Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ukash / police virus


  • Please log in to reply
10 replies to this topic

#1 edinho1

edinho1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 17 September 2012 - 10:29 AM

I am having awful trouble getting rid of this.

After hours of trying i've got as far as malwarebytes finding the virus and directing me to the offending folder.

When i get rid of it either by deleting folder then cleaning out my trash can or deleting using malwarebytes the next scan is clean but as soon as im out of safe mode the virus is back within about a minute of loading into windows.

The hellomoto folder is then back when i go back into to have a look.

cheers for any advice its very frustrating.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.15.06

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Glen :: GLEN-PC [administrator]

17/09/2012 16:02:21
mbam-log-2012-09-17 (16-02-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202321
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Glen\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Glen\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\Glen\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:09 PM

Posted 17 September 2012 - 10:32 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 edinho1

edinho1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 17 September 2012 - 10:54 AM

16:51:05.0632 1940 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:51:11.0669 1940 ============================================================
16:51:11.0669 1940 Current date / time: 2012/09/17 16:51:11.0669
16:51:11.0669 1940 SystemInfo:
16:51:11.0669 1940
16:51:11.0669 1940 OS Version: 6.0.6002 ServicePack: 2.0
16:51:11.0669 1940 Product type: Workstation
16:51:11.0669 1940 ComputerName: GLEN-PC
16:51:11.0669 1940 UserName: Glen
16:51:11.0669 1940 Windows directory: C:\Windows
16:51:11.0669 1940 System windows directory: C:\Windows
16:51:11.0669 1940 Running under WOW64
16:51:11.0669 1940 Processor architecture: Intel x64
16:51:11.0669 1940 Number of processors: 4
16:51:11.0669 1940 Page size: 0x1000
16:51:11.0669 1940 Boot type: Safe boot with network
16:51:11.0669 1940 ============================================================
16:51:15.0210 1940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:51:15.0273 1940 ============================================================
16:51:15.0273 1940 \Device\Harddisk0\DR0:
16:51:15.0320 1940 MBR partitions:
16:51:15.0320 1940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1FA2F20, BlocksNum 0x383E2910
16:51:15.0320 1940 ============================================================
16:51:15.0491 1940 C: <-> \Device\Harddisk0\DR0\Partition1
16:51:15.0491 1940 ============================================================
16:51:15.0491 1940 Initialize success
16:51:15.0491 1940 ============================================================
16:51:40.0202 1800 ============================================================
16:51:40.0202 1800 Scan started
16:51:40.0202 1800 Mode: Manual; TDLFS;
16:51:40.0202 1800 ============================================================
16:51:42.0401 1800 ================ Scan system memory ========================
16:51:42.0401 1800 System memory - ok
16:51:42.0401 1800 ================ Scan services =============================
16:51:42.0760 1800 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:51:42.0760 1800 !SASCORE - ok
16:51:43.0259 1800 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:51:43.0259 1800 ACDaemon - ok
16:51:43.0914 1800 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:51:43.0930 1800 ACPI - ok
16:51:44.0039 1800 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:51:44.0039 1800 AdobeARMservice - ok
16:51:44.0148 1800 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:51:44.0180 1800 adp94xx - ok
16:51:44.0211 1800 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:51:44.0226 1800 adpahci - ok
16:51:44.0258 1800 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:51:44.0273 1800 adpu160m - ok
16:51:44.0320 1800 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:51:44.0336 1800 adpu320 - ok
16:51:44.0382 1800 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:51:44.0398 1800 AeLookupSvc - ok
16:51:44.0538 1800 [ 12415CCFD3E7CEC55B5184E67B039FE4 ] AFD C:\Windows\system32\drivers\afd.sys
16:51:44.0538 1800 AFD - ok
16:51:44.0616 1800 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:51:44.0616 1800 agp440 - ok
16:51:44.0710 1800 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:51:44.0710 1800 aic78xx - ok
16:51:44.0741 1800 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
16:51:44.0757 1800 ALG - ok
16:51:44.0835 1800 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
16:51:44.0850 1800 aliide - ok
16:51:44.0882 1800 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
16:51:44.0882 1800 amdide - ok
16:51:44.0944 1800 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:51:44.0960 1800 AmdK8 - ok
16:51:45.0053 1800 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
16:51:45.0053 1800 Appinfo - ok
16:51:45.0100 1800 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
16:51:45.0116 1800 arc - ok
16:51:45.0194 1800 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:51:45.0194 1800 arcsas - ok
16:51:45.0365 1800 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:51:45.0412 1800 aspnet_state - ok
16:51:45.0474 1800 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:45.0490 1800 AsyncMac - ok
16:51:45.0521 1800 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
16:51:45.0537 1800 atapi - ok
16:51:45.0630 1800 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:51:45.0646 1800 AudioEndpointBuilder - ok
16:51:45.0662 1800 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:51:45.0662 1800 AudioSrv - ok
16:51:45.0740 1800 Beep - ok
16:51:45.0911 1800 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
16:51:45.0942 1800 BFE - ok
16:51:46.0161 1800 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
16:51:46.0426 1800 BITS - ok
16:51:46.0457 1800 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:51:46.0457 1800 blbdrive - ok
16:51:46.0520 1800 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:51:46.0520 1800 bowser - ok
16:51:46.0566 1800 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:51:46.0566 1800 BrFiltLo - ok
16:51:46.0582 1800 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:51:46.0582 1800 BrFiltUp - ok
16:51:46.0629 1800 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
16:51:46.0644 1800 Browser - ok
16:51:46.0707 1800 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
16:51:46.0722 1800 Brserid - ok
16:51:46.0738 1800 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:51:46.0738 1800 BrSerWdm - ok
16:51:46.0769 1800 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:51:46.0800 1800 BrUsbMdm - ok
16:51:46.0832 1800 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:51:46.0832 1800 BrUsbSer - ok
16:51:46.0847 1800 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:51:46.0847 1800 BTHMODEM - ok
16:51:46.0925 1800 catchme - ok
16:51:46.0956 1800 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:51:46.0956 1800 cdfs - ok
16:51:47.0003 1800 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:51:47.0019 1800 cdrom - ok
16:51:47.0081 1800 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
16:51:47.0097 1800 CertPropSvc - ok
16:51:47.0112 1800 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
16:51:47.0112 1800 circlass - ok
16:51:47.0175 1800 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
16:51:47.0175 1800 CLFS - ok
16:51:47.0331 1800 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:47.0346 1800 clr_optimization_v2.0.50727_32 - ok
16:51:47.0471 1800 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:51:47.0471 1800 clr_optimization_v2.0.50727_64 - ok
16:51:47.0534 1800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:47.0627 1800 clr_optimization_v4.0.30319_32 - ok
16:51:47.0674 1800 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:51:47.0736 1800 clr_optimization_v4.0.30319_64 - ok
16:51:47.0799 1800 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:51:47.0814 1800 cmdide - ok
16:51:47.0846 1800 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:51:47.0861 1800 Compbatt - ok
16:51:47.0861 1800 COMSysApp - ok
16:51:47.0908 1800 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:51:47.0908 1800 crcdisk - ok
16:51:48.0002 1800 [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:51:48.0033 1800 CryptSvc - ok
16:51:48.0236 1800 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:51:48.0329 1800 DcomLaunch - ok
16:51:48.0407 1800 [ 36CD31121F228E7E79BAE60AA45764C6 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:51:48.0423 1800 DfsC - ok
16:51:48.0797 1800 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
16:51:48.0969 1800 DFSR - ok
16:51:49.0062 1800 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:51:49.0062 1800 dg_ssudbus - ok
16:51:49.0218 1800 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:51:49.0234 1800 Dhcp - ok
16:51:49.0250 1800 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
16:51:49.0250 1800 disk - ok
16:51:49.0312 1800 [ 21D16B37257370975C7457C3A5EFA530 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:51:49.0328 1800 Dnscache - ok
16:51:49.0406 1800 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
16:51:49.0437 1800 dot3svc - ok
16:51:49.0499 1800 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
16:51:49.0515 1800 DPS - ok
16:51:49.0546 1800 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:51:49.0546 1800 drmkaud - ok
16:51:49.0718 1800 [ E828CDCA431D1F98D33501DFC390079A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:51:49.0780 1800 DXGKrnl - ok
16:51:49.0827 1800 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:51:49.0842 1800 E1G60 - ok
16:51:49.0920 1800 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
16:51:49.0936 1800 EapHost - ok
16:51:50.0030 1800 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
16:51:50.0045 1800 Ecache - ok
16:51:50.0123 1800 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:51:50.0123 1800 ehRecvr - ok
16:51:50.0139 1800 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
16:51:50.0139 1800 ehSched - ok
16:51:50.0201 1800 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
16:51:50.0201 1800 ehstart - ok
16:51:50.0217 1800 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:51:50.0232 1800 elxstor - ok
16:51:50.0326 1800 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:51:50.0373 1800 EMDMgmt - ok
16:51:50.0435 1800 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:51:50.0466 1800 ErrDev - ok
16:51:50.0607 1800 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
16:51:50.0638 1800 EventSystem - ok
16:51:50.0747 1800 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
16:51:50.0794 1800 exfat - ok
