Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by uKash virus, help


  • Please log in to reply
14 replies to this topic

#1 Jellesje

Jellesje

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 27 September 2012 - 06:36 AM

Dear reader,
I found a lot of ambiguous information on how to remove the uKash, police blabla virus. I did 2 scans with Mbam and Emisoft and removed a couple of things. Should I run combofix? Seems like everyone is doing this even though there is warning that says you shouldn't unless you're a specialist. Please help me out here.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 AM

Posted 27 September 2012 - 06:43 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 27 September 2012 - 06:43 AM.


#3 Jellesje

Jellesje
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 27 September 2012 - 07:41 AM

Thanks for your quick reply.
After running aswmbr I get a warning: bedreiging gedetecteerd which means "threat detected". After that I get choice whether to move "it" to quarantaine or allow "it". What should I do? Thanks in advance..

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 AM

Posted 27 September 2012 - 07:44 AM

Allow it.We need to see the logs

#5 Jellesje

Jellesje
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 27 September 2012 - 09:55 AM

Hi, I'm not able to run aswmbr again. I tried almost everything. I do have the other results. I put the results of the first scan in some kind of quaratine, but cannot find them anymore. Sorry for me being so stupid.

#6 Jellesje

Jellesje
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 27 September 2012 - 10:06 AM

Eset:

C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\Funmoods\1.5.23.22\escortApp.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
C:\Program Files\Funmoods\1.5.23.22\escortEng.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
C:\Program Files\Funmoods\1.5.23.22\escortShld.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
C:\Program Files\Giant Savings\Giant Savings.dll Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Users\Jelles\AppData\Local\Temp\151C18D2-BAB0-7891-B937-CEE356BC0A5A\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Jelles\AppData\Local\Temp\is357113909\GiantSavings_FR.exe Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Users\Jelles\Downloads\DownloadAcceleratorSetup.exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined
C:\Users\Jelles\Downloads\installer_kaspersky_tdsskiller.exe Win32/Toggle application cleaned by deleting - quarantined

tdsskiller:

