouhid - ok
23:44:00.0855 1072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:44:00.0870 1072 mountmgr - ok
23:44:00.0933 1072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:44:00.0948 1072 mpio - ok
23:44:00.0979 1072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:44:00.0979 1072 mpsdrv - ok
23:44:01.0073 1072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:44:01.0073 1072 MpsSvc - ok
23:44:01.0135 1072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:44:01.0135 1072 MRxDAV - ok
23:44:01.0213 1072 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:44:01.0229 1072 mrxsmb - ok
23:44:01.0338 1072 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:44:01.0338 1072 mrxsmb10 - ok
23:44:01.0401 1072 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:44:01.0401 1072 mrxsmb20 - ok
23:44:01.0463 1072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:44:01.0463 1072 msahci - ok
23:44:01.0525 1072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:44:01.0588 1072 msdsm - ok
23:44:01.0603 1072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:44:01.0650 1072 MSDTC - ok
23:44:01.0713 1072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:44:01.0728 1072 Msfs - ok
23:44:01.0744 1072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:44:01.0744 1072 mshidkmdf - ok
23:44:01.0775 1072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:44:01.0775 1072 msisadrv - ok
23:44:01.0853 1072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:44:01.0869 1072 MSiSCSI - ok
23:44:01.0869 1072 msiserver - ok
23:44:01.0900 1072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:44:01.0915 1072 MSKSSRV - ok
23:44:01.0931 1072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:44:01.0931 1072 MSPCLOCK - ok
23:44:01.0962 1072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:44:01.0962 1072 MSPQM - ok
23:44:02.0025 1072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:44:02.0025 1072 MsRPC - ok
23:44:02.0071 1072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:44:02.0071 1072 mssmbios - ok
23:44:02.0118 1072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:44:02.0134 1072 MSTEE - ok
23:44:02.0165 1072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:44:02.0165 1072 MTConfig - ok
23:44:02.0227 1072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:44:02.0227 1072 Mup - ok
23:44:02.0352 1072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:44:02.0368 1072 napagent - ok
23:44:02.0446 1072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:44:02.0461 1072 NativeWifiP - ok
23:44:02.0695 1072 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:44:02.0727 1072 NDIS - ok
23:44:02.0789 1072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:44:02.0789 1072 NdisCap - ok
23:44:02.0836 1072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:44:02.0836 1072 NdisTapi - ok
23:44:02.0914 1072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:44:02.0914 1072 Ndisuio - ok
23:44:02.0976 1072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:44:02.0992 1072 NdisWan - ok
23:44:03.0039 1072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:44:03.0101 1072 NDProxy - ok
23:44:03.0195 1072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:44:03.0210 1072 NetBIOS - ok
23:44:03.0288 1072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:44:03.0304 1072 NetBT - ok
23:44:03.0335 1072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:44:03.0335 1072 Netlogon - ok
23:44:03.0397 1072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:44:03.0413 1072 Netman - ok
23:44:03.0507 1072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:44:03.0538 1072 netprofm - ok
23:44:03.0569 1072 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:44:03.0585 1072 NetTcpPortSharing - ok
23:44:04.0271 1072 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:44:04.0396 1072 netw5v64 - ok
23:44:04.0458 1072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:44:04.0458 1072 nfrd960 - ok
23:44:04.0567 1072 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:44:04.0599 1072 NlaSvc - ok
23:44:04.0630 1072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:44:04.0630 1072 Npfs - ok
23:44:04.0677 1072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:44:04.0677 1072 nsi - ok
23:44:04.0708 1072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:44:04.0723 1072 nsiproxy - ok
23:44:04.0895 1072 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:44:04.0911 1072 Ntfs - ok
23:44:04.0942 1072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:44:04.0957 1072 Null - ok
23:44:05.0004 1072 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:44:05.0004 1072 nvraid - ok
23:44:05.0067 1072 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:44:05.0082 1072 nvstor - ok
23:44:05.0129 1072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:44:05.0145 1072 nv_agp - ok
23:44:05.0347 1072 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:44:05.0363 1072 odserv - ok
23:44:05.0394 1072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:44:05.0410 1072 ohci1394 - ok
23:44:05.0488 1072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:44:05.0535 1072 ose - ok
23:44:05.0628 1072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:44:05.0628 1072 p2pimsvc - ok
23:44:05.0675 1072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:44:05.0675 1072 p2psvc - ok
23:44:05.0706 1072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:44:05.0706 1072 Parport - ok
23:44:05.0753 1072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:44:05.0769 1072 partmgr - ok
23:44:05.0847 1072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:44:05.0862 1072 PcaSvc - ok
23:44:05.0925 1072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:44:05.0925 1072 pci - ok
23:44:05.0987 1072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:44:05.0987 1072 pciide - ok
23:44:06.0034 1072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:44:06.0034 1072 pcmcia - ok
23:44:06.0049 1072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:44:06.0065 1072 pcw - ok
23:44:06.0112 1072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:44:06.0143 1072 PEAUTH - ok
23:44:06.0174 1072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:44:06.0174 1072 PerfHost - ok
23:44:06.0268 1072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:44:06.0299 1072 pla - ok
23:44:06.0393 1072 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:44:06.0393 1072 PlugPlay - ok
23:44:06.0502 1072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:44:06.0517 1072 PNRPAutoReg - ok
23:44:06.0611 1072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:44:06.0611 1072 PNRPsvc - ok
23:44:06.0720 1072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:44:06.0736 1072 PolicyAgent - ok
23:44:06.0751 1072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:44:06.0767 1072 Power - ok
23:44:06.0829 1072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:44:06.0829 1072 PptpMiniport - ok
23:44:06.0876 1072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:44:06.0892 1072 Processor - ok
23:44:06.0939 1072 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:44:06.0939 1072 ProfSvc - ok
23:44:06.0954 1072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:44:06.0970 1072 ProtectedStorage - ok
23:44:07.0032 1072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:44:07.0032 1072 Psched - ok
23:44:07.0141 1072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:44:07.0173 1072 ql2300 - ok
23:44:07.0204 1072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:44:07.0204 1072 ql40xx - ok
23:44:07.0266 1072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:44:07.0266 1072 QWAVE - ok
23:44:07.0297 1072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:44:07.0297 1072 QWAVEdrv - ok
23:44:07.0329 1072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:44:07.0329 1072 RasAcd - ok
23:44:07.0391 1072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:44:07.0391 1072 RasAgileVpn - ok
23:44:07.0407 1072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:44:07.0407 1072 RasAuto - ok
23:44:07.0438 1072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:44:07.0438 1072 Rasl2tp - ok
23:44:07.0500 1072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:44:07.0500 1072 RasMan - ok
23:44:07.0516 1072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:44:07.0531 1072 RasPppoe - ok
23:44:07.0547 1072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:44:07.0547 1072 RasSstp - ok
23:44:07.0641 1072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:44:07.0672 1072 rdbss - ok
23:44:07.0687 1072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:44:07.0687 1072 rdpbus - ok
23:44:07.0719 1072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:44:07.0719 1072 RDPCDD - ok
23:44:07.0734 1072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:44:07.0734 1072 RDPENCDD - ok
23:44:07.0750 1072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:44:07.0750 1072 RDPREFMP - ok
23:44:07.0828 1072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:44:07.0843 1072 RDPWD - ok
23:44:07.0953 1072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:44:07.0953 1072 rdyboost - ok
23:44:07.0984 1072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:44:07.0999 1072 RemoteAccess - ok
23:44:08.0046 1072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:44:08.0062 1072 RemoteRegistry - ok
23:44:08.0265 1072 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:44:08.0265 1072 RichVideo - ok
23:44:08.0311 1072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:44:08.0327 1072 RpcEptMapper - ok
23:44:08.0358 1072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:44:08.0374 1072 RpcLocator - ok
23:44:08.0467 1072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:44:08.0467 1072 RpcSs - ok
23:44:08.0530 1072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:44:08.0530 1072 rspndr - ok
23:44:08.0670 1072 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
23:44:08.0686 1072 RSUSBSTOR - ok
23:44:08.0779 1072 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:44:08.0795 1072 RTL8167 - ok
23:44:08.0826 1072 RtsUIR - ok
23:44:08.0842 1072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:44:08.0857 1072 SamSs - ok
23:44:08.0904 1072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:44:08.0920 1072 sbp2port - ok
23:44:08.0967 1072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:44:08.0982 1072 SCardSvr - ok
23:44:09.0029 1072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:44:09.0045 1072 scfilter - ok
23:44:09.0123 1072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:44:09.0138 1072 Schedule - ok
23:44:09.0185 1072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:44:09.0185 1072 SCPolicySvc - ok
23:44:09.0263 1072 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:44:09.0294 1072 sdbus - ok
23:44:09.0341 1072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:44:09.0357 1072 SDRSVC - ok
23:44:09.0404 1072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:44:09.0419 1072 secdrv - ok
23:44:09.0466 1072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:44:09.0466 1072 seclogon - ok
23:44:09.0513 1072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:44:09.0513 1072 SENS - ok
23:44:09.0560 1072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:44:09.0575 1072 SensrSvc - ok
23:44:09.0606 1072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:44:09.0606 1072 Serenum - ok
23:44:09.0622 1072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:44:09.0622 1072 Serial - ok
23:44:09.0669 1072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:44:09.0684 1072 sermouse - ok
23:44:09.0762 1072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:44:09.0778 1072 SessionEnv - ok
23:44:09.0840 1072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:44:09.0840 1072 sffdisk - ok
23:44:09.0856 1072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:44:09.0856 1072 sffp_mmc - ok
23:44:09.0872 1072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:44:09.0872 1072 sffp_sd - ok
23:44:09.0903 1072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:44:09.0918 1072 sfloppy - ok
23:44:09.0934 1072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:44:09.0950 1072 SharedAccess - ok
23:44:10.0028 1072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:44:10.0043 1072 ShellHWDetection - ok
23:44:10.0059 1072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:44:10.0059 1072 SiSRaid2 - ok
23:44:10.0090 1072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:44:10.0090 1072 SiSRaid4 - ok
23:44:10.0152 1072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:44:10.0168 1072 Smb - ok
23:44:10.0199 1072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:44:10.0199 1072 SNMPTRAP - ok
23:44:10.0246 1072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:44:10.0246 1072 spldr - ok
23:44:10.0308 1072 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:44:10.0308 1072 Spooler - ok
23:44:10.0480 1072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:44:10.0511 1072 sppsvc - ok
23:44:10.0542 1072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:44:10.0542 1072 sppuinotify - ok
23:44:10.0667 1072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:44:10.0683 1072 srv - ok
23:44:10.0776 1072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:44:10.0792 1072 srv2 - ok
23:44:10.0854 1072 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:44:10.0870 1072 SrvHsfHDA - ok
23:44:10.0995 1072 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:44:11.0010 1072 SrvHsfV92 - ok
