Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dropper.Generic_c.MMI


  • This topic is locked This topic is locked
40 replies to this topic

#1 caelis

caelis

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 17 September 2012 - 11:49 PM

Hi, my son has a Trojan Horse Dropper.Generic_c.MMI on his laptop with his schoolwork. Can anyone help me with removal?

Thanks for helping out!

Caelis

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 18 September 2012 - 12:02 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 caelis

caelis
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 18 September 2012 - 12:24 AM

Thanks Gringo, I can't thank you enough for your help!

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Mozilla Thunderbird 14.0. Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Christopher Knefel at 0:12:07 on 2012-09-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2524 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Raxco\PerfectSpeed20\PerfectSpeed.exe
C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\802.11n Wireless LAN\802.11n Wireless Adapter HW.72\WlanCU.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11n Wireless USB Adapter HW.17\WlanWpsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Raxco\PerfectSpeed20\Rx2AgentS1.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Christopher Knefel\Desktop\SecurityCheck.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uStart Page = hxxp://tmq.bingstart.com/?cfg=2-168-0-1gmdc
uInternet Settings,ProxyServer = proxy.configfree.com:8080
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - C:\Program Files (x86)\kikin\ie_kikin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [Desktop iCalendar Lite.exe] "C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe"
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - E:\Office\OSA9.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files\802.11n Wireless LAN\802.11n Wireless Adapter HW.72\WlanCU.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{5D97A3B7-FB18-41EA-B2C5-2315A8CBD3AE} : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{6BA34F60-7340-42C6-816B-10583EBF10E0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C076BD62-0D84-4329-8386-57DB89345A49} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{FCA045AF-DAF9-4FE0-9E5B-DA6D0B8C481E} : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{FCA045AF-DAF9-4FE0-9E5B-DA6D0B8C481E}\2456C6B696E6F574F575962756C6563737F5245314343333 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FCA045AF-DAF9-4FE0-9E5B-DA6D0B8C481E}\2616375686F627C6962627162797 : DhcpNameServer = 69.77.7.226
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 91.212.127.226 winguard2009.microsoft.com
Hosts: 91.212.127.226 winguard-2009.com
Hosts: 91.212.127.226 www.winguard-2009.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ewtn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Christopher Knefel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dvdfabio;dvdfabio;\??\C:\Windows\system32\drivers\dvdfabio.sys --> C:\Windows\system32\drivers\dvdfabio.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2010-1-16 20544]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-6 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-10-1 67904]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
R2 Rx2Agent;Rx2Agent;C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe [2010-1-21 1231624]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-8-28 62776]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
R2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-4-9 803696]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\802.11 Wireless LAN\802.11n Wireless USB Adapter HW.17\WlanWpsSvc.exe [2011-1-22 167936]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 radpms;Driver for RADPMS Device;C:\Windows\system32\DRIVERS\radpms.sys --> C:\Windows\system32\DRIVERS\radpms.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Rx2Engine;Rx2Engine;C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe [2010-1-21 1348360]
R3 vdrive;vdrive;C:\Windows\system32\DRIVERS\vdrive.sys --> C:\Windows\system32\DRIVERS\vdrive.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-18 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-25 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-18 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 114144]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S3 RTL8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192u.sys --> C:\Windows\system32\DRIVERS\RTL8192u.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-09-18 07:25:59 -------- d-----w- C:\FRST
2012-09-17 13:16:23 -------- d-----w- C:\Program Files\802.11n Wireless LAN
2012-09-17 02:27:10 -------- d-----w- C:\Users\Christopher Knefel\AppData\Local\Diagnostics
2012-09-16 05:42:16 -------- d-----w- C:\Users\Christopher Knefel\AppData\Local\LogMeIn
2012-09-16 05:40:51 20480 ----a-w- C:\Windows\svchost.exe
2012-09-09 22:59:07 -------- d-----w- C:\Users\Christopher Knefel\AppData\Local\Microsoft Games
2012-08-31 02:28:09 -------- d-----w- C:\Users\Christopher Knefel\AppData\Local\Apple Computer
2012-08-19 17:25:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-08-16 06:16:45 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 06:16:45 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-13 10:14:08 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-13 10:14:08 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-07-13 10:14:07 80800 ----a-w- C:\Windows\System32\LMIinit.dll
.
============= FINISH: 0:12:42.07 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 01/23/2010 16:04:42
System Uptime: 09/18/2012 00:01:47 (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 297 GiB total, 204.375 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP388: 08/22/2012 21:26:14 - Scheduled Checkpoint
RP389: 08/30/2012 00:31:11 - Scheduled Checkpoint
RP390: 09/07/2012 00:00:02 - Scheduled Checkpoint
RP391: 09/16/2012 01:16:46 - Scheduled Checkpoint
RP392: 09/16/2012 19:00:23 - Windows Backup
RP393: 09/17/2012 08:15:50 - Installed 802.11n Wireless Adapter HW.72
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
802.11n Wireless Adapter HW.72
802.11n Wireless USB Adapter HW.17
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Applian FLV Player
Audacity 1.2.6
BufferChm
Compatibility Pack for the 2007 Office system
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceDiscovery
Direct DiscRecorder
DocMgr
DocProc
DVD MovieFactory for TOSHIBA
DVDFab 6.2.1.8 (31/12/2009)
DVDFab 8.1.3.2 (31/10/2011) Qt
Fax
GeoGebra WebStart
Google Chrome
Google Earth
Google SketchUp 8
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HP Product Detection
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 31
join.me
kikin plugin 2.11
LightScribe 1.4.124.1
Logitech Touch Mouse Server 1.0
LogMeIn
MarketResearch
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2000 Premium
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Pando Media Booster
PDFCreator
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Replay Converter 3
Replay Media Catcher 3.02
Replay Media Splitter 1.6.908
Replay Video Capture
RICOH R5U230 Media Driver ver.2.02.02.01
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Setup Support for ShopToWin 1.0
SmartWebPrinting
SolutionCenter
Status
System47 Screen Saver
TI Connect 1.6
Toolbox
TOSHIBA Agreement Notification Utility
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
Toshiba Registration
Toshiba Resources Page
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Upgrade Assistant
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TrayApp
Ubuntu
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WebReg
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinLog February 2010
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
09/18/2012 00:03:26, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
09/18/2012 00:03:24, Error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
09/18/2012 00:02:33, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
09/17/2012 23:16:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
09/17/2012 23:16:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VWiFiFlt Wanarpv6 WfpLwf
09/17/2012 23:16:30, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
09/17/2012 23:16:30, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/17/2012 23:16:30, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/17/2012 23:16:30, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
09/17/2012 23:16:30, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/17/2012 23:16:30, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
09/17/2012 23:16:29, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/17/2012 23:16:29, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
09/17/2012 23:16:29, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
09/17/2012 23:16:29, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/17/2012 23:16:29, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
09/17/2012 22:29:13, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
09/17/2012 22:25:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
09/17/2012 22:22:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
09/17/2012 22:21:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
09/17/2012 22:21:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
09/17/2012 22:21:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
09/17/2012 22:21:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/17/2012 22:21:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 18 September 2012 - 12:26 AM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 caelis

caelis
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 18 September 2012 - 12:59 AM

Gringo Rogue Killer said it needed to reboot to finish so it generated four logs.

# AdwCleaner v2.002 - Logfile created 09/18/2012 at 00:33:34
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christopher Knefel - CHRISTOPHER-K
# Boot Mode : Normal
# Running from : C:\Users\Christopher Knefel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\kikin
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Christopher Knefel\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Christopher Knefel\AppData\Local\TempDir
Folder Deleted : C:\Users\Christopher Knefel\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Christopher Knefel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\kikin
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\ConduitCommon
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\FCTB
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCSB000063371
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={EBDB7335-7D59-4A55-A137-881DE8059A37}&mid=ef4f3a0a0460bd80c88072f9c2cfaf50-6fa1db656acac2f5099e5fc9858aceae3b864264&lang=en&ds=AVG&pr=fr&d=2011-11-04 18:35:31&v=9.0.0.22&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\prefs.js

Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Sat Mar 06 2010 20:27:07 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sat Mar 06 2010 20:27:06 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1265745383");
Deleted : user_pref("CT2504091.Uninstall", true);
Deleted : user_pref("CT2956077..clientLogIsEnabled", true);
Deleted : user_pref("CT2956077..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2956077..uninstallLogServiceUrl", "");
Deleted : user_pref("CT2956077.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2956077.AppTrackingLastCheckTime", "Sun May 15 2011 22:10:32 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2956077.CurrentServerDate", "16-5-2011");
Deleted : user_pref("CT2956077.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2956077.DialogsGetterLastCheckTime", "Sun May 15 2011 22:39:41 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2956077.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2956077.FirstServerDate", "16-5-2011");
Deleted : user_pref("CT2956077.FirstTimeFF3", true);
Deleted : user_pref("CT2956077.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2956077.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2956077.HasUserGlobalKeys", true);
Deleted : user_pref("CT2956077.Initialize", true);
Deleted : user_pref("CT2956077.InitializeCommonPrefs", true);
Deleted : user_pref("CT2956077.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2956077.InvalidateCache", false);
Deleted : user_pref("CT2956077.IsGrouping", false);
Deleted : user_pref("CT2956077.IsMulticommunity", false);
Deleted : user_pref("CT2956077.LanguagePackLastCheckTime", "Sun May 15 2011 22:10:28 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2956077.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2956077.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2956077.LastLogin_3.4.1.0", "Sun May 15 2011 22:09:39 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2956077.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2956077.Locale", "en");
Deleted : user_pref("CT2956077.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2956077.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2956077.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2956077.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2956077.RadioIsPodcast", false);
Deleted : user_pref("CT2956077.RadioLastCheckTime", "Sun May 15 2011 22:10:31 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2956077.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2956077.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2956077.RadioMediaID", "9962");
Deleted : user_pref("CT2956077.RadioMediaType", "Media Player");
Deleted : user_pref("CT2956077.RadioMenuSelectedID", "EBRadioMenu_CT29560779962");
Deleted : user_pref("CT2956077.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2956077.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2956077.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2956077.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2956077.SearchInNewTabLastCheckTime", "Sun May 15 2011 22:09:42 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2956077.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2956077.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2956077.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2956077.ServiceMapLastCheckTime", "Sun May 15 2011 22:09:11 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2956077.SettingsLastCheckTime", "Sun May 15 2011 22:09:24 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2956077.SettingsLastUpdate", "1304242869");
Deleted : user_pref("CT2956077.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2956077.ThirdPartyComponentsLastCheck", "Sun May 15 2011 22:09:11 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2956077.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2956077.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2956077");
Deleted : user_pref("CT2956077.UserID", "UN01563048617683371");
Deleted : user_pref("CT2956077.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2956077.WeatherNetwork", "");
Deleted : user_pref("CT2956077.WeatherPollDate", "Sun May 15 2011 22:10:25 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2956077.WeatherUnit", "F");
Deleted : user_pref("CT2956077.alertChannelId", "1347936");
Deleted : user_pref("CT2956077.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2956077.globalFirstTimeInfoLastCheckTime", "Mon May 16 2011 18:09:31 GMT-0500 (Central [...]
Deleted : user_pref("CT2956077.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2956077.initDone", true);
Deleted : user_pref("CT2956077.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2956077.myStuffEnabled", true);
Deleted : user_pref("CT2956077.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2956077.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2956077.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2956077.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2956077.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2956077.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2956077.testingCtid", "");
Deleted : user_pref("CT2956077.toolbarAppMetaDataLastCheckTime", "Sun May 15 2011 22:09:39 GMT-0500 (Central D[...]
Deleted : user_pref("CT2956077.toolbarContextMenuLastCheckTime", "Sun May 15 2011 22:10:39 GMT-0500 (Central D[...]
Deleted : user_pref("CT2956077.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1347936/1343597/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2956077", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.4.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2956077",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2956077/CT2956077[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Christopher Knefel\\AppData\\Roamin[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.4.1.0");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2956077");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2956077");
Deleted : user_pref("CommunityToolbar.globalUserId", "fc0dbc7e-8497-4764-846a-b34c3a085ca1");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun May 15 2011 22:09:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon May 16 2011 03:10:24 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun May 15 2011 22:09:08 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1303303927");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "8dae7926-a547-4988-977c-3cb3bdb72735");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.2809705.KeywordHistory", "hi%7C%253BlkjshBZD%7C[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.ClearCacheDate", 6);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.DisplayEULA", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.EnableDCA", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.FirstLaunchShown", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.LoadLayoutDate.63303", 6);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.ShowRecommendedOptions", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.StateReportDate", "1312663157206");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.affiliate.2809709.disabled", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.engine_img", "aHR0cDovL3NlY[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.engine_url", "aHR0cDovL3NlY[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.text", "Get%20paid%20to%20s[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.width", "158");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.customNewTab", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.CaptureType", 3);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.contentSubstitutionInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.currentOffset", -50);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.dcaConfigInterval", 10800000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.enableUserIdentification", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.epochTimeInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.eulaVersion", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSSerpInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSShoppingcartInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigTime", "1312663417532");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigUrl", "hxxps://dcs-config.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastEpochTime", "1312663203550");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSModification", "Tue, 28 Jun 2[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpModification", "Tue, 28 J[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpTime", "1312663544150");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpUrl", "hxxps://media.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartModification", "T[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartTime", "131266354[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartUrl", "hxxps://me[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSTime", "1312663544152");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSUrl", "hxxps://media.consumer[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPingTime", 1312663157);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesTime", "1312663418709");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesUrl", "hxxps://dcs-config.c[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesTime", "1305508099963");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesUrl", "hxxps://dcs-config.[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistTime", "1312663432652");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistUrl", "hxxps://dcs-config.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.panelID", "freecausefox");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyFailures", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyFailuresThreshold", 5);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyRulesInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.probationLength", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.rulesVersion", "1063");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.userID", "FCZ3FGJ62180083");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.version", "1.5.0.8275");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.voicebox.campaigns", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.voiceboxRulesInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.whitelistInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.helpUsImprove", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hidden.6", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hidden.7", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hideOthers", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.installDate", "05152011");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.processAddrBar", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.restoreSearch", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.searchHistory", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.session", "8359650BF071BAFA81A19F318FE6D6EB0FDF[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.showFirstLaunchOptions", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.tb_lang", "en");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.tool_id", "63303");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_id", "62180083");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_key", "4d535cedbba6cb56b7d09fdc21c2ed24084[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_layouts", "63303");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_lnames", "CashCrate%20Toolbar");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.version", "0");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.yahooSearch", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.DNSCatch", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.FirstLaunchShown", true);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.LastDate", 17);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.customNewTab", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.processAddrBar", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.user_id", "32218459");
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.yahooSearch", false);
Deleted : user_pref("organizestatusbar.StatusBar", "statusbar-display:1,statusbar-progresspanel:1,security-but[...]
Deleted : user_pref("playsushi.position.button", true);