14:00:54.0044 0900 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:00:54.0231 0900 ============================================================
14:00:54.0231 0900 Current date / time: 2012/09/27 14:00:54.0231
14:00:54.0231 0900 SystemInfo:
14:00:54.0231 0900
14:00:54.0231 0900 OS Version: 6.1.7601 ServicePack: 1.0
14:00:54.0231 0900 Product type: Workstation
14:00:54.0231 0900 ComputerName: JELLES1
14:00:54.0231 0900 UserName: Jelles
14:00:54.0231 0900 Windows directory: C:\Windows
14:00:54.0231 0900 System windows directory: C:\Windows
14:00:54.0231 0900 Processor architecture: Intel x86
14:00:54.0231 0900 Number of processors: 2
14:00:54.0231 0900 Page size: 0x1000
14:00:54.0231 0900 Boot type: Normal boot
14:00:54.0231 0900 ============================================================
14:00:56.0290 0900 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:00:56.0290 0900 ============================================================
14:00:56.0290 0900 \Device\Harddisk0\DR0:
14:00:56.0290 0900 MBR partitions:
14:00:56.0290 0900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:00:56.0290 0900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380C5800
14:00:56.0290 0900 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38129800, BlocksNum 0x1A6C800
14:00:56.0290 0900 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
14:00:56.0290 0900 ============================================================
14:00:56.0322 0900 C: <-> \Device\Harddisk0\DR0\Partition2
14:00:56.0368 0900 D: <-> \Device\Harddisk0\DR0\Partition3
14:00:56.0384 0900 E: <-> \Device\Harddisk0\DR0\Partition4
14:00:56.0384 0900 ============================================================
14:00:56.0384 0900 Initialize success
14:00:56.0384 0900 ============================================================
14:01:23.0247 5876 ============================================================
14:01:23.0247 5876 Scan started
14:01:23.0247 5876 Mode: Manual; TDLFS;
14:01:23.0247 5876 ============================================================
14:01:24.0059 5876 ================ Scan system memory ========================
14:01:24.0059 5876 System memory - ok
14:01:24.0059 5876 ================ Scan services =============================
14:01:24.0261 5876 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:01:24.0261 5876 1394ohci - ok
14:01:24.0417 5876 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Users\Jelles\Desktop\Run\a2ddax86.sys
14:01:24.0417 5876 A2DDA - ok
14:01:24.0464 5876 [ 10DD847C196782B0A5F05F6CDD91872E ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:01:24.0480 5876 Accelerometer - ok
14:01:24.0527 5876 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:01:24.0558 5876 ACPI - ok
14:01:24.0620 5876 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:01:24.0620 5876 AcpiPmi - ok
14:01:24.0729 5876 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:01:24.0729 5876 AdobeARMservice - ok
14:01:24.0776 5876 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:01:24.0792 5876 adp94xx - ok
14:01:24.0839 5876 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:01:24.0854 5876 adpahci - ok
14:01:24.0901 5876 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:01:24.0901 5876 adpu320 - ok
14:01:24.0948 5876 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:01:24.0963 5876 AeLookupSvc - ok
14:01:25.0041 5876 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
14:01:25.0041 5876 AESTFilters - ok
14:01:25.0119 5876 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:01:25.0135 5876 AFD - ok
14:01:25.0166 5876 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:01:25.0182 5876 agp440 - ok
14:01:25.0244 5876 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:01:25.0260 5876 aic78xx - ok
14:01:25.0307 5876 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:01:25.0322 5876 ALG - ok
14:01:25.0369 5876 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:01:25.0369 5876 aliide - ok
14:01:25.0447 5876 [ 4381A9A99F56B33DAC58852669E300E8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:01:25.0463 5876 AMD External Events Utility - ok
14:01:25.0509 5876 AMD FUEL Service - ok
14:01:25.0587 5876 [ 9FE76D783A7D47965D086A220B54277B ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
14:01:25.0587 5876 AMD Reservation Manager - ok
14:01:25.0665 5876 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:01:25.0665 5876 amdagp - ok
14:01:25.0697 5876 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:01:25.0697 5876 amdide - ok
14:01:25.0743 5876 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
14:01:25.0743 5876 amdiox86 - ok
14:01:25.0806 5876 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:01:25.0821 5876 AmdK8 - ok
14:01:26.0040 5876 [ 5D3816A677CA50A618AD7138D2C21CED ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:01:26.0227 5876 amdkmdag - ok
14:01:26.0305 5876 [ F3DC5D5C36FEE050A6C7204F0CB12C4C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:01:26.0321 5876 amdkmdap - ok
14:01:26.0352 5876 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:01:26.0352 5876 AmdPPM - ok
14:01:26.0414 5876 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:01:26.0414 5876 amdsata - ok
14:01:26.0445 5876 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:01:26.0461 5876 amdsbs - ok
14:01:26.0492 5876 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:01:26.0492 5876 amdxata - ok
14:01:26.0523 5876 [ B6CD4BD087CED9B4B6AACF429B1DE625 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
14:01:26.0539 5876 amd_sata - ok
14:01:26.0555 5876 [ 6ACEDE4ABB94F9F82A4F6D436FEADAA0 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
14:01:26.0555 5876 amd_xata - ok
14:01:26.0617 5876 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:01:26.0617 5876 AppID - ok
14:01:26.0679 5876 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:01:26.0695 5876 AppIDSvc - ok
14:01:26.0726 5876 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:01:26.0726 5876 Appinfo - ok
14:01:26.0757 5876 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
14:01:26.0757 5876 arc - ok
14:01:26.0789 5876 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:01:26.0804 5876 arcsas - ok
14:01:26.0867 5876 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:26.0867 5876 AsyncMac - ok
14:01:26.0929 5876 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:01:26.0929 5876 atapi - ok
14:01:27.0023 5876 [ 84FAF3D287D56D210F84DB7C1349D43B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
14:01:27.0085 5876 AtiHDAudioService - ok
14:01:27.0147 5876 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:01:27.0179 5876 AudioEndpointBuilder - ok
14:01:27.0210 5876 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:01:27.0225 5876 Audiosrv - ok
14:01:27.0491 5876 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:01:27.0584 5876 AVGIDSAgent - ok
14:01:27.0647 5876 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
14:01:27.0647 5876 AVGIDSDriver - ok
14:01:27.0693 5876 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
14:01:27.0709 5876 AVGIDSFilter - ok
14:01:27.0771 5876 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
14:01:27.0771 5876 AVGIDSHX - ok
14:01:27.0803 5876 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
14:01:27.0803 5876 AVGIDSShim - ok
14:01:27.0849 5876 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
14:01:27.0865 5876 Avgldx86 - ok
14:01:27.0896 5876 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
14:01:27.0912 5876 Avgmfx86 - ok
14:01:27.0974 5876 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
14:01:27.0974 5876 Avgrkx86 - ok
14:01:28.0021 5876 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
14:01:28.0037 5876 Avgtdix - ok
14:01:28.0083 5876 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:01:28.0099 5876 avgwd - ok
14:01:28.0161 5876 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:01:28.0161 5876 AxInstSV - ok
14:01:28.0239 5876 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:01:28.0255 5876 b06bdrv - ok
14:01:28.0302 5876 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:01:28.0317 5876 b57nd60x - ok
14:01:28.0427 5876 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
14:01:28.0489 5876 BCM43XX - ok
14:01:28.0505 5876 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:01:28.0505 5876 BDESVC - ok
14:01:28.0536 5876 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:01:28.0551 5876 Beep - ok
14:01:28.0614 5876 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:01:28.0629 5876 BFE - ok