16:51:50.0903 1800 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:51:51.0012 1800 fastfat - ok
16:51:51.0137 1800 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:51:51.0168 1800 fdc - ok
16:51:51.0231 1800 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
16:51:51.0262 1800 fdPHost - ok
16:51:51.0309 1800 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
16:51:51.0324 1800 FDResPub - ok
16:51:51.0371 1800 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:51:51.0418 1800 FileInfo - ok
16:51:51.0465 1800 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:51:51.0480 1800 Filetrace - ok
16:51:51.0543 1800 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:51.0558 1800 flpydisk - ok
16:51:51.0636 1800 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:51:51.0730 1800 FltMgr - ok
16:51:51.0839 1800 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:51:51.0839 1800 FontCache3.0.0.0 - ok
16:51:51.0870 1800 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:51:51.0886 1800 Fs_Rec - ok
16:51:51.0902 1800 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:51:51.0917 1800 gagp30kx - ok
16:51:51.0995 1800 [ CB121F1009623E83EBCC2C4DCEF6D3FE ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:51:51.0995 1800 GEARAspiWDM - ok
16:51:52.0058 1800 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
16:51:52.0120 1800 gpsvc - ok
16:51:52.0292 1800 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9c53be78e8053 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:51:52.0292 1800 gupdate1c9c53be78e8053 - ok
16:51:52.0354 1800 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:51:52.0354 1800 gupdatem - ok
16:51:52.0448 1800 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:51:52.0448 1800 gusvc - ok
16:51:52.0526 1800 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:51:52.0541 1800 HdAudAddService - ok
16:51:52.0604 1800 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:51:52.0604 1800 HDAudBus - ok
16:51:52.0650 1800 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:51:52.0650 1800 HidBth - ok
16:51:52.0697 1800 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:51:52.0713 1800 HidIr - ok
16:51:52.0806 1800 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
16:51:52.0822 1800 hidserv - ok
16:51:52.0884 1800 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:51:52.0900 1800 HidUsb - ok
16:51:52.0978 1800 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
16:51:53.0009 1800 hkmsvc - ok
16:51:53.0228 1800 [ B2AFA712B3CDF8AD04D85C56546BB174 ] HotspotShieldService C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
16:51:53.0228 1800 HotspotShieldService - ok
16:51:53.0290 1800 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:51:53.0290 1800 HpCISSs - ok
16:51:53.0352 1800 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
16:51:53.0352 1800 HssDrv - ok
16:51:53.0664 1800 [ B8B90BB7011556691D432AAECAA0D26C ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
16:51:53.0664 1800 HssSrv - ok
16:51:53.0789 1800 [ 8FAAB97946600E312CB3398061AD3059 ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
16:51:53.0789 1800 HssTrayService - ok
16:51:53.0836 1800 HssWd - ok
16:51:54.0023 1800 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:51:54.0086 1800 HTTP - ok
16:51:54.0117 1800 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:51:54.0164 1800 i2omp - ok
16:51:54.0210 1800 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:51:54.0226 1800 i8042prt - ok
16:51:54.0320 1800 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:51:54.0382 1800 iaStorV - ok
16:51:54.0507 1800 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:51:54.0507 1800 IDriverT - ok
16:51:54.0819 1800 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:51:54.0834 1800 idsvc - ok
16:51:54.0881 1800 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:51:54.0897 1800 iirsp - ok
16:51:55.0037 1800 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
16:51:55.0068 1800 IKEEXT - ok
16:51:55.0396 1800 [ 04C6489A44E340574DAAE64A6062541C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:51:55.0427 1800 IntcAzAudAddService - ok
16:51:55.0552 1800 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
16:51:55.0552 1800 intelide - ok
16:51:55.0583 1800 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:51:55.0599 1800 intelppm - ok
16:51:55.0630 1800 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:51:55.0646 1800 IPBusEnum - ok
16:51:55.0708 1800 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:55.0724 1800 IpFilterDriver - ok
16:51:55.0802 1800 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:51:55.0817 1800 iphlpsvc - ok
16:51:55.0833 1800 IpInIp - ok
16:51:55.0864 1800 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:51:55.0880 1800 IPMIDRV - ok
16:51:55.0895 1800 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:51:55.0942 1800 IPNAT - ok
16:51:55.0958 1800 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:51:55.0958 1800 IRENUM - ok
16:51:56.0051 1800 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:51:56.0082 1800 isapnp - ok
16:51:56.0160 1800 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:51:56.0160 1800 iScsiPrt - ok
16:51:56.0207 1800 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:51:56.0223 1800 iteatapi - ok
16:51:56.0285 1800 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:51:56.0301 1800 iteraid - ok
16:51:56.0316 1800 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:51:56.0316 1800 kbdclass - ok
16:51:56.0348 1800 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:51:56.0363 1800 kbdhid - ok
16:51:56.0394 1800 [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso C:\Windows\system32\lsass.exe
16:51:56.0426 1800 KeyIso - ok
16:51:56.0535 1800 [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:51:56.0582 1800 KSecDD - ok
16:51:56.0644 1800 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:51:56.0660 1800 ksthunk - ok
16:51:56.0722 1800 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
16:51:56.0769 1800 KtmRm - ok
16:51:56.0847 1800 [ 967D7CB076CD1969156247D03B92CECA ] LanmanServer C:\Windows\System32\srvsvc.dll
16:51:56.0878 1800 LanmanServer - ok
16:51:56.0972 1800 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:51:56.0987 1800 LanmanWorkstation - ok
16:51:57.0018 1800 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:51:57.0034 1800 lltdio - ok
16:51:57.0065 1800 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:51:57.0081 1800 lltdsvc - ok
16:51:57.0112 1800 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:51:57.0128 1800 lmhosts - ok
16:51:57.0174 1800 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:51:57.0190 1800 LSI_FC - ok
16:51:57.0252 1800 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:51:57.0252 1800 LSI_SAS - ok
16:51:57.0268 1800 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:51:57.0299 1800 LSI_SCSI - ok
16:51:57.0330 1800 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
16:51:57.0346 1800 luafv - ok
16:51:57.0471 1800 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
16:51:57.0471 1800 McComponentHostService - ok
16:51:57.0518 1800 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:51:57.0533 1800 Mcx2Svc - ok
16:51:57.0564 1800 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
16:51:57.0564 1800 megasas - ok
16:51:57.0658 1800 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:51:57.0674 1800 MegaSR - ok
16:51:57.0705 1800 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
16:51:57.0705 1800 MMCSS - ok
16:51:57.0736 1800 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
16:51:57.0736 1800 Modem - ok
16:51:57.0783 1800 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:51:57.0798 1800 monitor - ok
16:51:57.0830 1800 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:51:57.0830 1800 mouclass - ok
16:51:57.0845 1800 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:51:57.0861 1800 mouhid - ok
16:51:57.0876 1800 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:51:57.0892 1800 MountMgr - ok
16:51:58.0001 1800 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:51:58.0001 1800 MozillaMaintenance - ok
16:51:58.0032 1800 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
16:51:58.0032 1800 mpio - ok
16:51:58.0064 1800 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:51:58.0064 1800 mpsdrv - ok
16:51:58.0110 1800 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
16:51:58.0126 1800 MpsSvc - ok
16:51:58.0142 1800 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:51:58.0142 1800 Mraid35x - ok
16:51:58.0188 1800 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:51:58.0188 1800 MRxDAV - ok
16:51:58.0251 1800 [ D58D129E26705E83A4DEBA7177EB7972 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:58.0251 1800 mrxsmb - ok
16:51:58.0266 1800 [ D5BE5C14E0F1DC489F5BB2A67983F630 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:58.0282 1800 mrxsmb10 - ok
16:51:58.0313 1800 [ 09A2990C3B293C212816C9BC0D7C200E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:58.0329 1800 mrxsmb20 - ok
16:51:58.0344 1800 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
16:51:58.0344 1800 msahci - ok
16:51:58.0360 1800 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:51:58.0376 1800 msdsm - ok
16:51:58.0407 1800 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
16:51:58.0407 1800 MSDTC - ok
16:51:58.0438 1800 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:51:58.0438 1800 Msfs - ok
16:51:58.0485 1800 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:51:58.0500 1800 msisadrv - ok
16:51:58.0578 1800 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:51:58.0610 1800 MSiSCSI - ok
16:51:58.0641 1800 msiserver - ok
16:51:58.0688 1800 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:51:58.0719 1800 MSKSSRV - ok
16:51:58.0844 1800 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:58.0859 1800 MSPCLOCK - ok
16:51:58.0906 1800 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:51:58.0937 1800 MSPQM - ok
16:51:59.0046 1800 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:51:59.0078 1800 MsRPC - ok
16:51:59.0140 1800 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:51:59.0140 1800 mssmbios - ok
16:51:59.0171 1800 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:51:59.0171 1800 MSTEE - ok
16:51:59.0249 1800 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
16:51:59.0249 1800 MTsensor - ok
16:51:59.0296 1800 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
16:51:59.0312 1800 Mup - ok
16:51:59.0358 1800 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
16:51:59.0374 1800 napagent - ok
16:51:59.0421 1800 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:51:59.0436 1800 NativeWifiP - ok
16:51:59.0546 1800 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:51:59.0577 1800 NDIS - ok
16:51:59.0639 1800 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:59.0639 1800 NdisTapi - ok