-\\ Opera v [Unable to get version]

File : C:\Users\Christopher Knefel\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : application/vnd.unity=6,,C:\Users\Christopher Knefel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity[...]

*************************

AdwCleaner[S1].txt - [28332 octets] - [18/09/2012 00:33:34]

########## EOF - C:\AdwCleaner[S1].txt - [28393 octets] ##########


# AdwCleaner v2.002 - Logfile created 09/18/2012 at 00:33:34
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christopher Knefel - CHRISTOPHER-K
# Boot Mode : Normal
# Running from : C:\Users\Christopher Knefel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\kikin
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Christopher Knefel\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Christopher Knefel\AppData\Local\TempDir
Folder Deleted : C:\Users\Christopher Knefel\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Christopher Knefel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\kikin
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\ConduitCommon
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\FCTB
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCSB000063371
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={EBDB7335-7D59-4A55-A137-881DE8059A37}&mid=ef4f3a0a0460bd80c88072f9c2cfaf50-6fa1db656acac2f5099e5fc9858aceae3b864264&lang=en&ds=AVG&pr=fr&d=2011-11-04 18:35:31&v=9.0.0.22&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\prefs.js

Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Sat Mar 06 2010 20:27:07 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sat Mar 06 2010 20:27:06 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1265745383");
Deleted : user_pref("CT2504091.Uninstall", true);
Deleted : user_pref("CT2956077..clientLogIsEnabled", true);
Deleted : user_pref("CT2956077..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2956077..uninstallLogServiceUrl", "");
Deleted : user_pref("CT2956077.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2956077.AppTrackingLastCheckTime", "Sun May 15 2011 22:10:32 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2956077.CurrentServerDate", "16-5-2011");
Deleted : user_pref("CT2956077.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2956077.DialogsGetterLastCheckTime", "Sun May 15 2011 22:39:41 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2956077.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2956077.FirstServerDate", "16-5-2011");
Deleted : user_pref("CT2956077.FirstTimeFF3", true);
Deleted : user_pref("CT2956077.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2956077.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2956077.HasUserGlobalKeys", true);
Deleted : user_pref("CT2956077.Initialize", true);
Deleted : user_pref("CT2956077.InitializeCommonPrefs", true);
Deleted : user_pref("CT2956077.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2956077.InvalidateCache", false);
Deleted : user_pref("CT2956077.IsGrouping", false);
Deleted : user_pref("CT2956077.IsMulticommunity", false);
Deleted : user_pref("CT2956077.LanguagePackLastCheckTime", "Sun May 15 2011 22:10:28 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2956077.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2956077.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2956077.LastLogin_3.4.1.0", "Sun May 15 2011 22:09:39 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2956077.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2956077.Locale", "en");
Deleted : user_pref("CT2956077.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2956077.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2956077.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2956077.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2956077.RadioIsPodcast", false);
Deleted : user_pref("CT2956077.RadioLastCheckTime", "Sun May 15 2011 22:10:31 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2956077.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2956077.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2956077.RadioMediaID", "9962");
Deleted : user_pref("CT2956077.RadioMediaType", "Media Player");
Deleted : user_pref("CT2956077.RadioMenuSelectedID", "EBRadioMenu_CT29560779962");
Deleted : user_pref("CT2956077.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2956077.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2956077.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2956077.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2956077.SearchInNewTabLastCheckTime", "Sun May 15 2011 22:09:42 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2956077.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2956077.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2956077.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2956077.ServiceMapLastCheckTime", "Sun May 15 2011 22:09:11 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2956077.SettingsLastCheckTime", "Sun May 15 2011 22:09:24 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2956077.SettingsLastUpdate", "1304242869");
Deleted : user_pref("CT2956077.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2956077.ThirdPartyComponentsLastCheck", "Sun May 15 2011 22:09:11 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2956077.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2956077.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2956077");
Deleted : user_pref("CT2956077.UserID", "UN01563048617683371");
Deleted : user_pref("CT2956077.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2956077.WeatherNetwork", "");
Deleted : user_pref("CT2956077.WeatherPollDate", "Sun May 15 2011 22:10:25 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2956077.WeatherUnit", "F");
Deleted : user_pref("CT2956077.alertChannelId", "1347936");
Deleted : user_pref("CT2956077.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2956077.globalFirstTimeInfoLastCheckTime", "Mon May 16 2011 18:09:31 GMT-0500 (Central [...]
Deleted : user_pref("CT2956077.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2956077.initDone", true);
Deleted : user_pref("CT2956077.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2956077.myStuffEnabled", true);
Deleted : user_pref("CT2956077.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2956077.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2956077.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2956077.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2956077.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2956077.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2956077.testingCtid", "");
Deleted : user_pref("CT2956077.toolbarAppMetaDataLastCheckTime", "Sun May 15 2011 22:09:39 GMT-0500 (Central D[...]
Deleted : user_pref("CT2956077.toolbarContextMenuLastCheckTime", "Sun May 15 2011 22:10:39 GMT-0500 (Central D[...]
Deleted : user_pref("CT2956077.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1347936/1343597/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2956077", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.4.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2956077",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2956077/CT2956077[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Christopher Knefel\\AppData\\Roamin[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.4.1.0");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2956077");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2956077");
Deleted : user_pref("CommunityToolbar.globalUserId", "fc0dbc7e-8497-4764-846a-b34c3a085ca1");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun May 15 2011 22:09:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon May 16 2011 03:10:24 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun May 15 2011 22:09:08 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1303303927");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "8dae7926-a547-4988-977c-3cb3bdb72735");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.2809705.KeywordHistory", "hi%7C%253BlkjshBZD%7C[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.ClearCacheDate", 6);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.DisplayEULA", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.EnableDCA", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.FirstLaunchShown", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.LoadLayoutDate.63303", 6);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.ShowRecommendedOptions", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.StateReportDate", "1312663157206");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.affiliate.2809709.disabled", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.engine_img", "aHR0cDovL3NlY[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.engine_url", "aHR0cDovL3NlY[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.text", "Get%20paid%20to%20s[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.width", "158");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.customNewTab", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.CaptureType", 3);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.contentSubstitutionInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.currentOffset", -50);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.dcaConfigInterval", 10800000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.enableUserIdentification", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.epochTimeInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.eulaVersion", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSSerpInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSShoppingcartInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigTime", "1312663417532");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigUrl", "hxxps://dcs-config.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastEpochTime", "1312663203550");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSModification", "Tue, 28 Jun 2[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpModification", "Tue, 28 J[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpTime", "1312663544150");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpUrl", "hxxps://media.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartModification", "T[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartTime", "131266354[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartUrl", "hxxps://me[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSTime", "1312663544152");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSUrl", "hxxps://media.consumer[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPingTime", 1312663157);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesTime", "1312663418709");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesUrl", "hxxps://dcs-config.c[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesTime", "1305508099963");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesUrl", "hxxps://dcs-config.[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistTime", "1312663432652");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistUrl", "hxxps://dcs-config.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.panelID", "freecausefox");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyFailures", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyFailuresThreshold", 5);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyRulesInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.probationLength", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.rulesVersion", "1063");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.userID", "FCZ3FGJ62180083");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.version", "1.5.0.8275");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.voicebox.campaigns", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.voiceboxRulesInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.whitelistInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.helpUsImprove", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hidden.6", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hidden.7", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hideOthers", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.installDate", "05152011");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.processAddrBar", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.restoreSearch", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.searchHistory", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.session", "8359650BF071BAFA81A19F318FE6D6EB0FDF[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.showFirstLaunchOptions", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.tb_lang", "en");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.tool_id", "63303");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_id", "62180083");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_key", "4d535cedbba6cb56b7d09fdc21c2ed24084[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_layouts", "63303");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_lnames", "CashCrate%20Toolbar");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.version", "0");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.yahooSearch", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.DNSCatch", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.FirstLaunchShown", true);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.LastDate", 17);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.customNewTab", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.processAddrBar", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.user_id", "32218459");
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.yahooSearch", false);
Deleted : user_pref("organizestatusbar.StatusBar", "statusbar-display:1,statusbar-progresspanel:1,security-but[...]
Deleted : user_pref("playsushi.position.button", true);

-\\ Opera v [Unable to get version]

File : C:\Users\Christopher Knefel\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : application/vnd.unity=6,,C:\Users\Christopher Knefel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity[...]