14:01:28.0676 5876 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:01:28.0692 5876 BITS - ok
14:01:28.0739 5876 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:01:28.0754 5876 blbdrive - ok
14:01:28.0895 5876 [ C55431C3DAD51364FC8D0D26E86AF4FC ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
14:01:28.0988 5876 Bluetooth Device Manager - ok
14:01:29.0035 5876 [ E11F0930A2A6F5563933DD0CDD3F65BD ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
14:01:29.0082 5876 Bluetooth Media Service - ok
14:01:29.0113 5876 [ 85788C966925D8678A05290581749BF9 ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
14:01:29.0129 5876 Bluetooth OBEX Service - ok
14:01:29.0160 5876 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:01:29.0175 5876 bowser - ok
14:01:29.0191 5876 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:01:29.0207 5876 BrFiltLo - ok
14:01:29.0238 5876 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:01:29.0238 5876 BrFiltUp - ok
14:01:29.0300 5876 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:01:29.0316 5876 Browser - ok
14:01:29.0456 5876 [ 29E54364A884FF064B76FA1A2BEA3D60 ] Browser Manager C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
14:01:29.0472 5876 Browser Manager - ok
14:01:29.0503 5876 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:01:29.0519 5876 Brserid - ok
14:01:29.0550 5876 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:29.0550 5876 BrSerWdm - ok
14:01:29.0581 5876 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:29.0581 5876 BrUsbMdm - ok
14:01:29.0612 5876 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:29.0612 5876 BrUsbSer - ok
14:01:29.0675 5876 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:01:29.0690 5876 BthEnum - ok
14:01:29.0721 5876 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:01:29.0737 5876 BTHMODEM - ok
14:01:29.0768 5876 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:01:29.0768 5876 BthPan - ok
14:01:29.0831 5876 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:01:29.0846 5876 BTHPORT - ok
14:01:29.0909 5876 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:01:29.0909 5876 bthserv - ok
14:01:29.0987 5876 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:01:29.0987 5876 BTHUSB - ok
14:01:30.0033 5876 [ 6F14BB67AE49143DF6D56BD52C1CB925 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys
14:01:30.0049 5876 BTMCOM - ok
14:01:30.0096 5876 [ FFDF7A2DEE3E57332C0FFF4AFB57D380 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys
14:01:30.0127 5876 BTMUSB - ok
14:01:30.0189 5876 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:01:30.0189 5876 cdfs - ok
14:01:30.0252 5876 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:01:30.0267 5876 cdrom - ok
14:01:30.0314 5876 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:01:30.0330 5876 CertPropSvc - ok
14:01:30.0345 5876 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
14:01:30.0361 5876 circlass - ok
14:01:30.0392 5876 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:01:30.0423 5876 CLFS - ok
14:01:30.0501 5876 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:01:30.0501 5876 clr_optimization_v2.0.50727_32 - ok
14:01:30.0595 5876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:01:30.0595 5876 clr_optimization_v4.0.30319_32 - ok
14:01:30.0673 5876 [ 125C828BF3673406DFD642D7BEE8434F ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
14:01:30.0673 5876 clwvd - ok
14:01:30.0689 5876 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:01:30.0704 5876 CmBatt - ok
14:01:30.0735 5876 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:01:30.0735 5876 cmdide - ok
14:01:30.0813 5876 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
14:01:30.0829 5876 CNG - ok
14:01:30.0876 5876 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:01:30.0891 5876 Compbatt - ok
14:01:30.0954 5876 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:01:30.0969 5876 CompositeBus - ok
14:01:31.0001 5876 COMSysApp - ok
14:01:31.0063 5876 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:01:31.0063 5876 crcdisk - ok
14:01:31.0141 5876 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:01:31.0141 5876 CryptSvc - ok
14:01:31.0203 5876 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:01:31.0219 5876 DcomLaunch - ok
14:01:31.0281 5876 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:01:31.0297 5876 defragsvc - ok
14:01:31.0328 5876 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:01:31.0344 5876 DfsC - ok
14:01:31.0359 5876 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:01:31.0391 5876 Dhcp - ok
14:01:31.0406 5876 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:01:31.0422 5876 discache - ok
14:01:31.0484 5876 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
14:01:31.0500 5876 Disk - ok
14:01:31.0531 5876 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:01:31.0547 5876 Dnscache - ok
14:01:31.0562 5876 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:01:31.0578 5876 dot3svc - ok
14:01:31.0609 5876 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:01:31.0625 5876 DPS - ok
14:01:31.0671 5876 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:01:31.0671 5876 drmkaud - ok
14:01:31.0718 5876 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:01:31.0749 5876 DXGKrnl - ok
14:01:31.0812 5876 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:01:31.0812 5876 EapHost - ok
14:01:31.0921 5876 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:01:32.0015 5876 ebdrv - ok
14:01:32.0093 5876 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:01:32.0093 5876 EFS - ok
14:01:32.0202 5876 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:01:32.0217 5876 ehRecvr - ok
14:01:32.0295 5876 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:01:32.0295 5876 ehSched - ok
14:01:32.0342 5876 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:01:32.0358 5876 elxstor - ok
14:01:32.0389 5876 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:01:32.0389 5876 ErrDev - ok
14:01:32.0467 5876 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:01:32.0483 5876 EventSystem - ok
14:01:32.0545 5876 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:01:32.0561 5876 exfat - ok
14:01:32.0639 5876 [ CA793DCC1D5F619021EF1D37CC7A831E ] ezSharedSvc C:\Windows\System32\ezSharedSvcHost.exe
14:01:32.0670 5876 ezSharedSvc - ok
14:01:32.0732 5876 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:01:32.0732 5876 fastfat - ok
14:01:32.0810 5876 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:01:32.0826 5876 Fax - ok
14:01:32.0857 5876 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
14:01:32.0873 5876 fdc - ok
14:01:32.0904 5876 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:01:32.0904 5876 fdPHost - ok
14:01:32.0935 5876 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:01:32.0951 5876 FDResPub - ok
14:01:32.0982 5876 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:01:32.0997 5876 FileInfo - ok
14:01:33.0013 5876 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:01:33.0013 5876 Filetrace - ok
14:01:33.0107 5876 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:01:33.0122 5876 FLEXnet Licensing Service - ok
14:01:33.0169 5876 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:01:33.0169 5876 flpydisk - ok
14:01:33.0231 5876 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:01:33.0247 5876 FltMgr - ok
14:01:33.0294 5876 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
14:01:33.0309 5876 FontCache - ok
14:01:33.0372 5876 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:01:33.0387 5876 FontCache3.0.0.0 - ok
14:01:33.0403 5876 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:01:33.0419 5876 FsDepends - ok
14:01:33.0450 5876 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:01:33.0465 5876 Fs_Rec - ok
14:01:33.0528 5876 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:01:33.0543 5876 fvevol - ok
14:01:33.0590 5876 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:01:33.0590 5876 gagp30kx - ok
14:01:33.0668 5876 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
14:01:33.0668 5876 GamesAppService - ok
14:01:33.0715 5876 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:01:33.0746 5876 gpsvc - ok
14:01:33.0824 5876 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:01:33.0824 5876 gupdate - ok
14:01:33.0855 5876 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:01:33.0871 5876 gupdatem - ok