23:44:11.0073 1072 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:44:11.0073 1072 SrvHsfWinac - ok
23:44:11.0135 1072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:44:11.0151 1072 srvnet - ok
23:44:11.0260 1072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:44:11.0307 1072 SSDPSRV - ok
23:44:11.0354 1072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:44:11.0369 1072 SstpSvc - ok
23:44:11.0400 1072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:44:11.0400 1072 stexstor - ok
23:44:11.0650 1072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:44:11.0666 1072 stisvc - ok
23:44:11.0728 1072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:44:11.0728 1072 swenum - ok
23:44:11.0884 1072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:44:11.0900 1072 swprv - ok
23:44:11.0962 1072 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:44:11.0962 1072 SynTP - ok
23:44:12.0165 1072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:44:12.0196 1072 SysMain - ok
23:44:12.0227 1072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:44:12.0243 1072 TabletInputService - ok
23:44:12.0258 1072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:44:12.0274 1072 TapiSrv - ok
23:44:12.0305 1072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:44:12.0321 1072 TBS - ok
23:44:12.0446 1072 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:44:12.0508 1072 Tcpip - ok
23:44:12.0539 1072 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:44:12.0555 1072 TCPIP6 - ok
23:44:12.0648 1072 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:44:12.0648 1072 tcpipreg - ok
23:44:12.0742 1072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:44:12.0742 1072 TDPIPE - ok
23:44:12.0789 1072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:44:12.0804 1072 TDTCP - ok
23:44:12.0851 1072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:44:12.0867 1072 tdx - ok
23:44:12.0867 1072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:44:12.0882 1072 TermDD - ok
23:44:12.0914 1072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:44:12.0929 1072 TermService - ok
23:44:12.0960 1072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:44:12.0960 1072 Themes - ok
23:44:12.0976 1072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:44:12.0976 1072 THREADORDER - ok
23:44:12.0992 1072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:44:13.0007 1072 TrkWks - ok
23:44:13.0085 1072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:44:13.0101 1072 TrustedInstaller - ok
23:44:13.0132 1072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:44:13.0132 1072 tssecsrv - ok
23:44:13.0210 1072 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:44:13.0210 1072 TsUsbFlt - ok
23:44:13.0288 1072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:44:13.0304 1072 tunnel - ok
23:44:13.0335 1072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:44:13.0335 1072 uagp35 - ok
23:44:13.0413 1072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:44:13.0413 1072 udfs - ok
23:44:13.0460 1072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:44:13.0460 1072 UI0Detect - ok
23:44:13.0491 1072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:44:13.0491 1072 uliagpkx - ok
23:44:13.0569 1072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:44:13.0584 1072 umbus - ok
23:44:13.0600 1072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:44:13.0616 1072 UmPass - ok
23:44:13.0647 1072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:44:13.0662 1072 upnphost - ok
23:44:13.0678 1072 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:44:13.0678 1072 usbccgp - ok
23:44:13.0694 1072 USBCCID - ok
23:44:13.0772 1072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:44:13.0772 1072 usbcir - ok
23:44:13.0834 1072 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:44:13.0834 1072 usbehci - ok
23:44:13.0928 1072 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:44:13.0943 1072 usbhub - ok
23:44:13.0974 1072 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:44:13.0990 1072 usbohci - ok
23:44:14.0006 1072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:44:14.0006 1072 usbprint - ok
23:44:14.0068 1072 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:44:14.0084 1072 usbscan - ok
23:44:14.0115 1072 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:44:14.0115 1072 USBSTOR - ok
23:44:14.0130 1072 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:44:14.0130 1072 usbuhci - ok
23:44:14.0208 1072 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:44:14.0208 1072 usbvideo - ok
23:44:14.0255 1072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:44:14.0255 1072 UxSms - ok
23:44:14.0286 1072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:44:14.0286 1072 VaultSvc - ok
23:44:14.0380 1072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:44:14.0396 1072 vdrvroot - ok
23:44:14.0442 1072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:44:14.0458 1072 vds - ok
23:44:14.0520 1072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:44:14.0520 1072 vga - ok
23:44:14.0552 1072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:44:14.0552 1072 VgaSave - ok
23:44:14.0598 1072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:44:14.0598 1072 vhdmp - ok
23:44:14.0645 1072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:44:14.0645 1072 viaide - ok
23:44:14.0661 1072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:44:14.0676 1072 volmgr - ok
23:44:14.0723 1072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:44:14.0739 1072 volmgrx - ok
23:44:14.0754 1072 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:44:14.0754 1072 volsnap - ok
23:44:14.0786 1072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:44:14.0786 1072 vsmraid - ok
23:44:14.0895 1072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:44:14.0926 1072 VSS - ok
23:44:15.0113 1072 [ 3DA649C6EC481D8F36B54F33FC01DD1E ] vToolbarUpdater12.1.5 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
23:44:15.0113 1072 vToolbarUpdater12.1.5 - ok
23:44:15.0207 1072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:44:15.0238 1072 vwifibus - ok
23:44:15.0285 1072 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:44:15.0285 1072 vwififlt - ok
23:44:15.0378 1072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:44:15.0425 1072 W32Time - ok
23:44:15.0472 1072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:44:15.0503 1072 WacomPen - ok
23:44:15.0628 1072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:44:15.0644 1072 WANARP - ok
23:44:15.0644 1072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:44:15.0659 1072 Wanarpv6 - ok
23:44:15.0862 1072 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:44:15.0878 1072 WatAdminSvc - ok
23:44:16.0127 1072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:44:16.0190 1072 wbengine - ok
23:44:16.0221 1072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:44:16.0252 1072 WbioSrvc - ok
23:44:16.0330 1072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:44:16.0330 1072 wcncsvc - ok
23:44:16.0361 1072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:44:16.0361 1072 WcsPlugInService - ok
23:44:16.0408 1072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:44:16.0408 1072 Wd - ok
23:44:16.0642 1072 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:44:16.0673 1072 Wdf01000 - ok
23:44:16.0704 1072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:44:16.0720 1072 WdiServiceHost - ok
23:44:16.0736 1072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:44:16.0736 1072 WdiSystemHost - ok
23:44:16.0798 1072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:44:16.0814 1072 WebClient - ok
23:44:16.0860 1072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:44:16.0860 1072 Wecsvc - ok
23:44:16.0923 1072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:44:16.0938 1072 wercplsupport - ok
23:44:16.0970 1072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:44:16.0970 1072 WerSvc - ok
23:44:17.0032 1072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:44:17.0032 1072 WfpLwf - ok
23:44:17.0063 1072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:44:17.0063 1072 WIMMount - ok
23:44:17.0204 1072 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:44:17.0204 1072 winachsf - ok
23:44:17.0250 1072 WinDefend - ok
23:44:17.0250 1072 WinHttpAutoProxySvc - ok
23:44:17.0516 1072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:44:17.0531 1072 Winmgmt - ok
23:44:17.0734 1072 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:44:17.0796 1072 WinRM - ok
23:44:17.0859 1072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:44:17.0874 1072 Wlansvc - ok
23:44:17.0952 1072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:44:17.0952 1072 WmiAcpi - ok
23:44:18.0030 1072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:44:18.0046 1072 wmiApSrv - ok
23:44:18.0077 1072 WMPNetworkSvc - ok
23:44:18.0124 1072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:44:18.0140 1072 WPCSvc - ok
23:44:18.0171 1072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:44:18.0171 1072 WPDBusEnum - ok
23:44:18.0202 1072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:44:18.0202 1072 ws2ifsl - ok
23:44:18.0233 1072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:44:18.0233 1072 wscsvc - ok
23:44:18.0249 1072 WSearch - ok
23:44:18.0436 1072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:44:18.0530 1072 wuauserv - ok
23:44:18.0576 1072 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:44:18.0576 1072 WudfPf - ok
23:44:18.0686 1072 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:44:18.0686 1072 WUDFRd - ok
23:44:18.0732 1072 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:44:18.0748 1072 wudfsvc - ok
23:44:18.0810 1072 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:44:18.0826 1072 WwanSvc - ok
23:44:18.0935 1072 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
23:44:18.0935 1072 XAudio - ok
23:44:19.0044 1072 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
23:44:19.0060 1072 yukonw7 - ok
23:44:19.0091 1072 ================ Scan global ===============================
23:44:19.0122 1072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:44:19.0169 1072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:44:19.0185 1072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:44:19.0216 1072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:44:19.0263 1072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:44:19.0278 1072 [Global] - ok
23:44:19.0278 1072 ================ Scan MBR ==================================
23:44:19.0310 1072 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:44:19.0310 1072 Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:44:19.0434 1072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:44:19.0434 1072 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:44:19.0512 1072 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:44:19.0512 1072 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:44:19.0528 1072 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:44:22.0352 1072 \Device\Harddisk1\DR1 - ok
23:44:22.0352 1072 ================ Scan VBR ==================================
23:44:22.0367 1072 [ F43F7C394F9AFDC3449AB4C535E7F4FF ] \Device\Harddisk0\DR0\Partition1
23:44:22.0367 1072 \Device\Harddisk0\DR0\Partition1 - ok
23:44:22.0414 1072 [ DC4F07280D9CAF32BF8C530E60351F8B ] \Device\Harddisk0\DR0\Partition2
23:44:22.0570 1072 \Device\Harddisk0\DR0\Partition2 - ok
23:44:22.0601 1072 [ 449C25F65B1BACD79E9EDB4D687AAE22 ] \Device\Harddisk0\DR0\Partition3
23:44:22.0601 1072 \Device\Harddisk0\DR0\Partition3 - ok
23:44:22.0601 1072 [ D324ABD0B0AAD0A23ED6422599E63C71 ] \Device\Harddisk1\DR1\Partition1
23:44:22.0617 1072 \Device\Harddisk1\DR1\Partition1 - ok
23:44:22.0617 1072 ============================================================
23:44:22.0617 1072 Scan finished
23:44:22.0617 1072 ============================================================
23:44:22.0695 0820 Detected object count: 2
23:44:22.0695 0820 Actual detected object count: 2
23:45:07.0623 0820 \Device\Harddisk0\DR0\# - copied to quarantine
23:45:07.0654 0820 \Device\Harddisk0\DR0 - copied to quarantine
23:45:07.0685 0820 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:45:07.0685 0820 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:45:07.0685 0820 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:45:07.0701 0820 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:45:07.0732 0820 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:45:07.0748 0820 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:45:07.0748 0820 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:45:07.0748 0820 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:45:07.0748 0820 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:45:07.0748 0820 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:45:07.0763 0820 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:45:07.0763 0820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:45:07.0763 0820 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:45:07.0763 0820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:45:07.0810 0820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:45:07.0826 0820 \Device\Harddisk0\DR0 - ok
23:45:09.0011 0820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:45:09.0011 0820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:45:09.0011 0820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:45:24.0564 4776 Deinitialize success