16:51:59.0670 1800 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:59.0670 1800 Ndisuio - ok
16:51:59.0982 1800 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:52:00.0014 1800 NdisWan - ok
16:52:00.0029 1800 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:52:00.0045 1800 NDProxy - ok
16:52:00.0060 1800 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:52:00.0060 1800 NetBIOS - ok
16:52:00.0107 1800 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:52:00.0138 1800 netbt - ok
16:52:00.0154 1800 [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon C:\Windows\system32\lsass.exe
16:52:00.0154 1800 Netlogon - ok
16:52:00.0248 1800 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
16:52:00.0263 1800 Netman - ok
16:52:00.0294 1800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:52:00.0404 1800 NetMsmqActivator - ok
16:52:00.0404 1800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:52:00.0404 1800 NetPipeActivator - ok
16:52:00.0450 1800 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
16:52:00.0466 1800 netprofm - ok
16:52:00.0497 1800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:52:00.0513 1800 NetTcpActivator - ok
16:52:00.0513 1800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:52:00.0513 1800 NetTcpPortSharing - ok
16:52:00.0528 1800 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:52:00.0544 1800 nfrd960 - ok
16:52:00.0591 1800 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
16:52:00.0606 1800 NlaSvc - ok
16:52:00.0653 1800 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:52:00.0653 1800 Npfs - ok
16:52:00.0700 1800 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
16:52:00.0700 1800 nsi - ok
16:52:00.0716 1800 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:52:00.0731 1800 nsiproxy - ok
16:52:00.0887 1800 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:52:00.0918 1800 Ntfs - ok
16:52:00.0934 1800 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
16:52:00.0950 1800 Null - ok
16:52:01.0574 1800 [ 99ED33F7FE39026A477893D92AEA5EF0 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:52:01.0589 1800 NVENETFD - ok
16:52:02.0541 1800 [ 3B6934D5717C42944FAF814E34A4DDEA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:52:03.0524 1800 nvlddmkm - ok
16:52:03.0570 1800 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:52:03.0570 1800 nvraid - ok
16:52:03.0602 1800 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:52:03.0602 1800 nvstor - ok
16:52:03.0633 1800 [ E87E17E9FD94EE9F0DBDE4B6AD882F26 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
16:52:03.0633 1800 nvstor64 - ok
16:52:03.0695 1800 [ D533379C131311B529D0381C6CE7AB03 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:52:03.0742 1800 nvsvc - ok
16:52:03.0773 1800 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:52:03.0773 1800 nv_agp - ok
16:52:03.0789 1800 NwlnkFlt - ok
16:52:03.0789 1800 NwlnkFwd - ok
16:52:03.0929 1800 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:52:03.0929 1800 odserv - ok
16:52:03.0992 1800 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:52:03.0992 1800 ohci1394 - ok
16:52:04.0054 1800 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:52:04.0054 1800 ose - ok
16:52:04.0179 1800 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:52:04.0210 1800 p2pimsvc - ok
16:52:04.0241 1800 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
16:52:04.0257 1800 p2psvc - ok
16:52:04.0304 1800 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:52:04.0366 1800 Parport - ok
16:52:04.0444 1800 [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:52:04.0506 1800 partmgr - ok
16:52:04.0569 1800 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
16:52:04.0600 1800 PcaSvc - ok
16:52:04.0756 1800 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:52:04.0803 1800 pccsmcfd - ok
16:52:04.0896 1800 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys
16:52:04.0912 1800 pci - ok
16:52:04.0990 1800 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
16:52:04.0990 1800 pciide - ok
16:52:05.0037 1800 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:52:05.0037 1800 pcmcia - ok
16:52:05.0068 1800 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:52:05.0115 1800 PEAUTH - ok
16:52:05.0255 1800 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:52:05.0255 1800 PerfHost - ok
16:52:05.0442 1800 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
16:52:05.0474 1800 pla - ok
16:52:05.0567 1800 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:52:05.0583 1800 PlugPlay - ok
16:52:05.0692 1800 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:52:05.0708 1800 PNRPAutoReg - ok
16:52:05.0739 1800 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:52:05.0739 1800 PNRPsvc - ok
16:52:05.0801 1800 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:52:05.0817 1800 PolicyAgent - ok
16:52:05.0879 1800 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:52:05.0895 1800 PptpMiniport - ok
16:52:05.0942 1800 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:52:05.0942 1800 Processor - ok
16:52:06.0004 1800 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
16:52:06.0020 1800 ProfSvc - ok
16:52:06.0035 1800 [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:52:06.0035 1800 ProtectedStorage - ok
16:52:06.0129 1800 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:52:06.0144 1800 PSched - ok
16:52:06.0254 1800 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:52:06.0285 1800 ql2300 - ok
16:52:06.0316 1800 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:52:06.0332 1800 ql40xx - ok
16:52:06.0378 1800 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
16:52:06.0394 1800 QWAVE - ok
16:52:06.0410 1800 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:52:06.0410 1800 QWAVEdrv - ok
16:52:06.0784 1800 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
16:52:06.0800 1800 RapportCerberus_42020 - ok
16:52:06.0893 1800 [ 43012282B8028A69CE0DC98509946E9A ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
16:52:06.0893 1800 RapportEI64 - ok
16:52:06.0987 1800 [ DF6BB348E6CBC13198D86FB9E6DA1014 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
16:52:07.0018 1800 RapportKE64 - ok
16:52:07.0190 1800 [ 1C72DA224FF1D7EADC88016FFE046217 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
16:52:07.0190 1800 RapportPG64 - ok
16:52:07.0252 1800 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:52:07.0268 1800 RasAcd - ok
16:52:07.0330 1800 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
16:52:07.0361 1800 RasAuto - ok
16:52:07.0439 1800 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:52:07.0470 1800 Rasl2tp - ok
16:52:07.0595 1800 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
16:52:07.0642 1800 RasMan - ok
16:52:07.0704 1800 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:52:07.0704 1800 RasPppoe - ok
16:52:07.0736 1800 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:52:07.0767 1800 RasSstp - ok
16:52:07.0860 1800 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:52:07.0876 1800 rdbss - ok
16:52:07.0907 1800 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:52:07.0923 1800 RDPCDD - ok
16:52:07.0938 1800 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:52:07.0970 1800 rdpdr - ok
16:52:07.0985 1800 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:52:07.0985 1800 RDPENCDD - ok
16:52:08.0048 1800 [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:52:08.0048 1800 RDPWD - ok
16:52:08.0126 1800 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:52:08.0141 1800 RemoteAccess - ok
16:52:08.0204 1800 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:52:08.0219 1800 RemoteRegistry - ok
16:52:08.0344 1800 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
16:52:08.0344 1800 RichVideo - ok
16:52:08.0375 1800 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
16:52:08.0375 1800 RpcLocator - ok
16:52:08.0469 1800 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
16:52:08.0484 1800 RpcSs - ok
16:52:08.0531 1800 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:52:08.0547 1800 rspndr - ok
16:52:08.0562 1800 [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs C:\Windows\system32\lsass.exe
16:52:08.0562 1800 SamSs - ok
16:52:08.0687 1800 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:52:08.0687 1800 SASDIFSV - ok
16:52:08.0718 1800 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:52:08.0718 1800 SASKUTIL - ok
16:52:08.0750 1800 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:52:08.0765 1800 sbp2port - ok
16:52:08.0828 1800 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:52:08.0828 1800 SCardSvr - ok
16:52:08.0937 1800 [ 717C12DF4B7C93FEC97D146AC1342B25 ] Schedule C:\Windows\system32\schedsvc.dll
16:52:08.0952 1800 Schedule - ok
16:52:08.0984 1800 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:52:08.0984 1800 SCPolicySvc - ok
16:52:09.0015 1800 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:52:09.0030 1800 SDRSVC - ok
16:52:09.0062 1800 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:52:09.0077 1800 secdrv - ok
16:52:09.0108 1800 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
16:52:09.0124 1800 seclogon - ok
16:52:09.0155 1800 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
16:52:09.0171 1800 SENS - ok
16:52:09.0186 1800 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:52:09.0186 1800 Serenum - ok
16:52:09.0249 1800 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:52:09.0264 1800 Serial - ok
16:52:09.0280 1800 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:52:09.0296 1800 sermouse - ok
16:52:09.0483 1800 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
16:52:09.0498 1800 ServiceLayer - ok
16:52:09.0545 1800 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
16:52:09.0545 1800 SessionEnv - ok
16:52:09.0576 1800 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:52:09.0592 1800 sffdisk - ok
16:52:09.0639 1800 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:52:09.0670 1800 sffp_mmc - ok
16:52:09.0686 1800 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:52:09.0717 1800 sffp_sd - ok
16:52:09.0764 1800 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:52:09.0795 1800 sfloppy - ok
16:52:09.0920 1800 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:52:09.0966 1800 SharedAccess - ok
16:52:10.0076 1800 [ 2AD15758174DCC7993FF3C00A955DD66 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:52:10.0091 1800 ShellHWDetection - ok
16:52:10.0154 1800 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:52:10.0169 1800 SiSRaid2 - ok
16:52:10.0200 1800 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:52:10.0200 1800 SiSRaid4 - ok
16:52:10.0434 1800 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
16:52:10.0481 1800 slsvc - ok
16:52:10.0528 1800 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:52:10.0528 1800 SLUINotify - ok
16:52:10.0590 1800 SMARTMouseFilterx64 - ok
16:52:10.0590 1800 SMARTVHidMiniVistaAmd64 - ok
16:52:10.0606 1800 SMARTVTabletPCx64 - ok