14:01:33.0949 5876 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:01:33.0965 5876 gusvc - ok
14:01:33.0996 5876 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:01:33.0996 5876 hcw85cir - ok
14:01:34.0027 5876 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:01:34.0058 5876 HdAudAddService - ok
14:01:34.0089 5876 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:01:34.0089 5876 HDAudBus - ok
14:01:34.0121 5876 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:01:34.0136 5876 HidBatt - ok
14:01:34.0167 5876 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:01:34.0183 5876 HidBth - ok
14:01:34.0230 5876 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:01:34.0230 5876 HidIr - ok
14:01:34.0277 5876 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:01:34.0277 5876 hidserv - ok
14:01:34.0308 5876 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:01:34.0323 5876 HidUsb - ok
14:01:34.0355 5876 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:01:34.0370 5876 hkmsvc - ok
14:01:34.0401 5876 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:01:34.0417 5876 HomeGroupListener - ok
14:01:34.0464 5876 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:01:34.0495 5876 HomeGroupProvider - ok
14:01:34.0604 5876 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:01:34.0620 5876 HP Support Assistant Service - ok
14:01:34.0651 5876 [ DFEC85328A07E518B4DBDF43BBBA5740 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:01:34.0651 5876 HPClientSvc - ok
14:01:34.0760 5876 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
14:01:34.0791 5876 hpCMSrv - ok
14:01:34.0916 5876 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:01:34.0932 5876 HPDrvMntSvc.exe - ok
14:01:34.0994 5876 [ BA57CFD48E79DA9CBCD708EF98683DA6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:01:35.0010 5876 hpdskflt - ok
14:01:35.0057 5876 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
14:01:35.0072 5876 hpqwmiex - ok
14:01:35.0119 5876 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:01:35.0119 5876 HpSAMD - ok
14:01:35.0166 5876 [ 6744EB927DA2DB58D5E1A77488EF143B ] hpsrv C:\Windows\system32\Hpservice.exe
14:01:35.0166 5876 hpsrv - ok
14:01:35.0228 5876 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:01:35.0228 5876 HPWMISVC - ok
14:01:35.0291 5876 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:01:35.0322 5876 HTTP - ok
14:01:35.0337 5876 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:01:35.0337 5876 hwpolicy - ok
14:01:35.0400 5876 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:01:35.0400 5876 i8042prt - ok
14:01:35.0478 5876 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:01:35.0493 5876 iaStorV - ok
14:01:35.0556 5876 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:01:35.0587 5876 idsvc - ok
14:01:35.0634 5876 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:01:35.0649 5876 iirsp - ok
14:01:35.0712 5876 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:01:35.0727 5876 IKEEXT - ok
14:01:35.0759 5876 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:01:35.0759 5876 intelide - ok
14:01:35.0821 5876 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:01:35.0821 5876 intelppm - ok
14:01:35.0868 5876 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:01:35.0883 5876 IPBusEnum - ok
14:01:35.0915 5876 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:35.0915 5876 IpFilterDriver - ok
14:01:35.0946 5876 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:01:35.0961 5876 iphlpsvc - ok
14:01:35.0993 5876 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:01:35.0993 5876 IPMIDRV - ok
14:01:36.0024 5876 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:01:36.0039 5876 IPNAT - ok
14:01:36.0055 5876 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:01:36.0071 5876 IRENUM - ok
14:01:36.0102 5876 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:01:36.0117 5876 isapnp - ok
14:01:36.0164 5876 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:01:36.0180 5876 iScsiPrt - ok
14:01:36.0211 5876 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:01:36.0211 5876 kbdclass - ok
14:01:36.0242 5876 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:01:36.0242 5876 kbdhid - ok
14:01:36.0289 5876 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:01:36.0305 5876 KeyIso - ok
14:01:36.0336 5876 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:01:36.0351 5876 KSecDD - ok
14:01:36.0383 5876 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:01:36.0383 5876 KSecPkg - ok
14:01:36.0429 5876 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:01:36.0461 5876 KtmRm - ok
14:01:36.0539 5876 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:01:36.0570 5876 LanmanServer - ok
14:01:36.0585 5876 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:01:36.0617 5876 LanmanWorkstation - ok
14:01:36.0695 5876 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:01:36.0695 5876 lltdio - ok
14:01:36.0741 5876 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:01:36.0757 5876 lltdsvc - ok
14:01:36.0788 5876 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:01:36.0804 5876 lmhosts - ok
14:01:36.0866 5876 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:01:36.0882 5876 LSI_FC - ok
14:01:36.0944 5876 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:01:36.0960 5876 LSI_SAS - ok
14:01:36.0975 5876 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:01:36.0991 5876 LSI_SAS2 - ok
14:01:37.0022 5876 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:01:37.0038 5876 LSI_SCSI - ok
14:01:37.0053 5876 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:01:37.0069 5876 luafv - ok
14:01:37.0147 5876 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:01:37.0147 5876 MBAMProtector - ok
14:01:37.0225 5876 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:01:37.0241 5876 MBAMScheduler - ok
14:01:37.0287 5876 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:01:37.0303 5876 MBAMService - ok
14:01:37.0365 5876 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:01:37.0381 5876 Mcx2Svc - ok
14:01:37.0412 5876 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
14:01:37.0412 5876 megasas - ok
14:01:37.0459 5876 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:01:37.0475 5876 MegaSR - ok
14:01:37.0584 5876 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:01:37.0584 5876 Microsoft Office Groove Audit Service - ok
14:01:37.0615 5876 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:01:37.0631 5876 MMCSS - ok
14:01:37.0662 5876 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:01:37.0662 5876 Modem - ok
14:01:37.0677 5876 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:01:37.0693 5876 monitor - ok
14:01:37.0740 5876 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:01:37.0755 5876 mouclass - ok
14:01:37.0818 5876 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys
14:01:37.0833 5876 mouhid - ok
14:01:37.0880 5876 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:01:37.0896 5876 mountmgr - ok
14:01:37.0958 5876 [ D9378FEDBDB9895444CA07C761136106 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:01:37.0974 5876 MozillaMaintenance - ok
14:01:37.0989 5876 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:01:38.0005 5876 mpio - ok
14:01:38.0036 5876 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:01:38.0052 5876 mpsdrv - ok
14:01:38.0099 5876 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:01:38.0130 5876 MpsSvc - ok
14:01:38.0161 5876 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:01:38.0161 5876 MRxDAV - ok
14:01:38.0192 5876 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:38.0192 5876 mrxsmb - ok
14:01:38.0223 5876 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:38.0239 5876 mrxsmb10 - ok
14:01:38.0270 5876 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:38.0286 5876 mrxsmb20 - ok
14:01:38.0317 5876 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:01:38.0317 5876 msahci - ok
14:01:38.0348 5876 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:01:38.0364 5876 msdsm - ok
14:01:38.0395 5876 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:01:38.0411 5876 MSDTC - ok
14:01:38.0489 5876 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:01:38.0489 5876 Msfs - ok
14:01:38.0520 5876 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:01:38.0520 5876 mshidkmdf - ok
14:01:38.0551 5876 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:01:38.0551 5876 msisadrv - ok