*************************

AdwCleaner[S1].txt - [28332 octets] - [18/09/2012 00:33:34]

########## EOF - C:\AdwCleaner[S1].txt - [28393 octets] ##########


RK2

# AdwCleaner v2.002 - Logfile created 09/18/2012 at 00:33:34
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Christopher Knefel - CHRISTOPHER-K
# Boot Mode : Normal
# Running from : C:\Users\Christopher Knefel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\kikin
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Christopher Knefel\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Christopher Knefel\AppData\Local\TempDir
Folder Deleted : C:\Users\Christopher Knefel\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Christopher Knefel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\kikin
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\ConduitCommon
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\FCTB
Folder Deleted : C:\Users\Christopher Knefel\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCSB000063371
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpkbfdhlbdkjohbhnhabfecpmcdlcmff
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={EBDB7335-7D59-4A55-A137-881DE8059A37}&mid=ef4f3a0a0460bd80c88072f9c2cfaf50-6fa1db656acac2f5099e5fc9858aceae3b864264&lang=en&ds=AVG&pr=fr&d=2011-11-04 18:35:31&v=9.0.0.22&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Christopher Knefel\AppData\Roaming\Mozilla\Firefox\Profiles\6b7v54fi.default\prefs.js

Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Sat Mar 06 2010 20:27:07 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sat Mar 06 2010 20:27:06 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1265745383");
Deleted : user_pref("CT2504091.Uninstall", true);
Deleted : user_pref("CT2956077..clientLogIsEnabled", true);
Deleted : user_pref("CT2956077..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2956077..uninstallLogServiceUrl", "");
Deleted : user_pref("CT2956077.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2956077.AppTrackingLastCheckTime", "Sun May 15 2011 22:10:32 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2956077.CurrentServerDate", "16-5-2011");
Deleted : user_pref("CT2956077.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2956077.DialogsGetterLastCheckTime", "Sun May 15 2011 22:39:41 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2956077.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2956077.FirstServerDate", "16-5-2011");
Deleted : user_pref("CT2956077.FirstTimeFF3", true);
Deleted : user_pref("CT2956077.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2956077.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2956077.HasUserGlobalKeys", true);
Deleted : user_pref("CT2956077.Initialize", true);
Deleted : user_pref("CT2956077.InitializeCommonPrefs", true);
Deleted : user_pref("CT2956077.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2956077.InvalidateCache", false);
Deleted : user_pref("CT2956077.IsGrouping", false);
Deleted : user_pref("CT2956077.IsMulticommunity", false);
Deleted : user_pref("CT2956077.LanguagePackLastCheckTime", "Sun May 15 2011 22:10:28 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2956077.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2956077.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2956077.LastLogin_3.4.1.0", "Sun May 15 2011 22:09:39 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2956077.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2956077.Locale", "en");
Deleted : user_pref("CT2956077.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2956077.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2956077.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2956077.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2956077.RadioIsPodcast", false);
Deleted : user_pref("CT2956077.RadioLastCheckTime", "Sun May 15 2011 22:10:31 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2956077.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2956077.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2956077.RadioMediaID", "9962");
Deleted : user_pref("CT2956077.RadioMediaType", "Media Player");
Deleted : user_pref("CT2956077.RadioMenuSelectedID", "EBRadioMenu_CT29560779962");
Deleted : user_pref("CT2956077.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2956077.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2956077.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2956077.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2956077.SearchInNewTabLastCheckTime", "Sun May 15 2011 22:09:42 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2956077.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2956077.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2956077.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2956077.ServiceMapLastCheckTime", "Sun May 15 2011 22:09:11 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2956077.SettingsLastCheckTime", "Sun May 15 2011 22:09:24 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2956077.SettingsLastUpdate", "1304242869");
Deleted : user_pref("CT2956077.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2956077.ThirdPartyComponentsLastCheck", "Sun May 15 2011 22:09:11 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2956077.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2956077.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2956077");
Deleted : user_pref("CT2956077.UserID", "UN01563048617683371");
Deleted : user_pref("CT2956077.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2956077.WeatherNetwork", "");
Deleted : user_pref("CT2956077.WeatherPollDate", "Sun May 15 2011 22:10:25 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2956077.WeatherUnit", "F");
Deleted : user_pref("CT2956077.alertChannelId", "1347936");
Deleted : user_pref("CT2956077.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2956077.globalFirstTimeInfoLastCheckTime", "Mon May 16 2011 18:09:31 GMT-0500 (Central [...]
Deleted : user_pref("CT2956077.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2956077.initDone", true);
Deleted : user_pref("CT2956077.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2956077.myStuffEnabled", true);
Deleted : user_pref("CT2956077.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2956077.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2956077.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2956077.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2956077.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2956077.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2956077.testingCtid", "");
Deleted : user_pref("CT2956077.toolbarAppMetaDataLastCheckTime", "Sun May 15 2011 22:09:39 GMT-0500 (Central D[...]
Deleted : user_pref("CT2956077.toolbarContextMenuLastCheckTime", "Sun May 15 2011 22:10:39 GMT-0500 (Central D[...]
Deleted : user_pref("CT2956077.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1347936/1343597/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2956077", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.4.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2956077",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2956077/CT2956077[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Christopher Knefel\\AppData\\Roamin[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.4.1.0");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2956077");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2956077");
Deleted : user_pref("CommunityToolbar.globalUserId", "fc0dbc7e-8497-4764-846a-b34c3a085ca1");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun May 15 2011 22:09:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon May 16 2011 03:10:24 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun May 15 2011 22:09:08 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1303303927");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "8dae7926-a547-4988-977c-3cb3bdb72735");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.2809705.KeywordHistory", "hi%7C%253BlkjshBZD%7C[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.ClearCacheDate", 6);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.DisplayEULA", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.EnableDCA", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.FirstLaunchShown", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.LoadLayoutDate.63303", 6);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.ShowRecommendedOptions", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.StateReportDate", "1312663157206");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.affiliate.2809709.disabled", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.engine_img", "aHR0cDovL3NlY[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.engine_url", "aHR0cDovL3NlY[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.text", "Get%20paid%20to%20s[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.comp.search.2809705.width", "158");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.customNewTab", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.CaptureType", 3);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.contentSubstitutionInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.currentOffset", -50);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.dcaConfigInterval", 10800000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.enableUserIdentification", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.epochTimeInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.eulaVersion", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSSerpInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.externalJSShoppingcartInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigTime", "1312663417532");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastDcaConfigUrl", "hxxps://dcs-config.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastEpochTime", "1312663203550");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSModification", "Tue, 28 Jun 2[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpModification", "Tue, 28 J[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpTime", "1312663544150");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSSerpUrl", "hxxps://media.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartModification", "T[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartTime", "131266354[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSShoppingcartUrl", "hxxps://me[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSTime", "1312663544152");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastExternalJSUrl", "hxxps://media.consumer[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPingTime", 1312663157);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesTime", "1312663418709");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastPrivacyRulesUrl", "hxxps://dcs-config.c[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesTime", "1305508099963");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastVoiceboxRulesUrl", "hxxps://dcs-config.[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistModification", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistTime", "1312663432652");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.lastWhitelistUrl", "hxxps://dcs-config.cons[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.panelID", "freecausefox");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyFailures", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyFailuresThreshold", 5);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.privacyRulesInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.probationLength", 0);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.rulesVersion", "1063");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.userID", "FCZ3FGJ62180083");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.version", "1.5.0.8275");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.voicebox.campaigns", "");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.voiceboxRulesInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.dca.whitelistInterval", 86400000);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.helpUsImprove", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hidden.6", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hidden.7", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.hideOthers", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.installDate", "05152011");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.processAddrBar", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.restoreSearch", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.searchHistory", true);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.session", "8359650BF071BAFA81A19F318FE6D6EB0FDF[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.showFirstLaunchOptions", false);
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.tb_lang", "en");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.tool_id", "63303");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_id", "62180083");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_key", "4d535cedbba6cb56b7d09fdc21c2ed24084[...]
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_layouts", "63303");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.user_lnames", "CashCrate%20Toolbar");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.version", "0");
Deleted : user_pref("freecause997b92573ae841ddad6e508d3e004190.yahooSearch", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.DNSCatch", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.FirstLaunchShown", true);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.LastDate", 17);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.customNewTab", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.processAddrBar", false);
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.user_id", "32218459");
Deleted : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.yahooSearch", false);
Deleted : user_pref("organizestatusbar.StatusBar", "statusbar-display:1,statusbar-progresspanel:1,security-but[...]
Deleted : user_pref("playsushi.position.button", true);

-\\ Opera v [Unable to get version]

File : C:\Users\Christopher Knefel\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : application/vnd.unity=6,,C:\Users\Christopher Knefel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity[...]

*************************

AdwCleaner[S1].txt - [28332 octets] - [18/09/2012 00:33:34]

########## EOF - C:\AdwCleaner[S1].txt - [28393 octets] ##########


RK3
RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Christopher Knefel [Admin rights]
Mode : Scan -- Date : 09/18/2012 00:46:26

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.configfree.com:8080) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{2a905851-c192-fda0-5262-a94e521c08de}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
91.212.127.226 winguard2009.microsoft.com
91.212.127.226 winguard-2009.com
91.212.127.226 www.winguard-2009.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-26ZCT0 +++++
--- User ---
[MBR] ba84fef827748bdea737c97e0a7ac7dd
[BSP] 20e1ece107db78e3964297dad54f247b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303742 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] ead9d8ad208e182b9be8af4fdef5a1b6
[BSP] 3f30da8d735413701a578dcf652088d0 : PiHar MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303742 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] ead9d8ad208e182b9be8af4fdef5a1b6
[BSP] 3f30da8d735413701a578dcf652088d0 : PiHar MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303742 Mo

+++++ PhysicalDrive1: SD Memory Card +++++
--- User ---
[MBR] fa6d13ad7179118f4fed64408274dacd
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 135 | Size: 1884 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RK 4

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Christopher Knefel [Admin rights]
Mode : Remove -- Date : 09/18/2012 00:49:55

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.configfree.com:8080) -> NOT REMOVED, USE PROXYFIX

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{2a905851-c192-fda0-5262-a94e521c08de}\U --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
91.212.127.226 winguard2009.microsoft.com
91.212.127.226 winguard-2009.com
91.212.127.226 www.winguard-2009.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-26ZCT0 +++++
--- User ---
[MBR] ba84fef827748bdea737c97e0a7ac7dd
[BSP] 20e1ece107db78e3964297dad54f247b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303742 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] ead9d8ad208e182b9be8af4fdef5a1b6
[BSP] 3f30da8d735413701a578dcf652088d0 : PiHar MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303742 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] ead9d8ad208e182b9be8af4fdef5a1b6
[BSP] 3f30da8d735413701a578dcf652088d0 : PiHar MBR Code!
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 303742 Mo

+++++ PhysicalDrive1: SD Memory Card +++++
--- User ---
[MBR] fa6d13ad7179118f4fed64408274dacd
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 135 | Size: 1884 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 18 September 2012 - 01:02 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 caelis

caelis
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 18 September 2012 - 01:16 AM