16:52:10.0637 1800 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:52:10.0653 1800 Smb - ok
16:52:10.0684 1800 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:52:10.0684 1800 SNMPTRAP - ok
16:52:10.0731 1800 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
16:52:10.0731 1800 spldr - ok
16:52:10.0793 1800 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
16:52:10.0809 1800 Spooler - ok
16:52:10.0918 1800 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
16:52:10.0965 1800 sptd - ok
16:52:11.0012 1800 [ CB5BD298E62AED1B4AF3CC44811A30A5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:52:11.0043 1800 srv - ok
16:52:11.0090 1800 [ 26CD9130775C59439B77ECE2F6DF9C4C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:52:11.0105 1800 srv2 - ok
16:52:11.0152 1800 [ CAEA15E0E52FB15A2C8B505643228057 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:52:11.0152 1800 srvnet - ok
16:52:11.0214 1800 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:52:11.0230 1800 SSDPSRV - ok
16:52:11.0292 1800 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:52:11.0292 1800 SstpSvc - ok
16:52:11.0386 1800 Steam Client Service - ok
16:52:11.0464 1800 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
16:52:11.0480 1800 stisvc - ok
16:52:11.0526 1800 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:52:11.0526 1800 swenum - ok
16:52:11.0667 1800 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
16:52:11.0682 1800 swprv - ok
16:52:11.0698 1800 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:52:11.0698 1800 Symc8xx - ok
16:52:11.0714 1800 SymIMMP - ok
16:52:11.0729 1800 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:52:11.0729 1800 Sym_hi - ok
16:52:11.0745 1800 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:52:11.0760 1800 Sym_u3 - ok
16:52:11.0885 1800 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
16:52:11.0901 1800 SysMain - ok
16:52:11.0948 1800 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:52:11.0963 1800 TabletInputService - ok
16:52:12.0072 1800 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:52:12.0197 1800 TapiSrv - ok
16:52:12.0275 1800 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
16:52:12.0291 1800 TBS - ok
16:52:12.0837 1800 [ 973658A2EA9C06B2976884B9046DFC6C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:52:13.0024 1800 Tcpip - ok
16:52:13.0086 1800 [ 973658A2EA9C06B2976884B9046DFC6C ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:52:13.0118 1800 Tcpip6 - ok
16:52:13.0133 1800 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:52:13.0164 1800 tcpipreg - ok
16:52:13.0211 1800 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:52:13.0211 1800 TDPIPE - ok
16:52:13.0227 1800 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:52:13.0242 1800 TDTCP - ok
16:52:13.0289 1800 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:52:13.0305 1800 tdx - ok
16:52:13.0320 1800 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:52:13.0320 1800 TermDD - ok
16:52:13.0461 1800 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
16:52:13.0476 1800 TermService - ok
16:52:13.0554 1800 [ 2AD15758174DCC7993FF3C00A955DD66 ] Themes C:\Windows\system32\shsvcs.dll
16:52:13.0554 1800 Themes - ok
16:52:13.0601 1800 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
16:52:13.0601 1800 THREADORDER - ok
16:52:13.0664 1800 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
16:52:13.0679 1800 TrkWks - ok
16:52:13.0726 1800 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:52:13.0726 1800 TrustedInstaller - ok
16:52:13.0757 1800 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:52:13.0757 1800 tssecsrv - ok
16:52:13.0804 1800 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:52:13.0820 1800 tunmp - ok
16:52:13.0882 1800 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:52:13.0898 1800 tunnel - ok
16:52:13.0944 1800 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:52:13.0960 1800 uagp35 - ok
16:52:14.0069 1800 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:52:14.0085 1800 udfs - ok
16:52:14.0116 1800 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:52:14.0116 1800 UI0Detect - ok
16:52:14.0178 1800 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:52:14.0194 1800 uliagpkx - ok
16:52:14.0272 1800 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:52:14.0288 1800 uliahci - ok
16:52:14.0319 1800 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:52:14.0334 1800 UlSata - ok
16:52:14.0381 1800 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:52:14.0412 1800 ulsata2 - ok
16:52:14.0428 1800 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:52:14.0444 1800 umbus - ok
16:52:14.0475 1800 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
16:52:14.0490 1800 upnphost - ok
16:52:14.0506 1800 USBAAPL64 - ok
16:52:14.0568 1800 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:52:14.0568 1800 usbccgp - ok
16:52:14.0600 1800 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:52:14.0615 1800 usbcir - ok
16:52:14.0678 1800 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:52:14.0678 1800 usbehci - ok
16:52:14.0693 1800 [ 99045369AE3216216573D0775FD7ED56 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:52:14.0709 1800 usbhub - ok
16:52:14.0724 1800 [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:52:14.0740 1800 usbohci - ok
16:52:14.0756 1800 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:52:14.0771 1800 usbprint - ok
16:52:14.0880 1800 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:52:14.0880 1800 usbscan - ok
16:52:14.0927 1800 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:14.0943 1800 USBSTOR - ok
16:52:14.0974 1800 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:52:14.0990 1800 usbuhci - ok
16:52:15.0021 1800 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
16:52:15.0036 1800 UxSms - ok
16:52:15.0161 1800 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
16:52:15.0255 1800 vds - ok
16:52:15.0302 1800 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:15.0333 1800 vga - ok
16:52:15.0364 1800 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:52:15.0364 1800 VgaSave - ok
16:52:15.0473 1800 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
16:52:15.0504 1800 viaide - ok
16:52:15.0536 1800 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:52:15.0551 1800 volmgr - ok
16:52:15.0598 1800 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:52:15.0629 1800 volmgrx - ok
16:52:15.0723 1800 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:52:15.0723 1800 volsnap - ok
16:52:15.0801 1800 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:52:15.0816 1800 vsmraid - ok
16:52:16.0004 1800 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
16:52:16.0035 1800 VSS - ok
16:52:16.0050 1800 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
16:52:16.0082 1800 W32Time - ok
16:52:16.0097 1800 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:52:16.0113 1800 WacomPen - ok
16:52:16.0175 1800 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:52:16.0191 1800 Wanarp - ok
16:52:16.0206 1800 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:52:16.0206 1800 Wanarpv6 - ok
16:52:16.0300 1800 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:52:16.0331 1800 wcncsvc - ok
16:52:16.0362 1800 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:52:16.0362 1800 WcsPlugInService - ok
16:52:16.0394 1800 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
16:52:16.0409 1800 Wd - ok
16:52:16.0550 1800 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:52:16.0596 1800 Wdf01000 - ok
16:52:16.0628 1800 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:52:16.0643 1800 WdiServiceHost - ok
16:52:16.0643 1800 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:52:16.0643 1800 WdiSystemHost - ok
16:52:16.0706 1800 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
16:52:16.0721 1800 WebClient - ok
16:52:17.0002 1800 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:52:17.0018 1800 Wecsvc - ok
16:52:17.0033 1800 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:52:17.0033 1800 wercplsupport - ok
16:52:17.0064 1800 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
16:52:17.0080 1800 WerSvc - ok
16:52:17.0111 1800 WinDefend - ok
16:52:17.0127 1800 WinHttpAutoProxySvc - ok
16:52:17.0298 1800 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:52:17.0314 1800 Winmgmt - ok
16:52:17.0501 1800 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
16:52:18.0047 1800 WinRM - ok
16:52:18.0172 1800 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:52:18.0203 1800 Wlansvc - ok
16:52:18.0234 1800 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:52:18.0250 1800 WmiAcpi - ok
16:52:18.0328 1800 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:52:18.0344 1800 wmiApSrv - ok
16:52:18.0422 1800 WMPNetworkSvc - ok
16:52:18.0500 1800 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:52:18.0515 1800 WPCSvc - ok
16:52:18.0531 1800 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:52:18.0546 1800 WPDBusEnum - ok
16:52:18.0578 1800 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:52:18.0578 1800 WpdUsb - ok
16:52:18.0702 1800 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:52:18.0718 1800 WPFFontCache_v0400 - ok
16:52:18.0734 1800 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:52:18.0734 1800 ws2ifsl - ok
16:52:18.0780 1800 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
16:52:18.0796 1800 wscsvc - ok
16:52:18.0796 1800 WSearch - ok
16:52:18.0983 1800 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:52:19.0030 1800 wuauserv - ok
16:52:19.0046 1800 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:19.0061 1800 WUDFRd - ok
16:52:19.0092 1800 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:52:19.0108 1800 wudfsvc - ok
16:52:19.0404 1800 ================ Scan global ===============================
16:52:19.0420 1800 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:52:19.0451 1800 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
16:52:19.0467 1800 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
16:52:19.0560 1800 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:52:19.0576 1800 [Global] - ok
16:52:19.0576 1800 ================ Scan MBR ==================================
16:52:19.0592 1800 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:52:20.0574 1800 \Device\Harddisk0\DR0 - ok
16:52:20.0574 1800 ================ Scan VBR ==================================
16:52:20.0606 1800 [ 578664CEC37026B9C70BBE8DC079346F ] \Device\Harddisk0\DR0\Partition1
16:52:20.0606 1800 \Device\Harddisk0\DR0\Partition1 - ok
16:52:20.0606 1800 ============================================================
16:52:20.0606 1800 Scan finished
16:52:20.0606 1800 ============================================================
16:52:20.0621 1496 Detected object count: 0
16:52:20.0621 1496 Actual detected object count: 0
16:53:09.0824 1088 Deinitialize success