14:01:38.0629 5876 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:01:38.0645 5876 MSiSCSI - ok
14:01:38.0660 5876 msiserver - ok
14:01:38.0723 5876 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:01:38.0738 5876 MSKSSRV - ok
14:01:38.0785 5876 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:38.0785 5876 MSPCLOCK - ok
14:01:38.0816 5876 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:01:38.0832 5876 MSPQM - ok
14:01:38.0847 5876 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:01:38.0863 5876 MsRPC - ok
14:01:38.0910 5876 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:01:38.0910 5876 mssmbios - ok
14:01:38.0925 5876 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:01:38.0941 5876 MSTEE - ok
14:01:38.0957 5876 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:01:38.0972 5876 MTConfig - ok
14:01:38.0988 5876 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:01:39.0003 5876 Mup - ok
14:01:39.0035 5876 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:01:39.0066 5876 napagent - ok
14:01:39.0128 5876 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:01:39.0159 5876 NativeWifiP - ok
14:01:39.0237 5876 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:01:39.0269 5876 NDIS - ok
14:01:39.0331 5876 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:39.0331 5876 NdisCap - ok
14:01:39.0393 5876 [ EF6574A4A8359379CAF7092850FE4C81 ] Ndisrd C:\Windows\system32\DRIVERS\ndisrd.sys
14:01:39.0409 5876 Ndisrd - ok
14:01:39.0425 5876 [ EF6574A4A8359379CAF7092850FE4C81 ] NdisrdMP C:\Windows\system32\DRIVERS\ndisrd.sys
14:01:39.0440 5876 NdisrdMP - ok
14:01:39.0487 5876 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:39.0487 5876 NdisTapi - ok
14:01:39.0549 5876 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:39.0565 5876 Ndisuio - ok
14:01:39.0596 5876 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:39.0596 5876 NdisWan - ok
14:01:39.0627 5876 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:01:39.0627 5876 NDProxy - ok
14:01:39.0643 5876 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:01:39.0659 5876 NetBIOS - ok
14:01:39.0690 5876 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:01:39.0690 5876 NetBT - ok
14:01:39.0721 5876 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:01:39.0721 5876 Netlogon - ok
14:01:39.0799 5876 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:01:39.0830 5876 Netman - ok
14:01:39.0846 5876 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:01:39.0861 5876 netprofm - ok
14:01:39.0955 5876 [ 56A0410F0498271827F85917E1B8A0BB ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
14:01:40.0002 5876 netr28 - ok
14:01:40.0033 5876 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:01:40.0033 5876 NetTcpPortSharing - ok
14:01:40.0095 5876 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:01:40.0095 5876 nfrd960 - ok
14:01:40.0142 5876 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:01:40.0158 5876 NlaSvc - ok
14:01:40.0189 5876 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:01:40.0189 5876 Npfs - ok
14:01:40.0220 5876 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:01:40.0220 5876 nsi - ok
14:01:40.0251 5876 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:01:40.0267 5876 nsiproxy - ok
14:01:40.0361 5876 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:01:40.0407 5876 Ntfs - ok
14:01:40.0439 5876 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:01:40.0439 5876 Null - ok
14:01:40.0501 5876 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
14:01:40.0517 5876 NVENETFD - ok
14:01:40.0579 5876 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:01:40.0595 5876 nvraid - ok
14:01:40.0626 5876 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:01:40.0626 5876 nvstor - ok
14:01:40.0657 5876 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:01:40.0673 5876 nv_agp - ok
14:01:40.0766 5876 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:01:40.0782 5876 odserv - ok
14:01:40.0829 5876 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:01:40.0829 5876 ohci1394 - ok
14:01:40.0875 5876 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:01:40.0875 5876 ose - ok
14:01:40.0938 5876 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:01:40.0953 5876 p2pimsvc - ok
14:01:40.0985 5876 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:01:41.0016 5876 p2psvc - ok
14:01:41.0031 5876 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
14:01:41.0047 5876 Parport - ok
14:01:41.0078 5876 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:01:41.0094 5876 partmgr - ok
14:01:41.0125 5876 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:01:41.0125 5876 Parvdm - ok
14:01:41.0172 5876 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:01:41.0187 5876 PcaSvc - ok
14:01:41.0219 5876 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:01:41.0219 5876 pci - ok
14:01:41.0250 5876 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:01:41.0265 5876 pciide - ok
14:01:41.0297 5876 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:01:41.0312 5876 pcmcia - ok
14:01:41.0343 5876 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:01:41.0359 5876 pcw - ok
14:01:41.0421 5876 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:01:41.0453 5876 PEAUTH - ok
14:01:41.0546 5876 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:01:41.0609 5876 pla - ok
14:01:41.0671 5876 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:01:41.0702 5876 PlugPlay - ok
14:01:41.0718 5876 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:01:41.0749 5876 PNRPAutoReg - ok
14:01:41.0780 5876 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:01:41.0796 5876 PNRPsvc - ok
14:01:41.0843 5876 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:01:41.0858 5876 PolicyAgent - ok
14:01:41.0905 5876 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:01:41.0936 5876 Power - ok
14:01:41.0952 5876 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:01:41.0967 5876 PptpMiniport - ok
14:01:41.0999 5876 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
14:01:41.0999 5876 Processor - ok
14:01:42.0045 5876 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:01:42.0061 5876 ProfSvc - ok
14:01:42.0092 5876 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:01:42.0092 5876 ProtectedStorage - ok
14:01:42.0155 5876 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:01:42.0155 5876 Psched - ok
14:01:42.0248 5876 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:01:42.0295 5876 ql2300 - ok
14:01:42.0326 5876 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:01:42.0342 5876 ql40xx - ok
14:01:42.0373 5876 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:01:42.0404 5876 QWAVE - ok
14:01:42.0420 5876 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:01:42.0435 5876 QWAVEdrv - ok
14:01:42.0451 5876 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:01:42.0467 5876 RasAcd - ok
14:01:42.0513 5876 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:42.0529 5876 RasAgileVpn - ok
14:01:42.0545 5876 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:01:42.0576 5876 RasAuto - ok
14:01:42.0607 5876 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:42.0607 5876 Rasl2tp - ok
14:01:42.0638 5876 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:01:42.0669 5876 RasMan - ok
14:01:42.0701 5876 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:42.0701 5876 RasPppoe - ok
14:01:42.0763 5876 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:01:42.0763 5876 RasSstp - ok
14:01:42.0794 5876 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:01:42.0810 5876 rdbss - ok
14:01:42.0841 5876 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:01:42.0841 5876 rdpbus - ok
14:01:42.0872 5876 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:42.0872 5876 RDPCDD - ok
14:01:42.0966 5876 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:01:42.0966 5876 RDPENCDD - ok
14:01:42.0997 5876 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:01:43.0013 5876 RDPREFMP - ok
14:01:43.0044 5876 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:01:43.0059 5876 RDPWD - ok
14:01:43.0091 5876 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:01:43.0106 5876 rdyboost - ok
14:01:43.0169 5876 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:01:43.0184 5876 RemoteAccess - ok
14:01:43.0215 5876 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:01:43.0231 5876 RemoteRegistry - ok