Here are the Farbar files

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2012
Ran by SYSTEM at 18-09-2012 01:10:15
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.)
HKLM\...\Run: [PerfectSpeed.exe] C:\Program Files\Raxco\PerfectSpeed20\PerfectSpeed.exe /tray /startrun [9115912 2010-01-21] (Raxco Software, Inc.)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [x]
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Christopher Knefel\...\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [4711744 2012-04-24] (Piriform Ltd)
HKU\Christopher Knefel\...\Run: [Desktop iCalendar Lite.exe] "C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe" [908288 2012-07-24] (Desksware)
HKU\Mcx1-CHRISTOPHER-K\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Tcpip\..\Interfaces\{C076BD62-0D84-4329-8386-57DB89345A49}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Office\OSA9.EXE (No File)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-13] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-13] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.)
2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [67904 2010-09-30] (Nalpeiron Ltd.)
2 Rx2Agent; "C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe" [1231624 2010-01-21] (Raxco Software, Inc.)
3 Rx2Engine; "C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe" [1348360 2010-01-21] (Raxco Software, Inc.)
2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 dvdfabio; C:\Windows\System32\Drivers\dvdfabio.sys [13184 2011-07-06] (Fengtao Software Inc.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-01-11] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-01-11] (LogMeIn, Inc.)
3 radpms; C:\Windows\System32\Drivers\radpms.sys [14944 2011-01-11] (LogMeIn, Inc.)
3 RTL8192U; C:\Windows\System32\Drivers\RTL8192U.sys [1631264 2010-04-13] (Realtek Semiconductor Corporation )
3 vdrive; C:\Windows\System32\Drivers\vdrive.sys [45952 2011-07-06] (Fengtao Software Inc.)
3 dump_wmimmc; [x]
4 LMIRfsClientNP; [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 RtlProt; \??\C:\Windows\System32\Drivers\RtlProt.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-17 23:25 - 2012-09-17 23:27 - 00000000 ____D C:\FRST
2012-09-17 21:37 - 2012-09-17 21:46 - 00000000 ____D C:\Users\Christopher Knefel\Desktop\RK_Quarantine
2012-09-17 21:33 - 2012-09-17 21:34 - 00028437 ____A C:\AdwCleaner[S1].txt
2012-09-17 21:09 - 2012-09-17 21:09 - 00000498 ____A C:\Users\Christopher Knefel\Desktop\defogger_disable.log
2012-09-17 21:09 - 2012-09-17 21:09 - 00000000 ____A C:\Users\Christopher Knefel\defogger_reenable
2012-09-17 05:16 - 2012-09-17 05:16 - 00001994 ____A C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
2012-09-17 05:16 - 2012-09-17 05:16 - 00000000 ____D C:\Program Files\802.11n Wireless LAN
2012-09-15 21:42 - 2012-09-15 21:42 - 00000000 ____D C:\Users\Christopher Knefel\AppData\Local\LogMeIn
2012-09-15 21:40 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-09-09 14:59 - 2012-09-09 14:59 - 00000000 ____D C:\Users\Christopher Knefel\AppData\Local\Microsoft Games
2012-08-30 18:28 - 2012-08-30 18:28 - 00000000 ____D C:\Users\Christopher Knefel\AppData\Local\Apple Computer
2012-08-29 19:08 - 2012-08-29 19:14 - 00000000 ____D C:\Users\Christopher Knefel\Desktop\USMC Cadence
2012-08-19 11:42 - 2012-08-19 11:42 - 00000743 ____A C:\Windows\SysWOW64\hs_err_pid21540.log
2012-08-19 11:41 - 2012-08-19 11:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-08-19 09:25 - 2012-08-19 09:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

==================== 3 Months Modified Files ==================

2012-09-17 21:59 - 2010-01-23 13:23 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-17 21:59 - 2010-01-23 13:23 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-17 21:56 - 2009-07-13 21:13 - 00783200 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-17 21:51 - 2010-02-18 16:59 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-17 21:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-17 21:39 - 2011-12-19 13:10 - 00000960 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3626980907-1912471044-4057537012-1000UA.job
2012-09-17 21:34 - 2012-09-17 21:33 - 00028437 ____A C:\AdwCleaner[S1].txt
2012-09-17 21:25 - 2010-02-18 16:59 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-17 21:14 - 2012-08-14 13:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-17 21:09 - 2012-09-17 21:09 - 00000498 ____A C:\Users\Christopher Knefel\Desktop\defogger_disable.log
2012-09-17 21:09 - 2012-09-17 21:09 - 00000000 ____A C:\Users\Christopher Knefel\defogger_reenable
2012-09-17 06:06 - 2012-03-16 19:27 - 01320610 ____N C:\Windows\WindowsUpdate.log
2012-09-17 05:16 - 2012-09-17 05:16 - 00001994 ____A C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
2012-09-17 03:39 - 2011-12-19 13:10 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3626980907-1912471044-4057537012-1000Core.job
2012-09-15 23:23 - 2010-02-13 11:25 - 00000366 ____A C:\Windows\Tasks\Driver Fetch.job
2012-09-15 21:41 - 2011-11-12 12:21 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-08-29 19:17 - 2012-07-10 17:53 - 00524288 ____A C:\Users\Christopher Knefel\Desktop\Firearms List.accdb
2012-08-29 19:14 - 2009-09-05 13:20 - 03596214 ____A C:\Users\Christopher Knefel\AppData\Roaming\ReplayConverterLog.log
2012-08-19 11:42 - 2012-08-19 11:42 - 00000743 ____A C:\Windows\SysWOW64\hs_err_pid21540.log
2012-08-15 22:16 - 2012-07-25 14:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 22:16 - 2011-05-25 12:37 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-31 14:22 - 2012-07-31 14:22 - 00001129 ____A C:\Users\Christopher Knefel\Desktop\Desktop iCalendar Lite.lnk
2012-07-31 01:31 - 2012-07-31 01:27 - 26185390 ____A C:\Users\Christopher Knefel\Bring It_.avi
2012-07-31 01:27 - 2012-07-31 01:25 - 26939216 ____A C:\Users\Christopher Knefel\Bounty Funny High School Rap Video from the Paper Towel Gang.avi
2012-07-31 01:25 - 2012-07-31 01:24 - 16680956 ____A C:\Users\Christopher Knefel\JADEN_S RAP~!.avi
2012-07-30 21:29 - 2011-08-24 14:18 - 00007620 ____A C:\Users\Christopher Knefel\AppData\Local\Resmon.ResmonCfg
2012-07-26 23:01 - 2012-07-26 22:58 - 02173054 ____A C:\Users\Christopher Knefel\Veggie Tales - The Bunny Song - Original.flv
2012-07-26 23:01 - 2012-07-26 22:57 - 04531628 ____A C:\Users\Christopher Knefel\Veggie Tales Silly Song His Cheeseburger.flv
2012-07-26 22:49 - 2012-07-26 22:45 - 07030546 ____A C:\Users\Christopher Knefel\VeggieTales_ BellyButton - Silly Song.flv
2012-07-26 22:39 - 2012-07-26 22:35 - 09609783 ____A C:\Users\Christopher Knefel\High Silk Hat - FFX.flv
2012-07-25 12:45 - 2012-07-25 12:45 - 00011135 ____A C:\Users\Christopher Knefel\Desktop\Expenses.xlsx
2012-07-25 12:45 - 2012-07-25 12:45 - 00000037 ____A C:\Users\Christopher Knefel\Desktop\Check verses.txt
2012-07-25 12:44 - 2012-07-25 12:44 - 00009892 ____A C:\Users\Christopher Knefel\Desktop\Cards Sell List.xlsx
2012-07-24 15:41 - 2012-07-24 15:30 - 08471371 ____A C:\Users\Christopher Knefel\The Human League - Don_t You Want Me.flv
2012-07-24 15:39 - 2012-07-24 15:28 - 07085320 ____A C:\Users\Christopher Knefel\OFFICIAL Somewhere over the Rainbow - Israel IZ Kamakawiwo?ole.flv
2012-07-23 12:42 - 2012-07-23 12:39 - 02774571 ____A C:\Users\Christopher Knefel\I Love the Whole World _ The World Is Just Awesome ( FULL VERSION).flv
2012-07-23 12:41 - 2012-07-23 12:34 - 07367026 ____A C:\Users\Christopher Knefel\Shiny Toy Guns - Major Tom.flv
2012-07-22 23:12 - 2012-07-22 23:04 - 04985401 ____A C:\Users\Christopher Knefel\Colors of the Wind.flv
2012-07-22 23:11 - 2012-07-22 23:04 - 04881830 ____A C:\Users\Christopher Knefel\In the Dark of the Night - Anastasia 1080p.flv
2012-07-22 23:11 - 2012-07-22 23:04 - 03901892 ____A C:\Users\Christopher Knefel\The Little Mermaid - Les Poissons.flv
2012-07-22 22:05 - 2012-07-22 21:58 - 05027215 ____A C:\Users\Christopher Knefel\The Cars - My Best Friend_s Girl.flv
2012-07-21 14:04 - 2012-07-21 13:53 - 04387875 ____A C:\Users\Christopher Knefel\HEYYEYAAEYAAAEYAEYAA.flv
2012-07-21 13:00 - 2012-07-21 12:48 - 11923840 ____A C:\Users\Christopher Knefel\Van Halen - Jump (HQ music video).flv
2012-07-20 22:19 - 2012-07-20 22:15 - 11929285 ____A C:\Users\Christopher Knefel\Night Ranger - Sister Christian.flv
2012-07-20 22:13 - 2012-07-20 22:09 - 19574537 ____A C:\Users\Christopher Knefel\Joan Jett - I Hate Myself For Loving You [ Original HQ ].flv
2012-07-17 22:37 - 2012-07-17 22:33 - 05436260 ____A C:\Users\Christopher Knefel\The Count Censored.flv
2012-07-17 22:32 - 2012-07-17 22:31 - 02449028 ____A C:\Users\Christopher Knefel\You are a Nazi.flv
2012-07-15 10:18 - 2012-07-15 10:14 - 06699818 ____A C:\Users\Christopher Knefel\Bobby Fuller Four - I Fought The Law ( And The Law Won) Lyrics.flv
2012-07-15 00:26 - 2012-07-15 00:25 - 01875645 ____A C:\Users\Christopher Knefel\THE TWILIGHT ZONE THEME.flv
2012-07-14 23:40 - 2012-07-14 23:34 - 09515200 ____A C:\Users\Christopher Knefel\the impossible game soundtrack levels 1,2, and 3 songs.flv
2012-07-13 02:14 - 2011-09-14 03:35 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-13 02:14 - 2011-09-14 03:35 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-13 02:14 - 2011-09-14 03:35 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-12 22:43 - 2012-07-12 22:31 - 17221933 ____A C:\Users\Christopher Knefel\rocky horror picture show - the time warp.flv
2012-07-12 22:14 - 2012-07-12 22:11 - 05490492 ____A C:\Users\Christopher Knefel\Maybe I_m Amazed - Paul McCartney (With Lyrics).flv
2012-07-12 17:04 - 2012-07-12 17:02 - 03342649 ____A C:\Users\Christopher Knefel\Louis Armstrong - What A Wonderful World (Lyrics).flv
2012-07-12 11:10 - 2012-07-12 10:45 - 12399669 ____A C:\Users\Christopher Knefel\I LIKE TRAINS (asdfmovie song).flv
2012-07-11 18:40 - 2012-07-11 18:30 - 09441326 ____A C:\Users\Christopher Knefel\MINE TURTLE (asdfmovie song).flv
2012-07-10 23:37 - 2012-07-10 23:30 - 09310767 ____A C:\Users\Christopher Knefel\Steve Perry Oh Sherrie Remastered Audio.flv
2012-07-10 21:06 - 2012-07-10 20:52 - 22744221 ____A C:\Users\Christopher Knefel\MC Hammer- Can_t Touch This (Real Vid).flv
2012-07-07 11:38 - 2012-07-07 11:33 - 08629378 ____A C:\Users\Christopher Knefel\The Foundations - Build Me Up Buttercup.flv
2012-07-06 09:57 - 2012-07-06 09:49 - 05376477 ____A C:\Users\Christopher Knefel\Holy Diver - Dio Lyrics.flv
2012-07-05 20:24 - 2012-07-05 20:13 - 11402682 ____A C:\Users\Christopher Knefel\Eminem - _Till I Collapse Lyrics.flv
2012-07-05 02:58 - 2012-07-05 02:58 - 00001448 ____A C:\Users\Christopher Knefel\Desktop\Command Prompt.lnk
2012-07-05 02:34 - 2010-10-27 17:29 - 00001608 ____A C:\Users\Christopher Knefel\Desktop\Trash.lnk
2012-07-04 00:24 - 2012-07-04 00:20 - 05892561 ____A C:\Users\Christopher Knefel\you are a pirate.flv
2012-06-28 08:56 - 2012-06-28 08:53 - 04877778 ____A C:\Users\Christopher Knefel\Lilo & Stitch - Opening Theme (He Mele No Lilo - Original Film).flv
2012-06-24 18:31 - 2012-06-24 18:02 - 20969057 ____A C:\Users\Christopher Knefel\The Who - Won_t Get Fooled Again.flv
2012-06-24 14:44 - 2012-06-24 14:25 - 28666239 ____A C:\Users\Christopher Knefel\many ways to light up fireworks.flv
2012-06-22 18:52 - 2012-06-22 18:52 - 03521052 ____A C:\Users\Christopher Knefel\Mister Rogers Remixed _ Garden of Your Mind _ PBS Digital Studios.wav
2012-06-22 18:39 - 2012-06-22 18:39 - 42242092 ____A C:\Users\Christopher Knefel\Sweet Victory Spongebob Squarepants full song + lyrics.wav
2012-06-22 18:35 - 2012-06-22 18:35 - 45006892 ____A C:\Users\Christopher Knefel\Cheap Trick Surrender.wav
2012-06-22 18:16 - 2012-06-22 18:16 - 28987436 ____A C:\Users\Christopher Knefel\Men Without Hats - Safety Dance [Official Video].wav
2012-06-22 17:41 - 2012-06-22 17:41 - 00109436 ____A C:\Users\Christopher Knefel\Mine turtle all 3 hello!0.wav
2012-06-22 17:40 - 2012-06-22 17:40 - 00000000 ____A C:\Users\Christopher Knefel\Mine turtle all 3 hello!-old1.wav
2012-06-22 17:38 - 2012-06-22 17:38 - 02134060 ____A C:\Users\Christopher Knefel\Mine turtle all 3 hello!.wav
2012-06-22 17:37 - 2012-06-22 17:37 - 00474853 ____A C:\Users\Christopher Knefel\Mine turtle all 3 hello!.flv
2012-06-22 10:54 - 2012-06-22 10:52 - 03587674 ____A C:\Users\Christopher Knefel\Twist and Shout Lyrics.flv
2012-06-22 06:34 - 2012-06-22 06:23 - 09933355 ____A C:\Users\Christopher Knefel\America - bleep Yeah!.flv


ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2a905851-c192-fda0-5262-a94e521c08de}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2a905851-c192-fda0-5262-a94e521c08de}\@
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2a905851-c192-fda0-5262-a94e521c08de}\L
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2a905851-c192-fda0-5262-a94e521c08de}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-22 18:26:49
Restore point made on: 2012-08-29 21:31:37
Restore point made on: 2012-09-06 21:00:25
Restore point made on: 2012-09-15 22:17:09
Restore point made on: 2012-09-16 16:00:41
Restore point made on: 2012-09-17 05:16:18

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3963.98 MB
Available physical RAM: 3326.3 MB
Total Pagefile: 3962.13 MB
Available Pagefile: 3330.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (Christopher) (Fixed) (Total:296.62 GB) (Free:204.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (YOUR) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
3 Drive e: (PENDRIVE) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1501 MB
Disk 1 Online 1918 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 296 GB 1501 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Christopher NTFS Partition 296 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1917 MB 124 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PENDRIVE FAT Removable 1917 MB Healthy

=========================================================

Last Boot: 2012-09-15 22:09

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 17-09-2012
Ran by SYSTEM at 2012-09-18 01:11:28
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 18 September 2012 - 01:23 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr
C:\Windows\svchost.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2a905851-c192-fda0-5262-a94e521c08de}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 caelis

caelis
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 18 September 2012 - 01:28 AM

Gringo, here is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-09-2012
Ran by SYSTEM at 2012-09-18 01:26:52 Run:1
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

C:\Windows\svchost.exe moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2a905851-c192-fda0-5262-a94e521c08de} moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 18 September 2012 - 01:33 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 caelis

caelis
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 18 September 2012 - 02:04 AM

Gringo, here is the TDSSKiller log. aswMBR says it is not a valid win32 app.