#4 edinho1

edinho1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 17 September 2012 - 10:56 AM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.15.06

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Glen :: GLEN-PC [administrator]

17/09/2012 16:48:36
mbam-log-2012-09-17 (16-55-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202414
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Glen\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> No action taken.

Files Detected: 2
C:\Users\Glen\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> No action taken.
C:\Users\Glen\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> No action taken.

(end)

#5 edinho1

edinho1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 17 September 2012 - 01:23 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-17 17:14:01
-----------------------------
17:14:01.109 OS Version: Windows x64 6.0.6002 Service Pack 2
17:14:01.110 Number of processors: 4 586 0x203
17:14:01.111 ComputerName: GLEN-PC UserName: Glen
17:14:03.610 Initialize success
17:22:07.953 AVAST engine defs: 12091400
17:22:24.136 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
17:22:24.143 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 476940MB BusType: 6
17:22:24.153 Disk 0 MBR read successfully
17:22:24.157 Disk 0 MBR scan
17:22:24.165 Disk 0 Windows VISTA default MBR code
17:22:24.180 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16196 MB offset 2048
17:22:24.212 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 460741 MB offset 33173280
17:22:24.278 Disk 0 scanning C:\Windows\system32\drivers
17:22:37.049 Service scanning
17:23:04.317 Modules scanning
17:23:04.329 Disk 0 trace - called modules:
17:23:04.343 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8004b852c0]<<spop.sys storport.sys hal.dll nvstor64.sys
17:23:04.349 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e62790]
17:23:04.700 3 CLASSPNP.SYS[fffffa6000fccc33] -> nt!IofCallDriver -> [0xfffffa8004cffe40]
17:23:04.708 5 acpi.sys[fffffa600096aff6] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8004cf5910]
17:23:04.716 \Driver\nvstor64[0xfffffa8004cf2690] -> IRP_MJ_CREATE -> 0xfffffa8004b852c0
17:23:07.683 AVAST engine scan C:\Windows
17:23:16.947 AVAST engine scan C:\Windows\system32
17:27:25.168 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:27:28.670 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:29:34.710 AVAST engine scan C:\Windows\system32\drivers
17:30:06.476 AVAST engine scan C:\Users\Glen
17:54:22.349 Disk 0 MBR has been saved successfully to "C:\Users\Glen\Downloads\MBR.dat"
17:54:22.353 The log file has been saved successfully to "C:\Users\Glen\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-17 18:17:06
-----------------------------
18:17:06.430 OS Version: Windows x64 6.0.6002 Service Pack 2
18:17:06.430 Number of processors: 4 586 0x203
18:17:06.431 ComputerName: GLEN-PC UserName: Glen
18:17:08.593 Initialize success
18:24:45.099 AVAST engine defs: 12091400
18:46:10.002 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
18:46:10.004 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 476940MB BusType: 6
18:46:10.016 Disk 0 MBR read successfully
18:46:10.019 Disk 0 MBR scan
18:46:10.024 Disk 0 Windows VISTA default MBR code
18:46:10.035 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16196 MB offset 2048
18:46:10.051 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 460741 MB offset 33173280
18:46:10.074 Disk 0 scanning C:\Windows\system32\drivers
18:46:17.005 Service scanning
18:46:33.442 Modules scanning
18:46:33.442 Disk 0 trace - called modules:
18:46:33.462 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
18:46:33.462 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ea9560]
18:46:33.463 3 CLASSPNP.SYS[fffffa6000fc8c33] -> nt!IofCallDriver -> [0xfffffa8004c716f0]
18:46:33.463 5 acpi.sys[fffffa6000971ff6] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8004c739e0]
18:46:35.094 AVAST engine scan C:\Windows
18:46:38.535 AVAST engine scan C:\Windows\system32
18:48:31.030 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:48:33.136 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:50:01.635 AVAST engine scan C:\Windows\system32\drivers
18:50:27.094 AVAST engine scan C:\Users\Glen
19:10:19.324 AVAST engine scan C:\ProgramData
19:13:31.298 Scan finished successfully
19:21:02.715 Disk 0 MBR has been saved successfully to "C:\Users\Glen\Downloads\MBR.dat"
19:21:02.746 The log file has been saved successfully to "C:\Users\Glen\Downloads\aswMBR.txt"

#6 edinho1

edinho1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 17 September 2012 - 04:01 PM

C:\Users\Glen\AppData\Local\Microsoft\Windows\4356\themecpl.exe Win32/TrojanDownloader.Retacino.A trojan cleaned by deleting - quarantined

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:09 PM

Posted 17 September 2012 - 11:05 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#8 edinho1

edinho1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 19 September 2012 - 05:44 PM

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 23:40:21
# Updated 16/09/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Glen - GLEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Glen\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\Program Files (x86)\vShare.tv plugin
Deleted on reboot : C:\ProgramData\AVG Secure Search
Deleted on reboot : C:\Users\Glen\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\Glen\AppData\Local\Temp\avg@toolbar
Deleted on reboot : C:\Users\Glen\AppData\LocalLow\AVG Secure Search
Deleted on reboot : C:\Users\Glen\AppData\LocalLow\FunWebProducts
Deleted on reboot : C:\Users\Glen\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\1s5jadvl.default\extensions\DTToolbar@toolbarnet.com
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\1s5jadvl.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\1s5jadvl.default\searchplugins\Startsear.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\1s5jadvl.default\prefs.js