23:47:43.0871 3052 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:47:43.0965 3052 ============================================================
23:47:43.0965 3052 Current date / time: 2012/08/25 23:47:43.0965
23:47:43.0965 3052 SystemInfo:
23:47:43.0965 3052
23:47:43.0965 3052 OS Version: 6.1.7601 ServicePack: 1.0
23:47:43.0965 3052 Product type: Workstation
23:47:43.0965 3052 ComputerName: OWNER-PC
23:47:43.0965 3052 UserName: Owner
23:47:43.0965 3052 Windows directory: C:\Windows
23:47:43.0965 3052 System windows directory: C:\Windows
23:47:43.0965 3052 Running under WOW64
23:47:43.0965 3052 Processor architecture: Intel x64
23:47:43.0965 3052 Number of processors: 2
23:47:43.0965 3052 Page size: 0x1000
23:47:43.0965 3052 Boot type: Normal boot
23:47:43.0965 3052 ============================================================
23:47:47.0054 3052 BG loaded
23:47:48.0939 3052 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1E4843, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000040
23:47:48.0949 3052 ============================================================
23:47:48.0949 3052 \Device\Harddisk0\DR0:
23:47:48.0959 3052 MBR partitions:
23:47:48.0959 3052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:47:48.0959 3052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23BF8000
23:47:48.0959 3052 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C5C000, BlocksNum 0x17D2000
23:47:48.0959 3052 ============================================================
23:47:49.0139 3052 C: <-> \Device\Harddisk0\DR0\Partition2
23:47:49.0329 3052 D: <-> \Device\Harddisk0\DR0\Partition3
23:47:49.0329 3052 ============================================================
23:47:49.0329 3052 Initialize success
23:47:49.0329 3052 ============================================================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 PM