01:59:45.0056 0680 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
01:59:46.0034 0680 ============================================================
01:59:46.0034 0680 Current date / time: 2012/09/18 01:59:46.0034
01:59:46.0034 0680 SystemInfo:
01:59:46.0034 0680
01:59:46.0034 0680 OS Version: 6.1.7601 ServicePack: 1.0
01:59:46.0034 0680 Product type: Workstation
01:59:46.0035 0680 ComputerName: CHRISTOPHER-K
01:59:46.0035 0680 UserName: Christopher Knefel
01:59:46.0035 0680 Windows directory: C:\Windows
01:59:46.0035 0680 System windows directory: C:\Windows
01:59:46.0035 0680 Running under WOW64
01:59:46.0035 0680 Processor architecture: Intel x64
01:59:46.0035 0680 Number of processors: 2
01:59:46.0035 0680 Page size: 0x1000
01:59:46.0035 0680 Boot type: Normal boot
01:59:46.0035 0680 ============================================================
01:59:46.0780 0680 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:59:46.0787 0680 Drive \Device\Harddisk2\DR4 - Size: 0x77E00000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:59:46.0793 0680 ============================================================
01:59:46.0793 0680 \Device\Harddisk0\DR0:
01:59:46.0794 0680 MBR partitions:
01:59:46.0794 0680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2513F000
01:59:46.0794 0680 \Device\Harddisk2\DR4:
01:59:46.0796 0680 MBR partitions:
01:59:46.0796 0680 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x6, StartLBA 0xF8, BlocksNum 0x3BEF08
01:59:46.0796 0680 ============================================================
01:59:46.0844 0680 C: <-> \Device\Harddisk0\DR0\Partition1
01:59:46.0844 0680 ============================================================
01:59:46.0844 0680 Initialize success
01:59:46.0844 0680 ============================================================
01:59:48.0816 0516 ============================================================
01:59:48.0816 0516 Scan started
01:59:48.0816 0516 Mode: Manual;
01:59:48.0817 0516 ============================================================
01:59:49.0308 0516 ================ Scan system memory ========================
01:59:49.0308 0516 System memory - ok
01:59:49.0308 0516 ================ Scan services =============================
01:59:49.0530 0516 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:59:49.0536 0516 1394ohci - ok
01:59:49.0581 0516 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:59:49.0584 0516 ACPI - ok
01:59:49.0619 0516 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:59:49.0620 0516 AcpiPmi - ok
01:59:49.0732 0516 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:59:49.0734 0516 AdobeFlashPlayerUpdateSvc - ok
01:59:49.0796 0516 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:59:49.0799 0516 adp94xx - ok
01:59:49.0864 0516 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:59:49.0867 0516 adpahci - ok
01:59:49.0911 0516 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:59:49.0913 0516 adpu320 - ok
01:59:49.0942 0516 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:59:49.0943 0516 AeLookupSvc - ok
01:59:50.0002 0516 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:59:50.0005 0516 AFD - ok
01:59:50.0073 0516 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
01:59:50.0080 0516 AgereSoftModem - ok
01:59:50.0124 0516 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:59:50.0126 0516 agp440 - ok
01:59:50.0163 0516 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:59:50.0164 0516 ALG - ok
01:59:50.0202 0516 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:59:50.0203 0516 aliide - ok
01:59:50.0218 0516 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:59:50.0218 0516 amdide - ok
01:59:50.0258 0516 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:59:50.0259 0516 AmdK8 - ok
01:59:50.0292 0516 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:59:50.0293 0516 AmdPPM - ok
01:59:50.0342 0516 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:59:50.0343 0516 amdsata - ok
01:59:50.0397 0516 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:59:50.0399 0516 amdsbs - ok
01:59:50.0431 0516 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:59:50.0432 0516 amdxata - ok
01:59:50.0471 0516 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:59:50.0472 0516 AppID - ok
01:59:50.0514 0516 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:59:50.0515 0516 AppIDSvc - ok
01:59:50.0553 0516 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:59:50.0554 0516 Appinfo - ok
01:59:50.0691 0516 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:59:50.0693 0516 Apple Mobile Device - ok
01:59:50.0754 0516 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:59:50.0755 0516 arc - ok
01:59:50.0768 0516 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:59:50.0769 0516 arcsas - ok
01:59:50.0904 0516 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:59:50.0905 0516 aspnet_state - ok
01:59:50.0927 0516 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:59:50.0928 0516 AsyncMac - ok
01:59:50.0979 0516 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:59:50.0980 0516 atapi - ok
01:59:51.0037 0516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:59:51.0041 0516 AudioEndpointBuilder - ok
01:59:51.0070 0516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:59:51.0076 0516 AudioSrv - ok
01:59:51.0289 0516 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
01:59:51.0328 0516 AVGIDSAgent - ok
01:59:51.0361 0516 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
01:59:51.0363 0516 AVGIDSDriver - ok
01:59:51.0389 0516 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
01:59:51.0390 0516 AVGIDSFilter - ok
01:59:51.0441 0516 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
01:59:51.0442 0516 AVGIDSHA - ok
01:59:51.0489 0516 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
01:59:51.0492 0516 Avgldx64 - ok
01:59:51.0537 0516 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
01:59:51.0539 0516 Avgmfx64 - ok
01:59:51.0580 0516 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
01:59:51.0581 0516 Avgrkx64 - ok
01:59:51.0655 0516 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
01:59:51.0662 0516 Avgtdia - ok
01:59:51.0686 0516 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
01:59:51.0688 0516 avgwd - ok
01:59:51.0761 0516 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:59:51.0763 0516 AxInstSV - ok
01:59:51.0802 0516 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:59:51.0806 0516 b06bdrv - ok
01:59:51.0842 0516 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:59:51.0846 0516 b57nd60a - ok
01:59:51.0901 0516 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:59:51.0902 0516 BDESVC - ok
01:59:51.0921 0516 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:59:51.0922 0516 Beep - ok
01:59:51.0972 0516 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:59:51.0978 0516 BFE - ok
01:59:52.0024 0516 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:59:52.0025 0516 blbdrive - ok
01:59:52.0128 0516 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:59:52.0132 0516 Bonjour Service - ok
01:59:52.0166 0516 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:59:52.0167 0516 bowser - ok
01:59:52.0205 0516 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:59:52.0206 0516 BrFiltLo - ok
01:59:52.0229 0516 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:59:52.0229 0516 BrFiltUp - ok
01:59:52.0273 0516 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
01:59:52.0274 0516 Bridge - ok
01:59:52.0285 0516 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
01:59:52.0290 0516 BridgeMP - ok
01:59:52.0327 0516 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
01:59:52.0329 0516 Browser - ok
01:59:52.0350 0516 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:59:52.0353 0516 Brserid - ok
01:59:52.0382 0516 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:59:52.0383 0516 BrSerWdm - ok
01:59:52.0399 0516 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:59:52.0399 0516 BrUsbMdm - ok
01:59:52.0410 0516 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:59:52.0411 0516 BrUsbSer - ok
01:59:52.0423 0516 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:59:52.0427 0516 BTHMODEM - ok
01:59:52.0458 0516 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:59:52.0460 0516 bthserv - ok
01:59:52.0515 0516 [ F1140ED3A1E1D6824A63F27AFD9EEF32 ] camsvc C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
01:59:52.0516 0516 camsvc - ok
01:59:52.0533 0516 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:59:52.0534 0516 cdfs - ok
01:59:52.0586 0516 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:59:52.0588 0516 cdrom - ok
01:59:52.0627 0516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:59:52.0628 0516 CertPropSvc - ok
01:59:52.0672 0516 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:59:52.0673 0516 circlass - ok
01:59:52.0715 0516 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:59:52.0718 0516 CLFS - ok
01:59:52.0783 0516 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:59:52.0785 0516 clr_optimization_v2.0.50727_32 - ok
01:59:52.0822 0516 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:59:52.0824 0516 clr_optimization_v2.0.50727_64 - ok
01:59:52.0895 0516 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:59:52.0897 0516 clr_optimization_v4.0.30319_32 - ok
01:59:52.0915 0516 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:59:52.0917 0516 clr_optimization_v4.0.30319_64 - ok
01:59:52.0971 0516 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:59:52.0972 0516 CmBatt - ok
01:59:52.0992 0516 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:59:52.0993 0516 cmdide - ok
01:59:53.0033 0516 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
01:59:53.0038 0516 CNG - ok
01:59:53.0086 0516 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:59:53.0087 0516 Compbatt - ok
01:59:53.0133 0516 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:59:53.0134 0516 CompositeBus - ok
01:59:53.0149 0516 COMSysApp - ok
01:59:53.0189 0516 [ BCF2C3177E4777E3793310BAC0244C1A ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
01:59:53.0190 0516 ConfigFree Gadget Service - ok
01:59:53.0228 0516 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
01:59:53.0229 0516 ConfigFree Service - ok
01:59:53.0257 0516 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:59:53.0260 0516 crcdisk - ok
01:59:53.0307 0516 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:59:53.0309 0516 CryptSvc - ok
01:59:53.0337 0516 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
01:59:53.0338 0516 dc3d - ok
01:59:53.0393 0516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:59:53.0400 0516 DcomLaunch - ok
01:59:53.0451 0516 [ D07CFB826D1C7648E74F369DEA4DBEF8 ] DefragFS C:\Windows\system32\drivers\DefragFS.sys
01:59:53.0452 0516 DefragFS - ok
01:59:53.0484 0516 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:59:53.0488 0516 defragsvc - ok
01:59:53.0522 0516 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:59:53.0523 0516 DfsC - ok
01:59:53.0581 0516 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:59:53.0585 0516 Dhcp - ok
01:59:53.0615 0516 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:59:53.0616 0516 discache - ok
01:59:53.0642 0516 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:59:53.0643 0516 Disk - ok
01:59:53.0671 0516 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:59:53.0674 0516 Dnscache - ok
01:59:53.0704 0516 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:59:53.0707 0516 dot3svc - ok
01:59:53.0745 0516 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:59:53.0747 0516 DPS - ok
01:59:53.0779 0516 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:59:53.0780 0516 drmkaud - ok
01:59:53.0806 0516 dump_wmimmc - ok
01:59:53.0866 0516 [ 21A9BC94BB9C7765195ABBCA8169309A ] dvdfabio C:\Windows\system32\drivers\dvdfabio.sys
01:59:53.0867 0516 dvdfabio - ok
01:59:53.0910 0516 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:59:53.0919 0516 DXGKrnl - ok
01:59:53.0976 0516 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:59:53.0978 0516 EapHost - ok
01:59:54.0079 0516 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:59:54.0109 0516 ebdrv - ok
01:59:54.0148 0516 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:59:54.0149 0516 EFS - ok
01:59:54.0205 0516 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:59:54.0211 0516 ehRecvr - ok
01:59:54.0246 0516 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:59:54.0247 0516 ehSched - ok
01:59:54.0287 0516 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:59:54.0291 0516 elxstor - ok
01:59:54.0322 0516 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:59:54.0323 0516 ErrDev - ok
01:59:54.0379 0516 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:59:54.0382 0516 EventSystem - ok
01:59:54.0401 0516 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:59:54.0403 0516 exfat - ok
01:59:54.0425 0516 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:59:54.0427 0516 fastfat - ok
01:59:54.0479 0516 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:59:54.0484 0516 Fax - ok
01:59:54.0536 0516 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:59:54.0537 0516 fdc - ok
01:59:54.0572 0516 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:59:54.0574 0516 fdPHost - ok
01:59:54.0586 0516 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:59:54.0587 0516 FDResPub - ok
01:59:54.0606 0516 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:59:54.0607 0516 FileInfo - ok
01:59:54.0627 0516 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:59:54.0628 0516 Filetrace - ok
01:59:54.0643 0516 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:59:54.0644 0516 flpydisk - ok
01:59:54.0683 0516 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:59:54.0687 0516 FltMgr - ok
01:59:54.0742 0516 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:59:54.0754 0516 FontCache - ok
01:59:54.0815 0516 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:59:54.0816 0516 FontCache3.0.0.0 - ok
01:59:54.0842 0516 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:59:54.0843 0516 FsDepends - ok
01:59:54.0879 0516 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:59:54.0880 0516 Fs_Rec - ok
01:59:54.0927 0516 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:59:54.0929 0516 fvevol - ok
01:59:54.0961 0516 [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
01:59:54.0962 0516 FwLnk - ok
01:59:54.0981 0516 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:59:54.0985 0516 gagp30kx - ok
01:59:55.0012 0516 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:59:55.0013 0516 GEARAspiWDM - ok
01:59:55.0065 0516 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:59:55.0074 0516 gpsvc - ok
01:59:55.0167 0516 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:59:55.0169 0516 gupdate - ok
01:59:55.0204 0516 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:59:55.0205 0516 gupdatem - ok
01:59:55.0239 0516 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:59:55.0240 0516 hcw85cir - ok
01:59:55.0289 0516 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:59:55.0291 0516 HDAudBus - ok
01:59:55.0306 0516 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:59:55.0307 0516 HidBatt - ok
01:59:55.0331 0516 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:59:55.0332 0516 HidBth - ok
01:59:55.0351 0516 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:59:55.0352 0516 HidIr - ok
01:59:55.0377 0516 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:59:55.0378 0516 hidserv - ok
01:59:55.0422 0516 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:59:55.0423 0516 HidUsb - ok
01:59:55.0450 0516 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:59:55.0451 0516 hkmsvc - ok
01:59:55.0481 0516 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:59:55.0483 0516 HomeGroupListener - ok
01:59:55.0511 0516 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:59:55.0515 0516 HomeGroupProvider - ok
01:59:55.0612 0516 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
01:59:55.0615 0516 hpqcxs08 - ok
01:59:55.0650 0516 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
01:59:55.0651 0516 hpqddsvc - ok
01:59:55.0689 0516 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:59:55.0691 0516 HpSAMD - ok
01:59:55.0755 0516 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
01:59:55.0762 0516 HPSLPSVC - ok
01:59:55.0817 0516 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:59:55.0822 0516 HTTP - ok
01:59:55.0869 0516 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:59:55.0870 0516 hwpolicy - ok
01:59:55.0909 0516 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:59:55.0911 0516 i8042prt - ok
01:59:55.0959 0516 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
01:59:55.0964 0516 iaStor - ok
01:59:56.0008 0516 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:59:56.0011 0516 iaStorV - ok
01:59:56.0065 0516 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
01:59:56.0066 0516 IDriverT - ok
01:59:56.0116 0516 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:59:56.0123 0516 idsvc - ok
01:59:56.0399 0516 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:59:56.0488 0516 igfx - ok
01:59:56.0527 0516 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:59:56.0530 0516 iirsp - ok
01:59:56.0573 0516 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:59:56.0580 0516 IKEEXT - ok
01:59:56.0674 0516 [ CE57D1A91272A35989837B868C8366DF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:59:56.0686 0516 IntcAzAudAddService - ok