C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\1s5jadvl.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Glen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"apps_promo_counter":11,"backup":{"_signature":"ruzWAsJCEXf6VUngsPMwaSIB+E3W816jBWTzdr28usM=","_version":4,"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","jfmjfhklogoienhpfnppmbcbjfjnkonk","jgceplfonlgodadnpognljgdjlcnpjnh","jmfkcklnlgedgbglfkkgedjfmejoahla","kpionmjnkbpcdpcflammlgllecmejgjj","pjkljhegncpnkpknbcohdijeoejaedia"]},"homepage":"hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0"]}},"browser":{"last_known_google_url":"hxxp://www.google.co.uk/","last_prompted_google_url":"hxxp://www.google.co.uk/","window_placement":{"bottom":728,"left":10,"maximized":true,"right":1014,"top":10,"work_area_bottom":740,"work_area_left":0,"work_area_right":1024,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","","id":"16","instant_url":"","keyword":"startsear.ch","name":"Web Search","prepopulate_id":"0","search_url":"hxxp://startsear.ch/?aff=1&src=sp&cf=e9974b5f-021f-11e1-8605-001fc6c0b586&q={searchTerms}","suggest_url":""},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":true,"make_chrome_default":false,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://ad-emea.doubleclick.net/",["hxxp://s0.2mdn.net/",2.145776599045350]],["hxxp://ad.doubleclick.net/",["hxxp://s0.2mdn.net/",1.694070450978279]],["hxxp://ad.turn.com/",["hxxp://cdn.turn.com/",1.694070450978279]],["hxxp://ads.clicksor.com/",["hxxp://www.google-analytics.com/",0.9782478442229510]],["hxxp://ads.lzjl.com/",["hxxp://nikkomsgchannel/",3.392894622422135]],["hxxp://ads.pubmatic.com/",["hxxp://ads.pubmatic.com/",4.328233139954723,"hxxp://aud.pubmatic.com/",0.5846334592267560,"hxxp://eu.bid.invitemedia.com/",3.081115116577939,"hxxp://i.w55c.net/",0.4663147829546746,"hxxp://ib.adnxs.com/",0.4663147829546746,"hxxp://image2.pubmatic.com/",0.9395894880430009,"hxxp://pixel.quantserve.com/",0.5254741210907153,"hxxp://showadsak.pubmatic.com/",2.457556104889546,"hxxp://track.pubmatic.com/",3.081115116577939,"hxxp://www.adadvisor.net/",0.4071554448186338]],["hxxp://ads.yesadvertising.com/",["hxxp://creative.clicksor.com/",2.145776599045350,"hxxp://pub.clicksor.net/",2.145776599045350]],["hxxp://advertisers24.com/",["hxxp://advertisers24.com/",2.769335610733743,"hxxp://uk.shopzani.com/",2.769335610733743]],["hxxp://beacon.lijit.com/",["hxxp://ad.turn.com/",1.070511439289887,"hxxp://ce.lijit.com/",1.342133744781350,"hxxp://cm.g.doubleclick.net/",1.070511439289887,"hxxp://gcm.chango.com/",0.9347002865441546,"hxxp://idpix.media6degrees.com/",0.9347002865441546,"hxxp://lj.d.chango.com/",0.9347002865441546,"hxxp://ssp.orbengine.com/",0.9347002865441546,"hxxp://sync.mathtag.com/",1.070511439289887,"hxxp://um.simpli.fi/",0.9347002865441546]],["hxxp://bpid.bigpoint.net/",["hxxp://bpid.bigpoint.net/",2.145776599045350,"hxxp://de.bigpoint.com/",2.145776599045350,"hxxp://www.bigpoint.com/",2.145776599045350,"hxxp://www.bigpoint.de/",2.145776599045350,"hxxp://www.drakensang-online.com/",2.457556104889546]],["hxxp://cdn.oggifinogi.com/",["hxxp://cdn.oggifinogi.com/",2.457556104889546,"hxxp://collective.vo.llnwd.net/",2.145776599045350,"hxxp://tiger.vizu.com/",3.081115116577939,"hxxp://tracking.oggifinogi.com/",3.081115116577939]],["hxxp://cdn.turn.com/",["hxxp://ce.lijit.com/",0.2145194931788995,"hxxp://image2.pubmatic.com/",2.145776599045350]],["hxxp://chamileandcoffee.com/",["hxxp://chamileandcoffee.com/",9.940264245150251]],["hxxp://dg.specificclick.net/",["hxxp://b.scorecardresearch.com/",1.164746936061340,"hxxp://cs.specificclick.net/",1.070511439289887,"hxxp://ib.adnxs.com/",1.070511439289887,"hxxp://load.s3.amazonaws.com/",1.070511439289887,"hxxp://loadm.exelator.com/",1.342133744781350]],["hxxp://dp2.specificclick.net/",["hxxp://ads.adviva.net/",2.457556104889546,"hxxp://b.scorecardresearch.com/",2.457556104889546,"hxxp://td.kectd.com/",2.457556104889546]],["hxxp://eu.bid.invitemedia.com/",["hxxp://ad-emea.doubleclick.net/",2.457556104889546,"hxxp://ad.doubleclick.net/",1.089873794643067,"hxxp://c.betrad.com/",2.455310494291933,"hxxp://cm.g.doubleclick.net/",0.4071554448186338,"hxxp://eu.px.invitemedia.com/",1.030714456507026,"hxxp://g-pixel.invitemedia.com/",0.4071554448186338,"hxxp://l.betrad.com/",1.030714456507026,"hxxp://pixel.invitemedia.com/",1.713432806331459]],["hxxp://fls.doubleclick.net/",["hxxp://ad.doubleclick.net/",2.145776599045350,"hxxp://dp2.specificclick.net/",2.457556104889546,"hxxp://r.turn.com/",2.145776599045350]],["hxxp://go.sky.com/",["hxxp://aka.media.entertainment.sky.com/",6.701480840389999,"hxxp://b.scorecardresearch.com/",2.5295730496120,"hxxp://ecustomeropinions.com/",2.2086570657060,"hxxp://epgstatic.sky.com/",14.724380438040,"hxxp://go.sky.com/",19.53812019662999,"hxxp://metrics.sky.com/",2.5295730496120]],["hxxp://helpforum.sky.com/",["hxxp://b.scorecardresearch.com/",1.457713663365960,"hxxp://bskyb.i.lithium.com/",6.329218299059038,"hxxp://global.sky.com/",5.058391002791279,"hxxp://helpforum.sky.com/",5.167502437319319,"hxxp://metrics.sky.com/",1.457713663365960,"hxxp://www.sky.com/",1.457713663365960]],["hxxp://ib.adnxs.com/",["hxxp://ad.yieldmanager.com/",2.457556104889546,"hxxp://ads.pubmatic.com/",3.081115116577939,"hxxp://cms.quantserve.com/",2.145776599045350,"hxxp://d.agkn.com/",2.145776599045350,"hxxp://ib.adnxs.com/",2.457556104889546,"hxxp://p.rightaction.com/",2.457556104889546,"hxxp://pixel.rubiconproject.com/",2.145776599045350,"hxxp://rc.rlcdn.com/",2.457556104889546,"hxxp://rd.rlcdn.com/",2.145776599045350,"hxxp://track.pubmatic.com/",2.457556104889546]],["hxxp://img.ibtimes.com/",["hxxp://a.collective-media.net/",2.457556104889546,"hxxp://ad.doubleclick.net/",2.145776599045350,"hxxp://img.ibtimes.com/",6.510689680864095,"hxxp://oascentral.ibtimes.com/",2.457556104889546]],["hxxp://pixel.invitemedia.com/",["hxxp://adadvisor.net/",2.145776599045350,"hxxp://cms.ad.yieldmanager.net/",2.457556104889546,"hxxp://cookex.amp.yahoo.com/",2.145776599045350,"hxxp://googleads.g.doubleclick.net/",2.145776599045350,"hxxp://segment-pixel.invitemedia.com/",1.030714456507026,"hxxp://tags.bluekai.com/",0.4071554448186338]],["hxxp://platform.twitter.com/",["hxxp://cdn.api.twitter.com/",0.1185821516128818,"hxxp://p.twitter.com/",0.4303616574570779]],["hxxp://resources.infolinks.com/",["hxxp://rt1303.infolinks.com/",2.457556104889546,"hxxp://rt1402.infolinks.com/",2.145776599045350]],["hxxp://s.ytimg.com/",["hxxp://i3.ytimg.com/",2.457556104889546]],["hxxp://s7.addthis.com/",["hxxp://ad.yieldmanager.com/",2.2086570657060,"hxxp://cf.addthis.com/",2.2086570657060,"hxxp://cs.go.affec.tv/",0.4071554448186338,"hxxp://cspix.media6degrees.com/",0.4071554448186338,"hxxp://ds.addthis.com/",0.4071554448186338,"hxxp://ib.adnxs.com/",0.4071554448186338,"hxxp://l.addthiscdn.com/",0.4071554448186338,"hxxp://m.addthisedge.com/",0.5724306130076199]],["hxxp://search.yahoo.com/",["hxxp://a.l.yimg.com/",1.381464025589894,"hxxp://ac.ybinst3.ec.yimg.com/",0.9620910178215336]],["hxxp://series-cravings.info/",["hxxp://1.gravatar.com/",6.766348875656337,"hxxp://ad.yieldmanager.com/",1.621987029227101,"hxxp://ads.clicksor.com/",1.621987029227101,"hxxp://ads.lzjl.com/",1.416212555369931,"hxxp://cm.ac3.msn.com/",1.416212555369931,"hxxp://content.yieldmanager.edgesuite.net/",1.416212555369931,"hxxp://m.adnxs.com/",1.416212555369931,"hxxp://series-cravings.info/",5.737476506370490,"hxxp://serw.myroitracking.com/",1.416212555369931,"hxxp://static.hatid.com/",1.416212555369931]],["hxxp://serw.clicksor.com/",["hxxp://advertisers24.com/",2.457556104889546,"hxxp://chamileandcoffee.com/",1.070511439289887,"hxxp://nikkomsgchannel/",1.694070450978279,"hxxp://pub.clicksor.net/",2.005849956822475,"hxxp://serw.clicksor.com/",2.145776599045350,"hxxp://uk.tv.ibtimes.com/",2.457556104889546]],["hxxp://uk.shopzani.com/",["hxxp://ajax.googleapis.com/",2.145776599045350,"hxxp://ch.shopzani.com/",2.145776599045350,"hxxp://r.kelkoo.com/",14.3051773269690,"hxxp://shopzani.com/",6.822469186708291,"hxxp://uk.shopzani.com/",3.081115116577939]],["hxxp://uk.tv.ibtimes.com/",["hxxp://a.collective-media.net/",2.457556104889546,"hxxp://api.bizographics.com/",2.145776599045350,"hxxp://c.betrad.com/",2.457556104889546,"hxxp://cdn.oggifinogi.com/",3.081115116577939,"hxxp://ib.adnxs.com/",3.932023743927918,"hxxp://img.ibtimes.com/",9.559394400810984,"hxxp://l.betrad.com/",2.457556104889546,"hxxp://l.collective-media.net/",2.769335610733743,"hxxp://p.brilig.com/",2.457556104889546,"hxxp://www.google-analytics.com/",2.457556104889546]],["hxxp://videosuk.foxtv.es/",["hxxp://ad-emea.doubleclick.net/",2.145776599045350,"hxxp://nikkomsgchannel/",2.457556104889546,"hxxp://s0.2mdn.net/",2.145776599045350,"hxxp://www4.smartadserver.com/",3.081115116577939]],["hxxp://view.atdmt.com/",["hxxp://ec.atdmt.com/",2.145776599045350,"hxxp://ib.adnxs.com/",2.145776599045350]],["hxxp://vk.com/",["hxxp://cs505310.userapi.com/",1.518102097879814,"hxxp://cshxxp/",0.9347002865441546,"hxxp://vk.com/",2.141661109568207,"hxxp://www.tns-counter.ru/",1.382290945134083]],["hxxp://www.blogger.com/",["hxxp://img1.blogblog.com/",1.246479792388351]],["hxxp://www.brandalley.co.uk/",["hxxp://eu-sonar.sociomantic.com/",2.457556104889546,"hxxp://googleads.g.doubleclick.net/",2.457556104889546,"hxxp://logi125.xiti.com/",2.769335610733743,"hxxp://media.brandalley.com/",33.63550668930920,"hxxp://nikkomsgchannel/",2.145776599045350,"hxxp://platform.twitter.com/",2.457556104889546,"hxxp://www.brandalley.co.uk/",3.392894622422135,"hxxp://www.facebook.com/",3.081115116577939,"hxxp://www.googleadservices.com/",2.769335610733743,"hxxps://s-static.ak.fbcdn.net/",2.457556104889546]],["hxxp://www.drakensang-online.com/",["hxxp://assets.bigpoint.net/",2.145776599045350,"hxxp://bpid.bigpoint.net/",2.145776599045350,"hxxp://connect.facebook.net/",2.145776599045350,"hxxp://landingpages.bpcdn.net/",7.757807704240880,"hxxp://nikkomsgchannel/",2.457556104889546,"hxxp://sha.a.bpcdn.net/",2.457556104889546,"hxxp://www.facebook.com/",2.457556104889546,"hxxp://www.google-analytics.com/",2.769335610733743,"hxxps://ajax.googleapis.com/",2.145776599045350]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",1.132806324145848,"hxxps://s-static.ak.fbcdn.net/",0.06450483259486851]],["hxxp://www.google.co.uk/",["hxxp://id.google.co.uk/",2.145776599045350,"hxxp://nikkomsgchannel/",2.145776599045350,"hxxp://ssl.gstatic.com/",2.457556104889546,"hxxp://www.google.co.uk/",5.575351163331506,"hxxp://www.google.com/",2.145776599045350]],["hxxp://www.google.com/",["hxxp://www.google.co.uk/",2.457556104889546]],["hxxp://www.jstream.info/",["hxxp://ads.clicksor.com/",2.457556104889546,"hxxp://cdn.turn.com/",3.081115116577939,"hxxp://pub.clicksor.net/",2.145776599045350,"hxxp://s0.2mdn.net/",2.457556104889546,"hxxp://s10.histats.com/",2.145776599045350,"hxxp://serw.clicksor.com/",2.769335610733743,"hxxp://serw.myroitracking.com/",2.145776599045350,"hxxp://tag.admeld.com/",3.081115116577939,"hxxp://vap1dfw1.lijit.com/",2.145776599045350,"hxxp://www.blogger.com/",3.486428474175393]],["hxxp://www.mystart.com/",["hxxp://www2.mystart.com/",1.494120538045807]],["hxxp://www.roulettebotplus.com/",["hxxp://images.scanalert.com/",2.145776599045350,"hxxp://lpage.roulettebotplus.com/",13.36983880943641,"hxxp://sfiles.roulettebotplus.com/",2.145776599045350,"hxxp://www.youtube.com/",3.081115116577939,"hxxps://server.iad.liveperson.net/",2.145776599045350]],["hxxp://www.youtube.com/",["hxxp://s.ytimg.com/",3.704674128266330]],["hxxp://www2.mystart.com/",["hxxp://nikkomsgchannel/",1.206322592035618,"hxxp://s7.addthis.com/",2.946713664311349,"hxxp://www.facebook.com/",1.712343407101886,"hxxp://www.google-analytics.com/",2.169070543753618,"hxxp://www2.mystart.com/",35.28782289225315]],["hxxp://yores.in/",["hxxp://nikkomsgchannel/",2.457556104889546,"hxxp://yores.in/",2.145776599045350]],["hxxps://plusone.google.com/",["hxxps://apis.google.com/",0.8547461034085616,"hxxps://plusone.google.com/",1.225684947388799]],["hxxps://skyid.sky.com/",["hxxps://sb.scorecardresearch.com/",2.2086570657060,"hxxps://skyid.sky.com/",5.096900920859999,"hxxps://smetrics.sky.com/",2.2086570657060]]],"startup_list":[1,"hxxp://linkhelp.clients.google.com/","hxxp://www.mystart.