Posted 26 August 2012 - 07:31 AM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 casper5

casper5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 26 August 2012 - 10:12 PM

Below is the combofix log. Once again, thank you for your help.

ComboFix 12-08-25.04 - Owner 08/26/2012 21:38:19.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1909 [GMT -5:00]
Running from: G:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 02:49 . 2012-08-27 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-26 04:45 . 2012-08-26 04:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-26 02:58 . 2012-08-26 02:58 -------- d-----w- C:\FRST
2012-08-24 01:56 . 2012-08-24 01:56 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-08-24 01:56 . 2012-08-24 01:56 -------- d-----w- c:\programdata\Malwarebytes
2012-08-24 01:56 . 2012-08-25 03:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-24 01:56 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 05:46 . 2012-08-22 05:46 17142744 ----a-w- C:\Windows-KB890830-x64-V4.11.exe
2012-08-22 03:20 . 2012-08-22 03:20 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2012-08-22 02:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-22 02:03 . 2012-08-22 06:08 -------- d-----w- c:\windows\system32\MpEngineStore
2012-08-22 01:53 . 2012-08-22 01:53 -------- d-----w- C:\95aa27cf44611ba284628d440715
2012-08-03 01:55 . 2012-08-03 01:55 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG2012
2012-08-03 01:52 . 2012-08-03 01:52 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-03 01:51 . 2012-08-03 01:52 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-03 01:51 . 2012-08-03 01:51 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-03 01:39 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-08-03 01:39 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-08-03 01:39 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-08-03 01:39 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-08-03 01:39 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-08-03 01:39 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-08-03 01:39 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-08-03 01:34 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{625595A0-CC88-4ED6-BEB4-85EC64DF3C62}\mpengine.dll
2012-08-03 01:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-03 01:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-03 01:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-03 01:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-03 01:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-03 01:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-03 01:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-03 01:33 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-03 01:33 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-03 01:11 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BE53998-B967-43A5-B163-956C1718C5D3}\mpengine.dll
2012-08-02 02:31 . 2012-08-02 02:31 -------- d-----w- c:\users\Owner\AppData\Local\HP
2012-08-02 02:31 . 2012-08-02 02:31 -------- d-----w- c:\users\Owner\AppData\Local\AVG Secure Search
2012-08-02 02:30 . 2012-08-22 01:49 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-02 02:29 . 2012-08-03 01:52 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-02 02:27 . 2012-08-24 04:34 -------- d-----w- c:\programdata\AVG2012
2012-08-02 02:27 . 2012-08-23 11:23 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-02 02:27 . 2012-08-02 02:27 -------- d-----w- C:\$AVG
2012-08-02 02:26 . 2012-08-02 02:26 -------- d-----w- c:\program files (x86)\AVG
2012-08-02 02:22 . 2012-08-23 11:23 -------- d-----w- c:\programdata\MFAData
2012-08-02 02:22 . 2012-08-02 02:22 -------- d--h--w- c:\programdata\Common Files
2012-07-31 11:25 . 2012-08-03 01:04 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 09:27 . 2010-01-04 04:32 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 01:43 . 2012-06-20 01:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB7330DD-8CF9-43CF-AA6A-E900B586F0D8}\offreg.dll
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-05-31 17:25 . 2010-01-25 07:06 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 04:04 . 2012-06-20 01:14 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB7330DD-8CF9-43CF-AA6A-E900B586F0D8}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-23_04.18.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-03 01:58 . 2012-08-22 01:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-03 01:58 . 2012-08-25 01:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-03 01:47 . 2012-08-25 03:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-08-03 01:47 . 2012-08-23 04:18 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-08-17 18:30 . 2012-08-27 02:53 48108 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-27 02:53 64042 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-04 03:46 . 2012-08-27 02:53 13582 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2086614551-1249986055-3765341892-1000_UserData.bin
- 2009-11-14 09:51 . 2012-08-23 04:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 09:51 . 2012-08-24 04:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-14 09:51 . 2012-08-24 04:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-14 09:51 . 2012-08-23 04:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-23 04:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-24 04:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-04 03:46 . 2012-08-27 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-04 03:46 . 2012-08-23 04:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-04 03:46 . 2012-08-23 04:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-04 03:46 . 2012-08-27 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-23 04:49 . 2012-08-23 04:49 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-23 04:17 . 2012-08-23 04:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-27 02:51 . 2012-08-27 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-27 02:51 . 2012-08-27 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-23 04:17 . 2012-08-23 04:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-19 02:52 . 2012-08-25 03:06 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-04-19 02:52 . 2012-08-23 04:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-08-27 02:33 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-23 04:18 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-27 02:33 622592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-23 04:18 622592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-24 01:50 . 2012-08-24 01:50 110232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2009-07-14 02:36 . 2012-08-26 04:43 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-21 12:01 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-26 04:43 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-21 12:01 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-23 04:16 344152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-27 02:50 344152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-27 02:33 5193728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-23 04:18 5193728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-03 01:51 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-03 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-03 1147488]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08 35696 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-05-13 00:09 581480 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-17 20:56 148888 ----a-w- c:\program files (x86)\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-18 05:21 218408 ------w- c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ------w- c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 18:04 498744 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-06 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-06 135664]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-03 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 876976]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [2007-06-11 33712]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-03 830048]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2011-01-27 139264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-06 01:40]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-06 01:40]
.
2012-08-03 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-08-17 21:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"lxdimon.exe"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-01528973.sys
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-08-26 22:07:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-27 03:07
ComboFix2.txt 2012-08-25 03:26
ComboFix3.txt 2012-08-23 11:32
ComboFix4.txt 2012-08-23 04:43
.
Pre-Run: 246,112,268,288 bytes free
Post-Run: 246,073,192,448 bytes free
.
- - End Of File - - 02EDCE56132292BFEC056973DA24D2C2