01:59:56.0713 0516 [ BE1CB000C655396C9DEF09AEE3EA2D67 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
01:59:56.0715 0516 IntcHdmiAddService - ok
01:59:56.0760 0516 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:59:56.0761 0516 intelide - ok
01:59:56.0817 0516 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:59:56.0818 0516 intelppm - ok
01:59:56.0848 0516 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:59:56.0850 0516 IPBusEnum - ok
01:59:56.0881 0516 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:59:56.0883 0516 IpFilterDriver - ok
01:59:56.0913 0516 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:59:56.0914 0516 IPMIDRV - ok
01:59:56.0931 0516 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:59:56.0932 0516 IPNAT - ok
01:59:56.0999 0516 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:59:57.0005 0516 iPod Service - ok
01:59:57.0038 0516 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:59:57.0038 0516 IRENUM - ok
01:59:57.0074 0516 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:59:57.0076 0516 isapnp - ok
01:59:57.0114 0516 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:59:57.0116 0516 iScsiPrt - ok
01:59:57.0150 0516 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:59:57.0151 0516 kbdclass - ok
01:59:57.0174 0516 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:59:57.0176 0516 kbdhid - ok
01:59:57.0202 0516 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:59:57.0204 0516 KeyIso - ok
01:59:57.0217 0516 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:59:57.0219 0516 KSecDD - ok
01:59:57.0268 0516 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:59:57.0269 0516 KSecPkg - ok
01:59:57.0299 0516 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:59:57.0300 0516 ksthunk - ok
01:59:57.0332 0516 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:59:57.0337 0516 KtmRm - ok
01:59:57.0387 0516 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:59:57.0391 0516 LanmanServer - ok
01:59:57.0417 0516 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:59:57.0420 0516 LanmanWorkstation - ok
01:59:57.0462 0516 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
01:59:57.0463 0516 LightScribeService - ok
01:59:57.0496 0516 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:59:57.0497 0516 lltdio - ok
01:59:57.0536 0516 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:59:57.0539 0516 lltdsvc - ok
01:59:57.0559 0516 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:59:57.0561 0516 lmhosts - ok
01:59:57.0632 0516 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
01:59:57.0638 0516 LMIGuardianSvc - ok
01:59:57.0663 0516 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
01:59:57.0667 0516 LMIInfo - ok
01:59:57.0687 0516 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
01:59:57.0689 0516 LMIMaint - ok
01:59:57.0711 0516 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
01:59:57.0712 0516 lmimirr - ok
01:59:57.0739 0516 LMIRfsClientNP - ok
01:59:57.0769 0516 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
01:59:57.0771 0516 LMIRfsDriver - ok
01:59:57.0809 0516 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
01:59:57.0813 0516 LogMeIn - ok
01:59:57.0852 0516 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:59:57.0854 0516 LSI_FC - ok
01:59:57.0867 0516 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:59:57.0869 0516 LSI_SAS - ok
01:59:57.0885 0516 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:59:57.0886 0516 LSI_SAS2 - ok
01:59:57.0903 0516 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:59:57.0905 0516 LSI_SCSI - ok
01:59:57.0926 0516 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:59:57.0927 0516 luafv - ok
01:59:57.0947 0516 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:59:57.0952 0516 Mcx2Svc - ok
01:59:57.0980 0516 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:59:57.0981 0516 megasas - ok
01:59:57.0996 0516 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:59:57.0999 0516 MegaSR - ok
01:59:58.0086 0516 Microsoft SharePoint Workspace Audit Service - ok
01:59:58.0112 0516 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:59:58.0114 0516 MMCSS - ok
01:59:58.0143 0516 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:59:58.0146 0516 Modem - ok
01:59:58.0169 0516 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:59:58.0175 0516 monitor - ok
01:59:58.0205 0516 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
01:59:58.0206 0516 mouclass - ok
01:59:58.0244 0516 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:59:58.0246 0516 mouhid - ok
01:59:58.0272 0516 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:59:58.0273 0516 mountmgr - ok
01:59:58.0340 0516 [ 150C2559DA6FC159D65F9CF3DA1EF731 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:59:58.0343 0516 MozillaMaintenance - ok
01:59:58.0358 0516 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:59:58.0359 0516 mpio - ok
01:59:58.0385 0516 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:59:58.0387 0516 mpsdrv - ok
01:59:58.0419 0516 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:59:58.0421 0516 MRxDAV - ok
01:59:58.0445 0516 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:59:58.0446 0516 mrxsmb - ok
01:59:58.0478 0516 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:59:58.0482 0516 mrxsmb10 - ok
01:59:58.0502 0516 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:59:58.0503 0516 mrxsmb20 - ok
01:59:58.0531 0516 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:59:58.0532 0516 msahci - ok
01:59:58.0561 0516 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:59:58.0563 0516 msdsm - ok
01:59:58.0595 0516 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:59:58.0598 0516 MSDTC - ok
01:59:58.0661 0516 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:59:58.0662 0516 Msfs - ok
01:59:58.0703 0516 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:59:58.0704 0516 mshidkmdf - ok
01:59:58.0722 0516 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:59:58.0723 0516 msisadrv - ok
01:59:58.0768 0516 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:59:58.0770 0516 MSiSCSI - ok
01:59:58.0774 0516 msiserver - ok
01:59:58.0824 0516 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:59:58.0824 0516 MSKSSRV - ok
01:59:58.0841 0516 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:59:58.0843 0516 MSPCLOCK - ok
01:59:58.0849 0516 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:59:58.0850 0516 MSPQM - ok
01:59:58.0892 0516 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:59:58.0896 0516 MsRPC - ok
01:59:58.0934 0516 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:59:58.0935 0516 mssmbios - ok
01:59:58.0947 0516 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:59:58.0948 0516 MSTEE - ok
01:59:58.0963 0516 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:59:58.0964 0516 MTConfig - ok
01:59:58.0984 0516 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:59:58.0985 0516 Mup - ok
01:59:59.0021 0516 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:59:59.0027 0516 napagent - ok
01:59:59.0052 0516 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:59:59.0057 0516 NativeWifiP - ok
01:59:59.0095 0516 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
01:59:59.0102 0516 NDIS - ok
01:59:59.0144 0516 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:59:59.0145 0516 NdisCap - ok
01:59:59.0177 0516 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:59:59.0178 0516 NdisTapi - ok
01:59:59.0219 0516 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:59:59.0220 0516 Ndisuio - ok
01:59:59.0250 0516 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:59:59.0252 0516 NdisWan - ok
01:59:59.0281 0516 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:59:59.0283 0516 NDProxy - ok
01:59:59.0330 0516 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
01:59:59.0332 0516 Net Driver HPZ12 - ok
01:59:59.0345 0516 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:59:59.0346 0516 NetBIOS - ok
01:59:59.0385 0516 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:59:59.0391 0516 NetBT - ok
01:59:59.0440 0516 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:59:59.0443 0516 Netlogon - ok
01:59:59.0485 0516 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:59:59.0490 0516 Netman - ok
01:59:59.0552 0516 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:59:59.0554 0516 NetMsmqActivator - ok
01:59:59.0559 0516 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:59:59.0561 0516 NetPipeActivator - ok
01:59:59.0610 0516 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:59:59.0616 0516 netprofm - ok
01:59:59.0641 0516 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:59:59.0643 0516 NetTcpActivator - ok
01:59:59.0648 0516 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:59:59.0650 0516 NetTcpPortSharing - ok
01:59:59.0844 0516 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
01:59:59.0909 0516 NETw5s64 - ok
02:00:00.0113 0516 [ C93605D751EDF15E136468291F5C4A14 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
02:00:00.0164 0516 NETw5v64 - ok
02:00:00.0212 0516 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:00:00.0215 0516 nfrd960 - ok
02:00:00.0259 0516 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:00:00.0262 0516 NlaSvc - ok
02:00:00.0377 0516 [ A9AB333FC9AB1EA17FCD81A97C5AF467 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
02:00:00.0382 0516 nlsX86cc - ok
02:00:00.0419 0516 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:00:00.0420 0516 Npfs - ok
02:00:00.0443 0516 npggsvc - ok
02:00:00.0449 0516 NPPTNT2 - ok
02:00:00.0479 0516 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:00:00.0481 0516 nsi - ok
02:00:00.0499 0516 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:00:00.0500 0516 nsiproxy - ok
02:00:00.0560 0516 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:00:00.0571 0516 Ntfs - ok
02:00:00.0586 0516 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:00:00.0587 0516 Null - ok
02:00:00.0634 0516 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:00:00.0635 0516 nvraid - ok
02:00:00.0671 0516 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:00:00.0672 0516 nvstor - ok
02:00:00.0703 0516 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:00:00.0705 0516 nv_agp - ok
02:00:00.0736 0516 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:00:00.0738 0516 ohci1394 - ok
02:00:00.0814 0516 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:00:00.0816 0516 ose - ok
02:00:01.0021 0516 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:00:01.0071 0516 osppsvc - ok
02:00:01.0120 0516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:00:01.0124 0516 p2pimsvc - ok
02:00:01.0165 0516 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:00:01.0170 0516 p2psvc - ok
02:00:01.0198 0516 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:00:01.0199 0516 Parport - ok
02:00:01.0230 0516 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:00:01.0231 0516 partmgr - ok
02:00:01.0252 0516 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:00:01.0257 0516 PcaSvc - ok
02:00:01.0286 0516 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:00:01.0287 0516 pci - ok
02:00:01.0307 0516 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:00:01.0308 0516 pciide - ok
02:00:01.0333 0516 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:00:01.0335 0516 pcmcia - ok
02:00:01.0382 0516 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
02:00:01.0384 0516 pcouffin - ok
02:00:01.0406 0516 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:00:01.0407 0516 pcw - ok
02:00:01.0433 0516 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:00:01.0438 0516 PEAUTH - ok
02:00:01.0471 0516 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:00:01.0473 0516 PerfHost - ok
02:00:01.0515 0516 [ 2C3BA65F8CA712730050C29104E093F9 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
02:00:01.0516 0516 PGEffect - ok
02:00:01.0570 0516 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:00:01.0583 0516 pla - ok
02:00:01.0620 0516 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:00:01.0624 0516 PlugPlay - ok
02:00:01.0685 0516 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
02:00:01.0686 0516 Pml Driver HPZ12 - ok
02:00:01.0721 0516 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:00:01.0723 0516 PNRPAutoReg - ok
02:00:01.0745 0516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:00:01.0750 0516 PNRPsvc - ok
02:00:01.0781 0516 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:00:01.0785 0516 PolicyAgent - ok
02:00:01.0816 0516 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:00:01.0819 0516 Power - ok
02:00:01.0859 0516 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:00:01.0860 0516 PptpMiniport - ok
02:00:01.0882 0516 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:00:01.0883 0516 Processor - ok
02:00:01.0926 0516 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
02:00:01.0929 0516 ProfSvc - ok
02:00:01.0945 0516 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:00:01.0947 0516 ProtectedStorage - ok
02:00:01.0981 0516 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:00:01.0982 0516 Psched - ok
02:00:02.0028 0516 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:00:02.0041 0516 ql2300 - ok
02:00:02.0062 0516 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:00:02.0063 0516 ql40xx - ok
02:00:02.0095 0516 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:00:02.0098 0516 QWAVE - ok
02:00:02.0117 0516 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:00:02.0118 0516 QWAVEdrv - ok
02:00:02.0158 0516 [ 58435613C2537715A9423597EC6635CC ] radpms C:\Windows\system32\DRIVERS\radpms.sys
02:00:02.0161 0516 radpms - ok
02:00:02.0175 0516 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:00:02.0176 0516 RasAcd - ok
02:00:02.0209 0516 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:00:02.0210 0516 RasAgileVpn - ok
02:00:02.0231 0516 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:00:02.0233 0516 RasAuto - ok
02:00:02.0265 0516 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:00:02.0266 0516 Rasl2tp - ok
02:00:02.0298 0516 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:00:02.0303 0516 RasMan - ok
02:00:02.0326 0516 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:00:02.0327 0516 RasPppoe - ok
02:00:02.0361 0516 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:00:02.0363 0516 RasSstp - ok
02:00:02.0389 0516 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:00:02.0393 0516 rdbss - ok
02:00:02.0409 0516 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:00:02.0410 0516 rdpbus - ok
02:00:02.0430 0516 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:00:02.0431 0516 RDPCDD - ok
02:00:02.0461 0516 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:00:02.0463 0516 RDPENCDD - ok
02:00:02.0480 0516 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:00:02.0481 0516 RDPREFMP - ok
02:00:02.0497 0516 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:00:02.0499 0516 RDPWD - ok
02:00:02.0522 0516 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:00:02.0525 0516 rdyboost - ok
02:00:02.0561 0516 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:00:02.0563 0516 RemoteAccess - ok
02:00:02.0601 0516 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:00:02.0604 0516 RemoteRegistry - ok
02:00:02.0641 0516 [ ABF0D2EAE54A7F071A54BD2828C982CA ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
02:00:02.0644 0516 rimspci - ok
02:00:02.0655 0516 [ E8ED37D472EB5211C0A34FD63A3971E9 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys
02:00:02.0656 0516 rixdpcie - ok
02:00:02.0690 0516 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:00:02.0692 0516 RpcEptMapper - ok
02:00:02.0714 0516 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:00:02.0716 0516 RpcLocator - ok
02:00:02.0740 0516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
02:00:02.0745 0516 RpcSs - ok
02:00:02.0774 0516 RSELSVC - ok
02:00:02.0804 0516 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:00:02.0805 0516 rspndr - ok
02:00:02.0859 0516 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
02:00:02.0864 0516 RTL8167 - ok
02:00:02.0888 0516 [ BFEB9C99AE9AE0C635AC1DC38A2B2F1D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
02:00:02.0890 0516 RTL8169 - ok
02:00:02.0969 0516 [ 7C9CC15879866C1B6516AFD785593E3F ] RTL8192U C:\Windows\system32\DRIVERS\RTL8192u.sys
02:00:02.0982 0516 RTL8192U - ok
02:00:03.0017 0516 RtlProt - ok
02:00:03.0065 0516 [ FAE27121F5AE78CE65EA76C76CDA0673 ] Rx2Agent C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe
02:00:03.0080 0516 Rx2Agent - ok
02:00:03.0117 0516 [ FB73E054F8E277D27FEAE731605A9FEE ] Rx2Engine C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe
02:00:03.0129 0516 Rx2Engine - ok
02:00:03.0142 0516 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:00:03.0143 0516 SamSs - ok
02:00:03.0172 0516 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:00:03.0174 0516 sbp2port - ok
02:00:03.0204 0516 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:00:03.0207 0516 SCardSvr - ok
02:00:03.0237 0516 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:00:03.0238 0516 scfilter - ok
02:00:03.0290 0516 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:00:03.0301 0516 Schedule - ok
02:00:03.0325 0516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:00:03.0326 0516 SCPolicySvc - ok