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"12980884612953371","next_check":"12992004659745729"},"blacklistupdate":{"lastpingday":"12980847606279371","version":"0.0.0.103"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"t","from_bookmark":true,"from_webstore":false,"install_time":"12980884616301371","lastpingday":"12980847606323371","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_bit":false,"app_launcher_ordinal":"x","from_bookmark":true,"from_webstore":false,"install_time":"12980884620694371","last_active_pingday":"12980847606323371","lastpingday":"12980847606323371","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{"blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true},"hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true},"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true},"ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true},"iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true},"jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true},"jfmjfhklogoienhpfnppmbcbjfjnkonk":{"ack_external":true,"active_permissions":{"api":["tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"12977963737714763","lastpingday":"12980847606323371","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"js":["contentscript.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_idle"}],"description":"RealPlayer HTML5Video Downloader Extension","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl0WKWTrid8Fh+tsoJPRheLc7tksPgH1NfLF79Fj3YKb0fk2Fip1eE/chfSnGWQkxe5Ck2r+ZPba7m+FWQhZDCE5EXvOTDoqi7TEvjccW5pMpW5wCUOLKQVSttgBwkY8EUYt40SwtJ6HmLoPZfQmo9W3qAjnlhlF5AkY4jYgBv3QIDAQAB","name":"RealPlayer HTML5Video Downloader Extension","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"version":"1.5"},"path":"jfmjfhklogoienhpfnppmbcbjfjnkonk\\1.5_0","state":1},"jgceplfonlgodadnpognljgdjlcnpjnh":{"ack_external":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"incognito":true,"install_time":"12980884195381371","lastpingday":"12980847606323371","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"all_frames":true,"js":["content_script.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_idle"}],"description":"The Nielsen Company","icons":{"128":"icon.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCaaxn4LCQLVE5NHGbCvhgmNKQrAoF2P/+yz3pye+Bd1yf+mFet7WEKVIMVqybkgXvU8hkZJb1zJJ/FBV8pCe5wB2BVbLZnO64QULCGGGqaVO1kXfhZiLoHqyj0UF7xjzyHrlwqGgH5V44Xph6mU6BBlaoOw6VYwdMXGwani3I4IQIDAQAB","minimum_chrome_version":"5.0.0.0","name":"Nielsen","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"plugins":[{"path":"chrometracker.dll","public":true}],"version":"1.3.0"},"path":"jgceplfonlgodadnpognljgdjlcnpjnh\\1.3.0_0","state":1},"jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jmfkcklnlgedgbglfkkgedjfmejoahla":{"ack_external":true,"active_permissions":{"api":["plugin"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"12977963744753763","lastpingday":"12980847606323371","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"js":["content/jquery-1.4.4.min.js","content/avgls-inline.js","content/searchengine.js","content/searchshield.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"}],"description":"Securing your clicks.","format_version":1,"icons":{"128":"content/Icons/128x128.png","16":"content/Icons/16x16.png","48":"content/Icons/48x48.png","64":"content/Icons/64x64.png"},"id":"881AC4EF96904f5fA0B49048C377CD59E8A84102","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrH3sthUrxOpfC3hPSHs4tIWO24/z8ZQCH5oHRTRkwgdSZ7/ah1PgRHQeNkTYJT0bwLQoxsG1jBLvWLu4I9t3KCTXj0uanaCw7VJjmSIPQCip/1m7ewfS9XdPR9CSUkR2wwp8HeDryToyCINwP8Yg3Lws/FV0nGmF2IV8jpQ6OWQIDAQAB","minimum_chrome_version":"9","name":"AVG Safe Search","plugins":[{"path":"plugins/avgnpss.dll","public":true}],"version":"12.0.0.1901"},"path":"jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0","state":1},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true},"jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true},"kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true},"kpionmjnkbpcdpcflammlgllecmejgjj":{"ack_external":true,"active_permissions":{"api":["plugin"]},"from_bookmark":false,"from_webstore":false,"install_time":"12977963738567763","lastpingday":"12980847606323371","location":3,"manifest":{"description":"vshare.tv plugin","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpPRKTnNjvUjPNU4/mQ9/fcxH6wfZK8ee1K0cXrMtIw1lNvM+J1twbyzw+f9xyShibfMyAy6Hy/yr1IUTyt9DJCfp01Y9ihQdRXPKph+WAdknVtCc3gJY844OTov5YW+GIvt+NHCQtUUgZRFej+/nlGV7OK4UTGDra6+2FQpNX5wIDAQAB","name":"vshare plugin","plugins":[{"path":"chvsharetvplg.dll","public":true}],"version":"1.3"},"path":"kpionmjnkbpcdpcflammlgllecmejgjj\\1.3_0","state":1},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true},"lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true},"mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true},"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true},"mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true},"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"w","from_bookmark":true,"from_webstore":false,"install_time":"12980884618553371","lastpingday":"12980847606323371","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_0","state":1},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}}},"homepage":"hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0","homepage_is_newtabpage":false,"hxxp_throttling":{"enabled":true},"instant":{"enabled_time":"12977963683819763"},"net":{"hxxp_server_properties":{"ajax.googleapis.com:443":{"settings":[{"id":5,"value":4},{"id":6,"value":25}],"supports_spdy":true},"clients1.google.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"clients2.google.com:443":{"settings":[{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"plusone.google.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"ssl.gstatic.com:443":{"settings":[{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true}}},"ntp":{"app_page_names":["Apps"],"promo_closed":false,"promo_end":1333353540.0,"promo_feature_mask":0,"promo_group":88,"promo_group_max":99,"promo_group_timeslice":0,"promo_is_logged_in_to_plus":false,"promo_line":"<b>New!</b> Browse the web with twice the mice. <a href=\"hxxp://google.com/chrome/multitask\">Try Chrome Multitask Mode</a>","promo_resource_cache_update":"1347530627.368929","promo_start":1333267260.0,"promo_views":0,"promo_views_max":15,"sign_in_promo":{"group_max":100}},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Users\\Glen\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89","plugins_list":[{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Users\\Glen\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Users\\Glen\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Users\\Glen\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89\\gcswf32.dll","version":"11,2,202,228"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32.dll","version":"10,3,183,11"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"vShare.tv plug-in","path":"C:\\Users\\Glen\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\kpionmjnkbpcdpcflammlgllecmejgjj\\1.3_0\\chvsharetvplg.dll","version":"1.3.0.1"},{"enabled":true,"name":"vShare.tv plug-in","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npvsharetvplg.dll","version":"1.3.0.1"},{"enabled":true,"name":"vShare.tv plug-in"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.2.45"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.260.3","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.260.3"},{"enabled":true,"name":"Java™ Platform SE 6 U26","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.260.3"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Microsoft® Windows Media Player Firefox Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\np-mswmp.dll","version":"1.0.0.8"},{"enabled":true,"name":"Windows Media Player"},{"enabled":true,"name":"Cortona3D Viewer","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npCortona.dll","version":"6, 0, 0, 179"},{"enabled":true,"name":"Cortona3D Viewer"},{"enabled":true,"name":"RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nppl3260.dll","version":"12.0.1.666"},{"enabled":true,"name":"RealPlayer Version Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nprpjplug.dll","version":"12.0.1.666"},{"enabled":true,"name":"RealPlayer™ HTML5VideoShim Plug-In (32-bit) ","path":"C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprphtml5videoshim.dll","version":"12.0.1.666"},{"enabled":true,"name":"RealPlayer"},{"enabled":true,"name":"QuickTime Plug-in 7.6.8","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin.dll","version":"7.6.8 (1675)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.8","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin2.dll","version":"7.6.8 (1675)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.8","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin3.dll","version":"7.6.8 (1675)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.8","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin4.dll","version":"7.6.8 (1675)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.8","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin5.dll","version":"7.6.8 (1675)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.8","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin6.dll","version":"7.6.8 (1675)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.8","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin7.dll","version":"7.6.8 (1675)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"RealJukebox NS Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nprjplug.dll","version":"12.0.1.666"},{"enabled":true,"name":"RealJukebox NS Plugin"},{"enabled":true,"name":"Snapfish Plugin for Firefox","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npsnapfish.dll","version":"1, 0, 0, 1"},{"enabled":true,"name":"Snapfish Plugin for Firefox"},{"enabled":true,"name":"Google Earth Plugin","path":"C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll","version":"6.1.0.5001"},{"enabled":true,"name":"Google Earth Plugin"},{"enabled":true,"name":"Google Updater","path":"C:\\Program Files (x86)\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll","version":"2.4.2432.1652.beta"},{"enabled":true,"name":"Google Updater"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll","version":"1.3.21.111"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Veetle TV Player","path":"C:\\Program Files (x86)\\Veetle\\Player\\npvlc.dll","version":"0.9.18"},{"enabled":true,"name":"Veetle TV Player"},{"enabled":true,"name":"Veetle Broadcaster Plugin","path":"C:\\Program Files (x86)\\Veetle\\VLCBroadcast\\npvbp.dll","version":"0.9.16"},{"enabled":true,"name":"Veetle Broadcaster Plugin"},{"enabled":true,"name":"Veetle TV Core","path":"C:\\Program Files (x86)\\Veetle\\plugins\\npVeetle.dll","version":"0.9.18"},{"enabled":true,"name":"Veetle TV Core"},{"enabled":true,"name":"VLC Multimedia Plug-in","path":"C:\\Program Files (x86)\\VideoLAN\\VLC\\npvlc.dll","version":"0.9.2"},{"enabled":true,"name":"VLC Multimedia Plug-in"},{"enabled":true,"name":"Yahoo! activeX Plug-in Bridge","path":"C:\\Program Files (x86)\\Yahoo!\\Common\\npyaxmpb.dll","version":"2006, 8, 16, 1"},{"enabled":true,"name":"Yahoo! activeX Plug-in Bridge"},{"enabled":true,"name":"RealNetworks™ Chrome Background Extension Plug-In (32-bit) ","path":"C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprpchromebrowserrecordext.dll","version":"12.0.1.666"},{"enabled":true,"name":"RealNetworks™ Chrome Background Extension Plug-In (32-bit) "},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll","version":"11.5.9r620"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\4.1.10111.0\\npctrl.dll","version":"4.1.10111.0"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Presentation Foundation","path":"c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll","version":"3.5.30729.1 built by: SP"},{"enabled":true,"name":"Windows Presentation Foundation"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"id":"not-signed-in","name":"First user","nickname":""},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0"]},"sync_promo":{"startup_count":1,"user_skipped":true,"view_count":1}}