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 PM

Posted 27 August 2012 - 11:09 AM

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 casper5

casper5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 28 August 2012 - 11:27 PM

Sorry this took so long. Below are copy of the logs requested. I didn't get the show results screen after completing the MBAM scan, it went straight to the log.

Thank you,

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Owner :: OWNER-PC [administrator]

Protection: Enabled

8/28/2012 8:32:32 PM
mbam-log-2012-08-28 (20-32-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198952
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\TDSSKiller_Quarantine\25.08.2012_23.43.12\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\25.08.2012_23.43.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.08.2012_23.43.12\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\25.08.2012_23.43.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\25.08.2012_23.43.12\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\25.08.2012_23.43.12\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.08.2012_23.43.12\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\25.08.2012_23.43.12\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\195aefcb-5d49d32c multiple threats

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 PM

Posted 29 August 2012 - 04:45 PM

Please run the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT



Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT



please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 casper5

casper5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 29 August 2012 - 09:27 PM

Below is the log that you requested. Once the Starting Windows comes up the screen goes black for a little before loading computer. I have noticed that it takes a little longer to bring my computer up than before the virus. Once the computer is actually up a takes a little longer than usual before all the programs can be accessed. Before the computer would restart on it's own, but I've been on it for over an hour and I haven't had that happen. I did notice that a message popped up from Malware stating something like it stopped a potentially malware. Thank you!

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 29-08-2012 at 21:16:44
Running from "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\699FN6PI"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 PM

Posted 29 August 2012 - 09:30 PM

I did notice that a message popped up from Malware stating something like it stopped a potentially malware


when did that happen? just recently?

do you recall the exact message? Did it give a website?

Please run the following:

Download RogueKiller to your desktop

1. Quit all running programs
2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
3. The RKreport.txt shall be generated next to the executable.
4. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe


Please post the contents of the RKreport.txt in your next Reply.


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 casper5

casper5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 01 September 2012 - 07:01 AM

Ok, sorry it has taken so long. The maleware that I reported below, I'm not sure what it said exactly. I only stay on the computer long enough to complete what is asked and then shut down. The other day I was trying to complete what you had asked and in the process I received 5 messages from maleware, which are listed below. I was not able to complete what you asked because my computer was trying to update as well. Today, I ran RogueKiller and it doesn't do anything after it is ran so I don't have anything to post for that. I had download the AdwCleaner a couple days ago and in the middle of it is when my computer began to update. Below are a couple of reports that were given from AdwCleaner. Two of them are from the first try and one is from today. I tried to redo everything this morning and the AdwCleaner was removed as a threat. I tried to repeat your instructions again and I am not able to download AdwCleaner to my desktop. It only gives me the option of downloading it to another drive.

Malware

Successfully blocked access to a potentially malicious website: 207.232.22.60 Type: outgoing Port 49569, Process: iexplore.exe This one appeared twice.
website 208.87.149.250 Type: outgoing Port 49892, Process: javaw.exe
website 208.87.149.250 Type: outgoing Port 50258, Process: javaw.exe


# AdwCleaner v1.801 - Logfile created 08/30/2012 at 06:23:30
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : DefaultTabSearch