14:01:43.0309 5876 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:01:43.0325 5876 RFCOMM - ok
14:01:43.0387 5876 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:01:43.0403 5876 RpcEptMapper - ok
14:01:43.0434 5876 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:01:43.0449 5876 RpcLocator - ok
14:01:43.0481 5876 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:01:43.0496 5876 RpcSs - ok
14:01:43.0527 5876 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:01:43.0543 5876 rspndr - ok
14:01:43.0590 5876 [ C5ACB4D2CA623F678257B0844BD1AC8A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:01:43.0605 5876 RSUSBSTOR - ok
14:01:43.0637 5876 [ 52A5332B280A2E80A92ABCD2140A62E8 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:01:43.0668 5876 RTL8167 - ok
14:01:43.0699 5876 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:01:43.0699 5876 SamSs - ok
14:01:43.0746 5876 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:01:43.0761 5876 sbp2port - ok
14:01:43.0793 5876 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:01:43.0824 5876 SCardSvr - ok
14:01:43.0855 5876 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:01:43.0855 5876 scfilter - ok
14:01:43.0902 5876 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:01:43.0949 5876 Schedule - ok
14:01:43.0964 5876 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:01:43.0964 5876 SCPolicySvc - ok
14:01:44.0027 5876 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:01:44.0027 5876 sdbus - ok
14:01:44.0058 5876 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:01:44.0073 5876 SDRSVC - ok
14:01:44.0105 5876 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:01:44.0120 5876 secdrv - ok
14:01:44.0136 5876 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:01:44.0136 5876 seclogon - ok
14:01:44.0151 5876 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:01:44.0167 5876 SENS - ok
14:01:44.0229 5876 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:01:44.0245 5876 SensrSvc - ok
14:01:44.0261 5876 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:01:44.0276 5876 Serenum - ok
14:01:44.0339 5876 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
14:01:44.0354 5876 Serial - ok
14:01:44.0401 5876 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:01:44.0401 5876 sermouse - ok
14:01:44.0463 5876 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:01:44.0495 5876 SessionEnv - ok
14:01:44.0526 5876 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:01:44.0526 5876 sffdisk - ok
14:01:44.0557 5876 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:01:44.0557 5876 sffp_mmc - ok
14:01:44.0588 5876 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:01:44.0604 5876 sffp_sd - ok
14:01:44.0635 5876 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:01:44.0635 5876 sfloppy - ok
14:01:44.0666 5876 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:01:44.0697 5876 SharedAccess - ok
14:01:44.0744 5876 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:01:44.0760 5876 ShellHWDetection - ok
14:01:44.0822 5876 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:01:44.0838 5876 sisagp - ok
14:01:44.0869 5876 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:01:44.0869 5876 SiSRaid2 - ok
14:01:44.0916 5876 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:01:44.0916 5876 SiSRaid4 - ok
14:01:45.0025 5876 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:01:45.0041 5876 SkypeUpdate - ok
14:01:45.0103 5876 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:01:45.0103 5876 Smb - ok
14:01:45.0181 5876 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:01:45.0197 5876 SNMPTRAP - ok
14:01:45.0212 5876 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:01:45.0228 5876 spldr - ok
14:01:45.0275 5876 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:01:45.0306 5876 Spooler - ok
14:01:45.0399 5876 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:01:45.0493 5876 sppsvc - ok
14:01:45.0524 5876 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:01:45.0540 5876 sppuinotify - ok
14:01:45.0587 5876 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:01:45.0618 5876 srv - ok
14:01:45.0633 5876 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:01:45.0665 5876 srv2 - ok
14:01:45.0727 5876 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:01:45.0743 5876 SrvHsfHDA - ok
14:01:45.0789 5876 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:01:45.0836 5876 SrvHsfV92 - ok
14:01:45.0883 5876 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:01:45.0899 5876 SrvHsfWinac - ok
14:01:45.0930 5876 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:01:45.0945 5876 srvnet - ok
14:01:45.0961 5876 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:01:45.0977 5876 SSDPSRV - ok
14:01:46.0008 5876 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:01:46.0023 5876 SstpSvc - ok
14:01:46.0086 5876 [ FB851E3A6971381D493D11904323E4E7 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
14:01:46.0101 5876 STacSV - ok
14:01:46.0133 5876 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:01:46.0133 5876 stexstor - ok
14:01:46.0211 5876 [ 119ADBC385C1661989ECB7F6789F99B8 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
14:01:46.0226 5876 STHDA - ok
14:01:46.0304 5876 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:01:46.0335 5876 StiSvc - ok
14:01:46.0367 5876 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
14:01:46.0367 5876 swenum - ok
14:01:46.0413 5876 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:01:46.0429 5876 swprv - ok
14:01:46.0476 5876 [ B769710846D690ADB6D25ED9329D5DB7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:01:46.0523 5876 SynTP - ok
14:01:46.0585 5876 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:01:46.0632 5876 SysMain - ok
14:01:46.0663 5876 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:01:46.0679 5876 TabletInputService - ok
14:01:46.0710 5876 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:01:46.0725 5876 TapiSrv - ok
14:01:46.0757 5876 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:01:46.0788 5876 TBS - ok
14:01:46.0866 5876 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:01:46.0913 5876 Tcpip - ok
14:01:46.0975 5876 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:01:46.0991 5876 TCPIP6 - ok
14:01:47.0037 5876 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:01:47.0037 5876 tcpipreg - ok
14:01:47.0084 5876 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:01:47.0084 5876 TDPIPE - ok
14:01:47.0115 5876 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:01:47.0115 5876 TDTCP - ok
14:01:47.0162 5876 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:01:47.0178 5876 tdx - ok
14:01:47.0209 5876 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:01:47.0209 5876 TermDD - ok
14:01:47.0256 5876 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:01:47.0287 5876 TermService - ok
14:01:47.0318 5876 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:01:47.0334 5876 Themes - ok
14:01:47.0349 5876 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:01:47.0365 5876 THREADORDER - ok
14:01:47.0427 5876 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:01:47.0443 5876 TrkWks - ok
14:01:47.0490 5876 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:01:47.0505 5876 TrustedInstaller - ok
14:01:47.0537 5876 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:47.0537 5876 tssecsrv - ok
14:01:47.0552 5876 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:01:47.0583 5876 TsUsbFlt - ok
14:01:47.0615 5876 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:01:47.0630 5876 TsUsbGD - ok
14:01:47.0693 5876 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:01:47.0708 5876 tunnel - ok
14:01:47.0724 5876 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:01:47.0739 5876 uagp35 - ok
14:01:47.0771 5876 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:01:47.0786 5876 udfs - ok
14:01:47.0833 5876 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:01:47.0864 5876 UI0Detect - ok
14:01:47.0911 5876 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:01:47.0911 5876 uliagpkx - ok
14:01:47.0973 5876 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:01:47.0973 5876 umbus - ok
14:01:48.0005 5876 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
14:01:48.0005 5876 UmPass - ok
14:01:48.0036 5876 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:01:48.0067 5876 upnphost - ok