02:00:03.0364 0516 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
02:00:03.0365 0516 sdbus - ok
02:00:03.0395 0516 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:00:03.0397 0516 SDRSVC - ok
02:00:03.0429 0516 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:00:03.0430 0516 secdrv - ok
02:00:03.0451 0516 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:00:03.0453 0516 seclogon - ok
02:00:03.0481 0516 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
02:00:03.0483 0516 SENS - ok
02:00:03.0504 0516 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:00:03.0506 0516 SensrSvc - ok
02:00:03.0521 0516 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:00:03.0522 0516 Serenum - ok
02:00:03.0548 0516 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:00:03.0551 0516 Serial - ok
02:00:03.0575 0516 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:00:03.0577 0516 sermouse - ok
02:00:03.0609 0516 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:00:03.0611 0516 SessionEnv - ok
02:00:03.0641 0516 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:00:03.0641 0516 sffdisk - ok
02:00:03.0658 0516 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:00:03.0659 0516 sffp_mmc - ok
02:00:03.0680 0516 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:00:03.0681 0516 sffp_sd - ok
02:00:03.0692 0516 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:00:03.0693 0516 sfloppy - ok
02:00:03.0718 0516 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:00:03.0722 0516 ShellHWDetection - ok
02:00:03.0740 0516 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:00:03.0742 0516 SiSRaid2 - ok
02:00:03.0759 0516 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:00:03.0761 0516 SiSRaid4 - ok
02:00:03.0789 0516 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:00:03.0790 0516 Smb - ok
02:00:03.0834 0516 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:00:03.0836 0516 SNMPTRAP - ok
02:00:03.0856 0516 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:00:03.0857 0516 spldr - ok
02:00:03.0888 0516 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
02:00:03.0895 0516 Spooler - ok
02:00:03.0989 0516 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:00:04.0022 0516 sppsvc - ok
02:00:04.0049 0516 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:00:04.0051 0516 sppuinotify - ok
02:00:04.0081 0516 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:00:04.0084 0516 srv - ok
02:00:04.0118 0516 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:00:04.0121 0516 srv2 - ok
02:00:04.0135 0516 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:00:04.0137 0516 srvnet - ok
02:00:04.0176 0516 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:00:04.0179 0516 SSDPSRV - ok
02:00:04.0198 0516 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:00:04.0202 0516 SstpSvc - ok
02:00:04.0236 0516 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:00:04.0237 0516 stexstor - ok
02:00:04.0280 0516 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
02:00:04.0281 0516 StillCam - ok
02:00:04.0330 0516 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:00:04.0338 0516 stisvc - ok
02:00:04.0374 0516 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:00:04.0375 0516 swenum - ok
02:00:04.0400 0516 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:00:04.0407 0516 swprv - ok
02:00:04.0458 0516 [ 6DE6D25CC1D1CB694A1CC3E4604DB644 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:00:04.0463 0516 SynTP - ok
02:00:04.0517 0516 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:00:04.0534 0516 SysMain - ok
02:00:04.0563 0516 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:00:04.0565 0516 TabletInputService - ok
02:00:04.0600 0516 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:00:04.0606 0516 TapiSrv - ok
02:00:04.0617 0516 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:00:04.0620 0516 TBS - ok
02:00:04.0682 0516 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:00:04.0698 0516 Tcpip - ok
02:00:04.0761 0516 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:00:04.0779 0516 TCPIP6 - ok
02:00:04.0813 0516 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:00:04.0814 0516 tcpipreg - ok
02:00:04.0852 0516 [ D45586A9FACB2C9708B10E491EF748A6 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
02:00:04.0853 0516 tdcmdpst - ok
02:00:04.0876 0516 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:00:04.0877 0516 TDPIPE - ok
02:00:04.0911 0516 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:00:04.0912 0516 TDTCP - ok
02:00:04.0953 0516 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:00:04.0955 0516 tdx - ok
02:00:04.0989 0516 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:00:04.0990 0516 TermDD - ok
02:00:05.0036 0516 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:00:05.0045 0516 TermService - ok
02:00:05.0065 0516 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:00:05.0067 0516 Themes - ok
02:00:05.0104 0516 [ E29A0C5C97615BFFAB138ABE308733B4 ] Thpdrv C:\Windows\system32\DRIVERS\thpdrv.sys
02:00:05.0105 0516 Thpdrv - ok
02:00:05.0143 0516 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\Windows\system32\DRIVERS\Thpevm.SYS
02:00:05.0144 0516 Thpevm - ok
02:00:05.0169 0516 [ 8F0D1A0C9C25CC61E193C0C22422A9EA ] Thpsrv C:\Windows\system32\ThpSrv.exe
02:00:05.0176 0516 Thpsrv - ok
02:00:05.0205 0516 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:00:05.0208 0516 THREADORDER - ok
02:00:05.0251 0516 [ 199C2E87D9A5EC58D0BCD94E893BF629 ] TIEHDUSB C:\Windows\system32\DRIVERS\tiehdusb.sys
02:00:05.0253 0516 TIEHDUSB - ok
02:00:05.0318 0516 [ FB8448D1B0DA00D70C28ADF9282B31BB ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
02:00:05.0319 0516 TMachInfo - ok
02:00:05.0381 0516 [ 22BC804EFE155F54252F389B0781D7F2 ] TNaviSrv C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
02:00:05.0383 0516 TNaviSrv - ok
02:00:05.0420 0516 [ 19AF3434564E973BC232BBD629EC2BF6 ] TODDSrv C:\Windows\system32\TODDSrv.exe
02:00:05.0423 0516 TODDSrv - ok
02:00:05.0480 0516 [ 7810E3A97E004CD2641FD3FC5D2A62CD ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
02:00:05.0484 0516 TosCoSrv - ok
02:00:05.0537 0516 [ B67C69E2982769355D9FF76DD3B2A0FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
02:00:05.0539 0516 TOSHIBA HDD SSD Alert Service - ok
02:00:05.0577 0516 [ DD50A5DF5F7B29FDB6B5FEA728C43DC3 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
02:00:05.0584 0516 tos_sps64 - ok
02:00:05.0643 0516 [ 66C4503D050DBACAFC5B38FE54EDD86F ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
02:00:05.0651 0516 TPCHSrv - ok
02:00:05.0702 0516 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:00:05.0705 0516 TrkWks - ok
02:00:05.0744 0516 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:00:05.0746 0516 TrustedInstaller - ok
02:00:05.0776 0516 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:00:05.0777 0516 tssecsrv - ok
02:00:05.0838 0516 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:00:05.0839 0516 TsUsbFlt - ok
02:00:05.0900 0516 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:00:05.0901 0516 tunnel - ok
02:00:05.0931 0516 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
02:00:05.0932 0516 TVALZ - ok
02:00:05.0962 0516 [ BE32A8658A0B56474AD4D0BB8AFA8E55 ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
02:00:05.0963 0516 TVALZFL - ok
02:00:05.0999 0516 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:00:06.0000 0516 uagp35 - ok
02:00:06.0032 0516 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:00:06.0035 0516 udfs - ok
02:00:06.0067 0516 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:00:06.0071 0516 UI0Detect - ok
02:00:06.0112 0516 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:00:06.0113 0516 uliagpkx - ok
02:00:06.0144 0516 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
02:00:06.0145 0516 umbus - ok
02:00:06.0168 0516 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:00:06.0169 0516 UmPass - ok
02:00:06.0190 0516 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:00:06.0195 0516 upnphost - ok
02:00:06.0228 0516 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
02:00:06.0230 0516 USBAAPL64 - ok
02:00:06.0270 0516 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
02:00:06.0272 0516 usbaudio - ok
02:00:06.0290 0516 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:00:06.0291 0516 usbccgp - ok
02:00:06.0310 0516 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:00:06.0311 0516 usbcir - ok
02:00:06.0327 0516 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:00:06.0328 0516 usbehci - ok
02:00:06.0370 0516 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:00:06.0373 0516 usbhub - ok
02:00:06.0395 0516 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:00:06.0396 0516 usbohci - ok
02:00:06.0423 0516 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:00:06.0424 0516 usbprint - ok
02:00:06.0449 0516 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:00:06.0450 0516 usbscan - ok
02:00:06.0471 0516 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:00:06.0472 0516 USBSTOR - ok
02:00:06.0499 0516 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:00:06.0500 0516 usbuhci - ok
02:00:06.0554 0516 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
02:00:06.0556 0516 usbvideo - ok
02:00:06.0591 0516 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:00:06.0594 0516 UxSms - ok
02:00:06.0609 0516 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:00:06.0612 0516 VaultSvc - ok
02:00:06.0646 0516 [ 0D01EB55906ACEE95128381F032AF24C ] vdrive C:\Windows\system32\DRIVERS\vdrive.sys
02:00:06.0647 0516 vdrive - ok
02:00:06.0685 0516 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:00:06.0687 0516 vdrvroot - ok
02:00:06.0733 0516 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:00:06.0739 0516 vds - ok
02:00:06.0768 0516 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:00:06.0769 0516 vga - ok
02:00:06.0779 0516 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:00:06.0781 0516 VgaSave - ok
02:00:06.0821 0516 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:00:06.0823 0516 vhdmp - ok
02:00:06.0840 0516 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:00:06.0842 0516 viaide - ok
02:00:06.0871 0516 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:00:06.0873 0516 volmgr - ok
02:00:06.0917 0516 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:00:06.0920 0516 volmgrx - ok
02:00:06.0940 0516 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:00:06.0943 0516 volsnap - ok
02:00:06.0960 0516 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:00:06.0963 0516 vsmraid - ok
02:00:07.0042 0516 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
02:00:07.0055 0516 VSS - ok
02:00:07.0069 0516 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:00:07.0070 0516 vwifibus - ok
02:00:07.0099 0516 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:00:07.0101 0516 VWiFiFlt - ok
02:00:07.0122 0516 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
02:00:07.0123 0516 vwifimp - ok
02:00:07.0170 0516 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:00:07.0177 0516 W32Time - ok
02:00:07.0200 0516 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:00:07.0201 0516 WacomPen - ok
02:00:07.0225 0516 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:00:07.0226 0516 WANARP - ok
02:00:07.0234 0516 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:00:07.0235 0516 Wanarpv6 - ok
02:00:07.0301 0516 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:00:07.0313 0516 WatAdminSvc - ok
02:00:07.0367 0516 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
02:00:07.0378 0516 wbengine - ok
02:00:07.0405 0516 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:00:07.0409 0516 WbioSrvc - ok
02:00:07.0433 0516 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:00:07.0437 0516 wcncsvc - ok
02:00:07.0448 0516 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:00:07.0451 0516 WcsPlugInService - ok
02:00:07.0477 0516 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:00:07.0478 0516 Wd - ok
02:00:07.0511 0516 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:00:07.0515 0516 Wdf01000 - ok
02:00:07.0531 0516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:00:07.0534 0516 WdiServiceHost - ok
02:00:07.0538 0516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:00:07.0542 0516 WdiSystemHost - ok
02:00:07.0569 0516 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
02:00:07.0573 0516 WebClient - ok
02:00:07.0589 0516 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:00:07.0593 0516 Wecsvc - ok
02:00:07.0617 0516 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:00:07.0621 0516 wercplsupport - ok
02:00:07.0641 0516 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:00:07.0645 0516 WerSvc - ok
02:00:07.0670 0516 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:00:07.0671 0516 WfpLwf - ok
02:00:07.0695 0516 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:00:07.0696 0516 WIMMount - ok
02:00:07.0717 0516 WinHttpAutoProxySvc - ok
02:00:07.0767 0516 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:00:07.0769 0516 Winmgmt - ok
02:00:07.0837 0516 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
02:00:07.0854 0516 WinRM - ok
02:00:07.0913 0516 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:00:07.0914 0516 WinUsb - ok
02:00:07.0960 0516 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:00:07.0971 0516 Wlansvc - ok
02:00:08.0070 0516 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:00:08.0089 0516 wlidsvc - ok
02:00:08.0111 0516 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:00:08.0111 0516 WmiAcpi - ok
02:00:08.0133 0516 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:00:08.0136 0516 wmiApSrv - ok
02:00:08.0159 0516 WMPNetworkSvc - ok
02:00:08.0184 0516 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:00:08.0186 0516 WPCSvc - ok
02:00:08.0208 0516 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:00:08.0211 0516 WPDBusEnum - ok
02:00:08.0232 0516 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:00:08.0233 0516 ws2ifsl - ok
02:00:08.0272 0516 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
02:00:08.0273 0516 WSDPrintDevice - ok
02:00:08.0278 0516 WSearch - ok
02:00:08.0306 0516 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:00:08.0310 0516 WudfPf - ok
02:00:08.0342 0516 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:00:08.0344 0516 WUDFRd - ok
02:00:08.0368 0516 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:00:08.0371 0516 wudfsvc - ok
02:00:08.0385 0516 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
02:00:08.0390 0516 WwanSvc - ok
02:00:08.0439 0516 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
02:00:08.0440 0516 xusb21 - ok
02:00:08.0492 0516 ================ Scan global ===============================
02:00:08.0524 0516 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:00:08.0556 0516 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
02:00:08.0577 0516 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
02:00:08.0601 0516 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:00:08.0642 0516 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:00:08.0646 0516 [Global] - ok
02:00:08.0646 0516 ================ Scan MBR ==================================
02:00:08.0661 0516 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:00:08.0897 0516 \Device\Harddisk0\DR0 - ok
02:00:08.0908 0516 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk2\DR4
02:00:15.0045 0516 \Device\Harddisk2\DR4 - ok
02:00:15.0046 0516 ================ Scan VBR ==================================
02:00:15.0050 0516 [ 9AF187F76704853198EA86129628A1F4 ] \Device\Harddisk0\DR0\Partition1
02:00:15.0051 0516 \Device\Harddisk0\DR0\Partition1 - ok
02:00:15.0056 0516 [ 88594F1C777807B42513798AF90BED7B ] \Device\Harddisk2\DR4\Partition1
02:00:15.0058 0516 \Device\Harddisk2\DR4\Partition1 - ok
02:00:15.0060 0516 ============================================================
02:00:15.0060 0516 Scan finished
02:00:15.0060 0516 ============================================================
02:00:15.0078 4260 Detected object count: 0
02:00:15.0078 4260 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 18 September 2012 - 02:11 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 caelis

caelis
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 20 September 2012 - 09:54 AM

Gringo, sorry for the long delay. I ran comboboxfix and fell asleep while it was running. When I woke up several hours later, the screen said preparing report, please wait. I rebooted and the computer seems fine. I ran virus check and it came up clear! Thanks! I lost the network though and haven't been able to get back on the internet. I think it is some sort of issue with windows firewall. It won't load the service. Thanks for clearing the virus.

Thanks again Caelis

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:31 PM

Posted 20 September 2012 - 01:10 PM

Hello


I want you to navigate to this file C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe and right click on erdnt.exe and select run as admin


restart the computer and check the internet
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 caelis

caelis
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 20 September 2012 - 11:25 PM

Wow Gringo, you're awesome. I have been screwing with the network for two days and you fixed it with the click of a mouse. Thanks so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users