***** [Files / Folders] *****

Folder Found : C:\Users\Owner\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Owner\AppData\Local\Temp\Iminent
Folder Found : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Owner\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Owner\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Owner\AppData\Roaming\Iminent
Folder Found : C:\Users\Owner\AppData\Roaming\Qwiklinx
Folder Found : C:\Users\Owner\Documents\ShopToWin
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Iminent
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\DefaultTab
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Iminent
Folder Found : C:\Program Files (x86)\IMinent toolbar
Folder Found : C:\Program Files (x86)\Qwiklinx
Folder Found : C:\Program Files (x86)\Shop To Win
Folder Found : C:\Program Files (x86)\Surf Canyon
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\FCTB000100565
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos.1
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar.1
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1
[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
[*] Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Qwiklinx
Key Found : HKCU\Software\ShopToWin
Key Found : HKCU\Software\Surf Canyon
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\DefaultTab
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Shop To Win]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Freecause
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Compete
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\DataMngr_Toolbar
[x64] Key Found : HKCU\Software\Default Tab
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\Iminent
[x64] Key Found : HKCU\Software\Qwiklinx
[x64] Key Found : HKCU\Software\ShopToWin
[x64] Key Found : HKCU\Software\Surf Canyon
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[x64] Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[x64] Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
[x64] Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
[x64] Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca
[x64] Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1
[x64] Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
[x64] Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
[x64] Key Found : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
[x64] Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
[x64] Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
[x64] Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
[x64] Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
[x64] Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
[x64] Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
[x64] Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
[x64] Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
[x64] Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[x64] Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[x64] Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
[x64] Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[x64] Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\DataMngr
[x64] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Shop To Win]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.iminent.com/?appId=9D526D8A-4EAC-40EC-9C21-D8FA99523E9C
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={3B31B199-E3A7-4A0C-AE7D-FD9A88B84332}&mid=2fcf5a0dd25b47d0a8d1d16f6b545922-61e0037ef50de1b8c8511a611395a820262d8fcb&lang=en&ds=AVG&pr=fr&d=2012-08-02 20:52:05&v=12.1.0.21&sap=nt

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "homepage" : "hxxp://search.iminent.com/",
Found : "hxxp://search.iminent.com/",
Found : "description" : "AVG Secure Search",
Found : "name" : "AVG Secure Search",
Found : "homepage" : "hxxp://search.iminent.com/",
Found : "hxxp://search.iminent.com/",

*************************

AdwCleaner[R1].txt - [50354 octets] - [30/08/2012 06:23:30]

########## EOF - C:\AdwCleaner[R1].txt - [50483 octets] ##########


# AdwCleaner v1.801 - Logfile created 08/30/2012 at 06:25:12
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabSearch

***** [Files / Folders] *****

Folder Deleted : C:\Users\Owner\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Toolbar4
Deleted on reboot : C:\Users\Owner\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Owner\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Owner\AppData\Roaming\Qwiklinx
Folder Deleted : C:\Users\Owner\Documents\ShopToWin
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\IMinent toolbar
Folder Deleted : C:\Program Files (x86)\Qwiklinx
Folder Deleted : C:\Program Files (x86)\Shop To Win
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\FCTB000100565
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
[*] Key Deleted : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.HttpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.HttpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Shop To Win]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Deleted : HKLM64\SOFTWARE\DataMngr

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[x64] Key Deleted : HKLM64\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = http://search.iminent.com/?appId=9D526D8A-4EAC-40EC-9C21-D8FA99523E9C --> http://www.google.com



# AdwCleaner v1.801 - Logfile created 09/01/2012 at 06:35:09
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Owner\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Owner\AppData\Roaming\Qwiklinx
Folder Found : C:\Users\Owner\Documents\ShopToWin
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Qwiklinx
Folder Found : C:\Program Files (x86)\Shop To Win
Folder Found : C:\Program Files (x86)\Surf Canyon

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\FCTB000100565
[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004639.BHO
[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004639.BHO.1
[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004639.Sandbox
[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004639.Sandbox.1
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos.1
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar.1
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl
[*] Key Found : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Qwiklinx
Key Found : HKCU\Software\ShopToWin
Key Found : HKCU\Software\Surf Canyon
Key Found : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Shop To Win]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Freecause
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\Cr_Installer
[x64] Key Found : HKCU\Software\InstalledBrowserExtensions
[x64] Key Found : HKCU\Software\Qwiklinx
[x64] Key Found : HKCU\Software\ShopToWin
[x64] Key Found : HKCU\Software\Surf Canyon
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
[x64] Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
[x64] Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
[x64] Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
[x64] Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
[x64] Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
[x64] Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
[x64] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Shop To Win]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [50031 octets] - [30/08/2012 06:23:30]
AdwCleaner[S1].txt - [37012 octets] - [30/08/2012 06:25:12]
AdwCleaner[S2].txt - [1570 octets] - [30/08/2012 06:29:04]
AdwCleaner[R2].txt - [5936 octets] - [01/09/2012 06:35:09]

########## EOF - C:\AdwCleaner[R2].txt - [6064 octets] ##########

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:08 PM

Posted 01 September 2012 - 10:54 AM

you have the newest variant to have come on the scene

the tools have been updated to reflect this (right click and delete the tools and logs that I have had you download thus far)

please delete the copy of FRST that you have on your desk top and download a fresh copy from here

Farbar Recovery Scan Tool


run a fresh scan as per the previous instructions and post a new log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 casper5

casper5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 04 September 2012 - 06:27 AM

Below are the logs that you have requested. I have ran this with x64 since in the very first post it showed how to check which system your computer has. When I was entering in commands to get these logs, I noticed that at the top of the screen it said system32. Is the way I ran this ok? Thank you!!

Scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2012
Ran by SYSTEM at 04-09-2012 06:12:08
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [lxdimon.exe] "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [434856 2009-04-27] ()
HKLM\...\Run: [lxdiamon] "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [25256 2009-04-27] ()
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-26] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-05] (Google Inc.)
HKU\Owner\...\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe [80016 2012-08-14] (Avanquest Software)
HKU\Owner\...\Run: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe [251824 2012-07-31] (Compete, Inc.)
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3885408 2009-02-06] (Microsoft Corporation)
HKU\Owner\...\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [13003448 2012-08-30] (The Weather Channel)
HKU\Owner\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1652736 2010-10-29] (AWS Convergence Technologies, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
AppInit_DLLs: C:\PROGRA~2\FANTAS~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\FANTAS~1\Datamngr\x64\IEBHO.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 DefaultTabUpdate; "C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [107520 2012-08-30] ()
2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [686592 2012-08-21] ()
2 lxdi_device; C:\Windows\system32\lxdicoms.exe -service [876976 2007-06-11] ( )
2 lxdi_device; C:\Windows\SysWow64\lxdicoms.exe -service [517040 2007-06-11] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ===================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-02] (AVG Technologies)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-01 03:35 - 2012-09-01 03:35 - 00006017 ____A C:\AdwCleaner[R2].txt
2012-09-01 03:33 - 2012-09-01 03:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WeatherBug
2012-09-01 03:33 - 2012-09-01 03:33 - 00000000 ____D C:\Users\Owner\AppData\Local\WeatherBug
2012-09-01 03:33 - 2012-09-01 03:33 - 00000000 ____D C:\Program Files (x86)\AWS
2012-09-01 03:31 - 2012-09-01 03:32 - 00000000 ____D C:\Program Files (x86)\SavingsApp
2012-09-01 03:31 - 2012-09-01 03:31 - 00000000 ____D C:\Users\Owner\AppData\Local\SavingsApp
2012-08-30 03:29 - 2012-08-30 03:29 - 00001570 ____A C:\AdwCleaner[S2].txt
2012-08-30 03:25 - 2012-08-30 03:25 - 00037012 ____A C:\AdwCleaner[S1].txt
2012-08-30 03:23 - 2012-08-30 03:24 - 00050031 ____A C:\AdwCleaner[R1].txt
2012-08-30 03:20 - 2012-09-01 04:37 - 00772682 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-30 03:17 - 2012-09-04 02:45 - 00000000 ____D C:\Users\Owner\Tracing
2012-08-30 03:16 - 2012-08-30 03:16 - 00000620 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-08-30 03:16 - 2012-08-30 03:16 - 00000000 ____A C:\Windows\SysWOW64\extensions.sqlite
2012-08-30 03:15 - 2012-08-30 03:15 - 00000403 ____A C:\END
2012-08-30 03:14 - 2012-08-30 03:15 - 00000000 ____D C:\Program Files (x86)\FreeFrog
2012-08-30 03:14 - 2012-08-30 03:14 - 00000000 ____D C:\Users\Owner\AppData\Local\The Weather Channel
2012-08-30 03:14 - 2012-08-30 03:14 - 00000000 ____D C:\Program Files (x86)\The Weather Channel
2012-08-30 03:14 - 2012-08-30 03:14 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2012-08-30 03:14 - 2012-08-30 03:14 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2012-08-30 03:03 - 2012-09-01 03:32 - 00000000 ____D C:\Program Files (x86)\Shop to Win 27
2012-08-30 03:03 - 2012-08-30 03:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DefaultTab
2012-08-30 03:03 - 2012-08-30 03:03 - 00000000 ____D C:\Program Files (x86)\Smart PC Cleaner
2012-08-30 03:03 - 2012-08-30 03:03 - 00000000 ____D C:\Program Files (x86)\FGIcon
2012-08-30 03:03 - 2012-08-30 03:03 - 00000000 ____D C:\Program Files (x86)\FantastiGames Toolbar
2012-08-30 03:03 - 2012-08-30 03:03 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2012-08-30 03:03 - 2012-08-30 03:03 - 00000000 ____D C:\Program Files (x86)\7-zip
2012-08-30 03:03 - 2012-08-30 03:03 - 00000000 ____D C:\extensions
2012-08-29 17:43 - 2012-08-29 17:42 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-29 17:43 - 2012-08-29 17:42 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-29 17:43 - 2012-08-29 17:42 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-29 17:43 - 2012-08-29 17:42 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-29 17:43 - 2012-08-29 17:42 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-29 17:43 - 2012-08-29 17:42 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-29 17:40 - 2012-08-29 17:41 - 32690664 ____A (Oracle Corporation) C:\Users\Owner\Desktop\jre-7u6-windows-x64.exe
2012-08-29 17:32 - 2012-08-29 17:32 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-28 18:01 - 2012-08-28 18:01 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-26 19:07 - 2012-08-26 19:07 - 00025660 ____A C:\ComboFix.txt
2012-08-26 18:33 - 2012-08-02 17:52 - 00000965 ____A C:\Users\Owner\Desktop\AVG 2012.lnk
2012-08-25 20:45 - 2012-08-25 20:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-25 18:58 - 2012-08-25 18:58 - 00000000 ____D C:\FRST
2012-08-24 20:50 - 2012-08-24 20:50 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-08-24 17:34 - 2012-08-24 19:32 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-24 17:31 - 2012-08-24 17:31 - 04737458 ____R (Swearware) C:\Users\Owner\Desktop\sub.exe
2012-08-23 17:56 - 2012-08-24 19:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-23 17:56 - 2012-08-23 17:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-08-23 17:56 - 2012-08-23 17:56 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-23 17:56 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-23 17:49 - 2012-08-24 19:31 - 00000395 ____A C:\rkill.log
2012-08-22 20:03 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-22 20:03 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-22 20:03 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-22 20:03 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-22 19:57 - 2012-08-26 19:08 - 00000000 ____D C:\Qoobox
2012-08-22 19:57 - 2012-08-22 19:57 - 04736524 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-08-22 19:39 - 2012-08-22 20:34 - 00000000 ____D C:\Windows\erdnt
2012-08-21 21:46 - 2012-08-21 21:46 - 17142744 ____A (Microsoft Corporation) C:\Windows-KB890830-x64-V4.11.exe
2012-08-21 19:18 - 2012-08-21 19:18 - 00277336 ____A C:\Windows\Minidump\082112-34413-01.dmp
2012-08-21 18:23 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-21 18:23 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-21 18:23 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-21 18:23 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-21 18:23 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-21 18:23 - 2012-06-15 21:16 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-21 18:23 - 2012-06-15 21:15 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-21 18:23 - 2012-06-15 20:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-21 18:23 - 2012-06-15 20:26 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-21 18:23 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-21 18:23 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-21 18:23 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-21 18:23 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-21 18:23 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-21 18:23 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-21 18:22 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-21 18:22 - 2012-06-26 23:06 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-21 18:22 - 2012-06-26 23:06 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-21 18:22 - 2012-06-26 23:06 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-21 18:22 - 2012-06-26 23:03 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-21 18:22 - 2012-06-26 23:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-21 18:22 - 2012-06-26 23:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-21 18:22 - 2012-06-26 23:02 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-21 18:22 - 2012-06-26 23:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-21 18:22 - 2012-06-26 23:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-21 18:22 - 2012-06-26 23:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-21 18:22 - 2012-06-26 21:53 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-21 18:22 - 2012-06-26 21:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-21 18:22 - 2012-06-26 21:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-21 18:22 - 2012-06-26 21:51 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-21 18:22 - 2012-06-26 21:51 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-21 18:22 - 2012-06-26 21:51 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-21 18:22 - 2012-06-26 21:50 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-21 18:22 - 2012-06-26 21:50 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-21 18:22 - 2012-06-26 21:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-21 18:22 - 2012-06-26 21:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-21 18:22 - 2012-06-26 20:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-21 18:22 - 2012-06-26 20:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-21 18:12 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-21 18:03 - 2012-08-21 22:08 - 00000000 ____D C:\Windows\System32\MpEngineStore
2012-08-21 17:53 - 2012-08-21 17:53 - 00000000 ____D C:\95aa27cf44611ba284628d440715