14:01:48.0114 5876 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:48.0114 5876 usbccgp - ok
14:01:48.0145 5876 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:01:48.0145 5876 usbcir - ok
14:01:48.0207 5876 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:01:48.0207 5876 usbehci - ok
14:01:48.0285 5876 [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:01:48.0285 5876 usbfilter - ok
14:01:48.0317 5876 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:01:48.0332 5876 usbhub - ok
14:01:48.0363 5876 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:01:48.0363 5876 usbohci - ok
14:01:48.0395 5876 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:01:48.0410 5876 usbprint - ok
14:01:48.0473 5876 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:01:48.0488 5876 usbscan - ok
14:01:48.0519 5876 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:48.0535 5876 USBSTOR - ok
14:01:48.0566 5876 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:01:48.0566 5876 usbuhci - ok
14:01:48.0644 5876 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:01:48.0644 5876 usbvideo - ok
14:01:48.0691 5876 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:01:48.0707 5876 UxSms - ok
14:01:48.0722 5876 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:01:48.0738 5876 VaultSvc - ok
14:01:48.0785 5876 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:01:48.0800 5876 vdrvroot - ok
14:01:48.0831 5876 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:01:48.0878 5876 vds - ok
14:01:48.0894 5876 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:48.0909 5876 vga - ok
14:01:48.0941 5876 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:01:48.0941 5876 VgaSave - ok
14:01:48.0987 5876 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:01:49.0003 5876 vhdmp - ok
14:01:49.0050 5876 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:01:49.0065 5876 viaagp - ok
14:01:49.0097 5876 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:01:49.0097 5876 ViaC7 - ok
14:01:49.0128 5876 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:01:49.0143 5876 viaide - ok
14:01:49.0159 5876 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:01:49.0175 5876 volmgr - ok
14:01:49.0221 5876 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:01:49.0237 5876 volmgrx - ok
14:01:49.0268 5876 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:01:49.0299 5876 volsnap - ok
14:01:49.0331 5876 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:01:49.0346 5876 vsmraid - ok
14:01:49.0409 5876 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:01:49.0424 5876 VSS - ok
14:01:49.0580 5876 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
14:01:49.0611 5876 vToolbarUpdater11.2.0 - ok
14:01:49.0627 5876 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:01:49.0643 5876 vwifibus - ok
14:01:49.0658 5876 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:01:49.0674 5876 vwififlt - ok
14:01:49.0736 5876 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:01:49.0767 5876 W32Time - ok
14:01:49.0799 5876 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:01:49.0814 5876 WacomPen - ok
14:01:49.0845 5876 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:01:49.0845 5876 WANARP - ok
14:01:49.0877 5876 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:01:49.0877 5876 Wanarpv6 - ok
14:01:49.0986 5876 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:01:50.0033 5876 WatAdminSvc - ok
14:01:50.0079 5876 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:01:50.0142 5876 wbengine - ok
14:01:50.0157 5876 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:01:50.0189 5876 WbioSrvc - ok
14:01:50.0220 5876 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:01:50.0235 5876 wcncsvc - ok
14:01:50.0267 5876 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:01:50.0298 5876 WcsPlugInService - ok
14:01:50.0329 5876 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
14:01:50.0329 5876 Wd - ok
14:01:50.0376 5876 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:01:50.0407 5876 Wdf01000 - ok
14:01:50.0423 5876 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:01:50.0454 5876 WdiServiceHost - ok
14:01:50.0469 5876 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:01:50.0485 5876 WdiSystemHost - ok
14:01:50.0516 5876 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:01:50.0547 5876 WebClient - ok
14:01:50.0563 5876 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:01:50.0594 5876 Wecsvc - ok
14:01:50.0625 5876 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:01:50.0641 5876 wercplsupport - ok
14:01:50.0703 5876 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:01:50.0735 5876 WerSvc - ok
14:01:50.0781 5876 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:50.0797 5876 WfpLwf - ok
14:01:50.0844 5876 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:01:50.0844 5876 WIMMount - ok
14:01:50.0906 5876 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:01:50.0937 5876 WinDefend - ok
14:01:50.0953 5876 WinHttpAutoProxySvc - ok
14:01:51.0031 5876 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:01:51.0031 5876 Winmgmt - ok
14:01:51.0093 5876 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:01:51.0140 5876 WinRM - ok
14:01:51.0249 5876 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:01:51.0296 5876 Wlansvc - ok
14:01:51.0390 5876 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:01:51.0390 5876 wlcrasvc - ok
14:01:51.0483 5876 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:01:51.0530 5876 wlidsvc - ok
14:01:51.0561 5876 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:01:51.0561 5876 WmiAcpi - ok
14:01:51.0608 5876 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:01:51.0624 5876 wmiApSrv - ok
14:01:51.0717 5876 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:01:51.0749 5876 WMPNetworkSvc - ok
14:01:51.0780 5876 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:01:51.0811 5876 WPCSvc - ok
14:01:51.0827 5876 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:01:51.0858 5876 WPDBusEnum - ok
14:01:51.0920 5876 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:01:51.0936 5876 ws2ifsl - ok
14:01:51.0951 5876 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:01:51.0983 5876 wscsvc - ok
14:01:51.0998 5876 WSearch - ok
14:01:52.0107 5876 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:01:52.0170 5876 wuauserv - ok
14:01:52.0217 5876 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:01:52.0232 5876 WudfPf - ok
14:01:52.0295 5876 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:52.0295 5876 WUDFRd - ok
14:01:52.0326 5876 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:01:52.0357 5876 wudfsvc - ok
14:01:52.0388 5876 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:01:52.0404 5876 WwanSvc - ok
14:01:52.0482 5876 ================ Scan global ===============================
14:01:52.0513 5876 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:01:52.0560 5876 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
14:01:52.0591 5876 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
14:01:52.0638 5876 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:01:52.0685 5876 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:01:52.0700 5876 [Global] - ok
14:01:52.0700 5876 ================ Scan MBR ==================================
14:01:52.0716 5876 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:01:53.0246 5876 \Device\Harddisk0\DR0 - ok
14:01:53.0262 5876 ================ Scan VBR ==================================
14:01:53.0293 5876 [ 9A72EB1CE7A4596B23FA9B70315559F3 ] \Device\Harddisk0\DR0\Partition1
14:01:53.0293 5876 \Device\Harddisk0\DR0\Partition1 - ok
14:01:53.0324 5876 [ 119578DD3BC97C786C021EE8EE615C7B ] \Device\Harddisk0\DR0\Partition2
14:01:53.0324 5876 \Device\Harddisk0\DR0\Partition2 - ok
14:01:53.0371 5876 [ 812869AEBAE1779B207A51AE70D22993 ] \Device\Harddisk0\DR0\Partition3
14:01:53.0371 5876 \Device\Harddisk0\DR0\Partition3 - ok
14:01:53.0402 5876 [ 3AC2E6C3B1C8736D6DB40ED62076087A ] \Device\Harddisk0\DR0\Partition4
14:01:53.0402 5876 \Device\Harddisk0\DR0\Partition4 - ok
14:01:53.0402 5876 ============================================================
14:01:53.0402 5876 Scan finished
14:01:53.0402 5876 ============================================================
14:01:53.0433 1280 Detected object count: 0
14:01:53.0433 1280 Actual detected object count: 0
14:02:22.0855 0680 Deinitialize success