*************************

AdwCleaner[R1].txt - [45954 octets] - [19/09/2012 23:38:37]
AdwCleaner[S2].txt - [45626 octets] - [19/09/2012 23:40:21]

########## EOF - C:\AdwCleaner[S2].txt - [45687 octets] ##########

#9 edinho1

edinho1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 19 September 2012 - 05:46 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Glen (administrator) on 19-09-2012 at 23:45:20
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=enabled
set subinterface interface=) subinterface=ethernet_5 mtu=1500


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Glen-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1F-C6-C0-B5-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::41f6:8400:655:dbbd%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 19 September 2012 23:42:20
Lease Expires . . . . . . . . . . : 20 September 2012 23:42:19
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 251666374
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-70-7C-5D-00-1F-C6-C0-B5-86
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: myrouter.home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:805::100e
74.125.230.96
74.125.230.110
74.125.230.105
74.125.230.104
74.125.230.103
74.125.230.102
74.125.230.101
74.125.230.100
74.125.230.99
74.125.230.98
74.125.230.97



Pinging google.com [74.125.230.97] with 32 bytes of data:

Reply from 74.125.230.97: bytes=32 time=49ms TTL=57

Reply from 74.125.230.97: bytes=32 time=48ms TTL=57



Ping statistics for 74.125.230.97:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 49ms, Average = 48ms

Server: myrouter.home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=1078ms TTL=54

Reply from 72.30.38.140: bytes=32 time=987ms TTL=54



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 987ms, Maximum = 1078ms, Average = 1032ms

Server: myrouter.home
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 1f c6 c0 b5 86 ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.home
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 276
192.168.0.3 255.255.255.255 On-link 192.168.0.3 276
192.168.0.255 255.255.255.255 On-link 192.168.0.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::41f6:8400:655:dbbd/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/19/2012 11:44:26 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:26 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\6> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\6> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:24 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\5> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/19/2012 11:44:24 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GLEN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1S5JADVL.DEFAULT\CACHE\5> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (09/19/2012 11:42:56 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (09/19/2012 11:42:56 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (09/19/2012 11:42:56 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (09/19/2012 11:42:56 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (09/19/2012 11:42:56 PM) (Source: Service Control Manager) (User: )
Description: Hotspot Shield Servicetaphss

Error: (09/19/2012 06:26:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.135.1462.0){BD0B96C2-FC99-4DA6-8FC4-6D7A0A422CAE}100

Error: (09/19/2012 06:23:46 PM) (Source: Service Control Manager) (User: )
Description: Windows Defender%%126

Error: (09/19/2012 05:11:18 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (09/19/2012 05:11:17 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (09/19/2012 05:11:15 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

AVG 2013 (Version: 13.0.2579)
AVG 2013 (Version: 13.0.2667)
AVG 2013 (Version: 2013.0.2667)
CCleaner (Version: 3.14)
FMRTE 5.2.5 (Version: 5.2.5)
Google Chrome (Version: 21.0.1180.89)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
MSVC90_x64 (Version: 1.0.1.2)
NVIDIA Drivers
Rapport (Version: 3.5.1205.4)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0)
Spotify (Version: 0.8.3.222.g317ab79d)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 4094.38 MB
Available physical RAM: 2162.66 MB
Total Pagefile: 8367.25 MB
Available Pagefile: 6222.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.7 MB

========================= Partitions: =====================================

2 Drive c: (WinVista) (Fixed) (Total:449.94 GB) (Free:226.48 GB) NTFS
5 Drive g: () (Removable) (Total:3.76 GB) (Free:0.56 GB) FAT32

========================= Users: ========================================

User accounts for \\GLEN-PC

Administrator Glen Guest


**** End of log ****

#10 edinho1

edinho1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 19 September 2012 - 05:51 PM

I seem to be clean now.
Thanks for the help.
Malwarebytes seemed to finally kill it after repeated attempts.
The hellomoto folder was still there for a bit but with just one file in it and now i've finally got rid of it alltogether. Finger crossed,
cheers.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:09 PM

Posted 19 September 2012 - 05:58 PM

You're still infected

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users