==================== 3 Months Modified Files ================================

2012-09-04 02:56 - 2011-01-03 18:12 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-09-04 02:56 - 2009-11-14 01:50 - 01846476 ____A C:\Windows\WindowsUpdate.log
2012-09-04 02:52 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-04 02:52 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-04 02:45 - 2009-11-14 02:12 - 00000290 ____A C:\Users\All Users\hpqp.ini
2012-09-04 02:44 - 2010-07-05 17:40 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-04 02:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-04 02:44 - 2009-07-13 20:51 - 00163081 ____A C:\Windows\setupact.log
2012-09-01 04:37 - 2012-08-30 03:20 - 00772682 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-01 04:37 - 2009-07-13 21:13 - 00772682 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-01 04:11 - 2010-07-05 17:40 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-01 03:37 - 2012-09-01 03:36 - 00004659 ____A C:\AdwCleaner[S3].txt
2012-09-01 03:35 - 2012-09-01 03:35 - 00006017 ____A C:\AdwCleaner[R2].txt
2012-08-30 03:29 - 2012-08-30 03:29 - 00001570 ____A C:\AdwCleaner[S2].txt
2012-08-30 03:25 - 2012-08-30 03:25 - 00037012 ____A C:\AdwCleaner[S1].txt
2012-08-30 03:24 - 2012-08-30 03:23 - 00050031 ____A C:\AdwCleaner[R1].txt
2012-08-30 03:16 - 2012-08-30 03:16 - 00000620 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-08-30 03:16 - 2012-08-30 03:16 - 00000000 ____A C:\Windows\SysWOW64\extensions.sqlite
2012-08-30 03:15 - 2012-08-30 03:15 - 00000403 ____A C:\END
2012-08-30 02:52 - 2010-01-03 20:36 - 00186952 ____A C:\Windows\PFRO.log
2012-08-29 17:42 - 2012-08-29 17:43 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-08-29 17:42 - 2012-08-29 17:43 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-08-29 17:42 - 2012-08-29 17:43 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-08-29 17:42 - 2012-08-29 17:43 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-29 17:42 - 2012-08-29 17:43 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-29 17:42 - 2012-08-29 17:43 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-29 17:41 - 2012-08-29 17:40 - 32690664 ____A (Oracle Corporation) C:\Users\Owner\Desktop\jre-7u6-windows-x64.exe
2012-08-29 17:32 - 2012-08-29 17:32 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-28 17:41 - 2011-06-28 19:10 - 00001854 ____A C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml
2012-08-26 19:07 - 2012-08-26 19:07 - 00025660 ____A C:\ComboFix.txt
2012-08-26 18:52 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-25 20:37 - 2009-07-13 21:08 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-24 20:50 - 2012-08-24 20:50 - 00000000 ____A C:\Users\Owner\defogger_reenable
2012-08-24 19:32 - 2012-08-24 17:34 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-24 19:31 - 2012-08-23 17:49 - 00000395 ____A C:\rkill.log
2012-08-24 17:31 - 2012-08-24 17:31 - 04737458 ____R (Swearware) C:\Users\Owner\Desktop\sub.exe
2012-08-22 19:57 - 2012-08-22 19:57 - 04736524 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2012-08-22 19:12 - 2009-07-13 20:45 - 00398872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-21 21:46 - 2012-08-21 21:46 - 17142744 ____A (Microsoft Corporation) C:\Windows-KB890830-x64-V4.11.exe
2012-08-21 19:18 - 2012-08-21 19:18 - 00277336 ____A C:\Windows\Minidump\082112-34413-01.dmp
2012-08-21 19:18 - 2012-08-03 02:41 - 452164498 ____A C:\Windows\MEMORY.DMP
2012-08-21 17:55 - 2011-05-20 17:52 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-03 02:57 - 2012-08-03 02:57 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-08-03 02:41 - 2012-08-03 02:41 - 00277360 ____A C:\Windows\Minidump\080312-46425-01.dmp
2012-08-03 01:27 - 2010-01-03 20:32 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-02 18:24 - 2012-02-06 20:04 - 00000334 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2012-08-02 17:52 - 2012-08-26 18:33 - 00000965 ____A C:\Users\Owner\Desktop\AVG 2012.lnk
2012-08-02 17:52 - 2012-08-02 17:52 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-07-18 10:15 - 2012-08-21 18:22 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:16 - 2012-08-21 18:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-21 18:23 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-21 18:23 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-21 18:23 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-21 18:23 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 10:46 - 2012-08-23 17:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 23:06 - 2012-08-21 18:22 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-26 23:06 - 2012-08-21 18:22 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-26 23:06 - 2012-08-21 18:22 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-26 23:03 - 2012-08-21 18:22 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-26 23:03 - 2012-08-21 18:22 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-26 23:03 - 2012-08-21 18:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-26 23:02 - 2012-08-21 18:22 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-26 23:02 - 2012-08-21 18:22 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-26 23:02 - 2012-08-21 18:22 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-26 23:02 - 2012-08-21 18:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-26 21:53 - 2012-08-21 18:22 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-26 21:53 - 2012-08-21 18:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-26 21:53 - 2012-08-21 18:22 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-26 21:51 - 2012-08-21 18:22 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-26 21:51 - 2012-08-21 18:22 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-26 21:51 - 2012-08-21 18:22 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-26 21:50 - 2012-08-21 18:22 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-26 21:50 - 2012-08-21 18:22 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-26 21:50 - 2012-08-21 18:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 21:50 - 2012-08-21 18:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-26 20:53 - 2012-08-21 18:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-26 20:10 - 2012-08-21 18:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-15 21:16 - 2012-08-21 18:23 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-15 21:15 - 2012-08-21 18:23 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-15 20:26 - 2012-08-21 18:23 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-15 20:26 - 2012-08-21 18:23 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-06-08 21:43 - 2012-08-02 17:39 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-08-02 17:38 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-02 16:55:34
Restore point made on: 2012-08-02 17:32:51
Restore point made on: 2012-08-02 17:34:43
Restore point made on: 2012-08-02 17:49:31
Restore point made on: 2012-08-02 17:50:09
Restore point made on: 2012-08-03 02:52:18
Restore point made on: 2012-08-21 17:54:15
Restore point made on: 2012-08-21 22:01:53
Restore point made on: 2012-08-26 18:37:04
Restore point made on: 2012-08-29 17:42:26
Restore point made on: 2012-09-01 03:33:03
Restore point made on: 2012-09-01 04:07:39

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3003.19 MB
Available physical RAM: 2342.36 MB
Total Pagefile: 3001.34 MB
Available Pagefile: 2344.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:285.98 GB) (Free:230.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:1.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (UDISK) (Removable) (Total:1.89 GB) (Free:1.88 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1944 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 285 GB 200 MB
Partition 3 Primary 11 GB 286 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 285 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1943 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G UDISK FAT32 Removable 1943 MB Healthy

==================================================================================

Last Boot: 2012-07-30 03:33

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 04-09-2012
Ran by SYSTEM at 2012-09-04 06:14:11
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-08-22 20:34] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users