I also emisoft scanresults:

Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 27-9-2012 11:55:26

Scaninstellingen:

Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, E:\
Scan archieven: Aan
ADS Scan: Aan

Scan gestart: 27-9-2012 11:56:16

Key: hkey_local_machine\software\baidu Ontdekt: Trace.Registry.baidubar!E1
Key: hkey_current_user\software\baidu Ontdekt: Trace.Registry.baidubar!E1
Key: hkey_local_machine\software\funshion Ontdekt: Trace.Registry.funshion!E1
Key: hkey_local_machine\software\funshion\funshion Ontdekt: Trace.Registry.funshion!E1
Key: hkey_local_machine\software\classes\funshion task\shell Ontdekt: Trace.Registry.funshion!E1
Key: hkey_current_user\software\microsoft\internet explorer\searchscopes\{b8e20cd7-bac2-4820-9aa6-1060b3af25e2} Ontdekt: Trace.Registry.theworld!E1
Key: hkey_local_machine\software\classes\funshion task Ontdekt: Trace.Registry.funshion!E1
C:\Users\Jelles\AppData\Local\Temp\jar_cache8483600920335478186.tmp -> chcyih.class Ontdekt: Java.Blacole!E2
C:\HP\Bin\EndProcess.exe Ontdekt: Riskware.Win32.KillApp!E1

Gescand 540503
Gevonden 9

Scan geëindigd: 27-9-2012 13:44:31
Scantijd: 1:48:15

C:\HP\Bin\EndProcess.exe In quarantaine Riskware.Win32.KillApp!E1
C:\Users\Jelles\AppData\Local\Temp\jar_cache8483600920335478186.tmp -> chcyih.class In quarantaine Java.Blacole!E2
Key: hkey_current_user\software\microsoft\internet explorer\searchscopes\{b8e20cd7-bac2-4820-9aa6-1060b3af25e2} In quarantaine Trace.Registry.theworld!E1
Key: hkey_local_machine\software\funshion In quarantaine Trace.Registry.funshion!E1
Key: hkey_local_machine\software\funshion\funshion In quarantaine Trace.Registry.funshion!E1
Key: hkey_local_machine\software\classes\funshion task\shell In quarantaine Trace.Registry.funshion!E1
Key: hkey_local_machine\software\classes\funshion task In quarantaine Trace.Registry.funshion!E1
Key: hkey_local_machine\software\baidu In quarantaine Trace.Registry.baidubar!E1
Key: hkey_current_user\software\baidu In quarantaine Trace.Registry.baidubar!E1

In quarantaine 9

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 AM

Posted 27 September 2012 - 10:11 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#8 Jellesje

Jellesje
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 27 September 2012 - 12:40 PM

There they are..

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jelles :: JELLES1 [administrator]

Protection: Enabled

27-9-2012 1:10:53
mbam-log-2012-09-27 (01-10-53).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276922
Time elapsed: 1 hour(s), 9 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\fsp (PUP.Funshion) -> No action taken.
HKCR\Funshion Task (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Jelles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\78b81c04-7f6cf4d6 (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Jelles\Downloads\setup (89).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.1 (09.27.2012)
OS: Windows 7 Home Premium x86
Ran by Jelles on do 27-09-2012 at 19:30:19,09
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values:

ERROR: Access is denied.Failed to delete: [VALUE-LOCKED!] {98889811-442d-49dd-99d7-dc866be87dbc} from: hkey_local_machine\software\microsoft\internet explorer\toolbar



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\appid\{35c1605e-438b-4d64-aab1-8885f097a9b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\typelib\{35c1605e-438b-4d64-aab1-8885f097a9b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\appid\{35c1605e-438b-4d64-aab1-8885f097a9b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\typelib\{35c1605e-438b-4d64-aab1-8885f097a9b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\appid\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\appid\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\appid\{960df771-cfcb-4e53-a5b5-6ef2bbe6e706}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\appid\{960df771-cfcb-4e53-a5b5-6ef2bbe6e706}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\appid\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\appid\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\appid\{ea28b360-05e0-4f93-8150-02891f1d8d3c}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_classes_root\esrv.babylonesrvc"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_classes_root\esrv.babylonesrvc.1"
Successfully deleted: [KEY] "hkey_current_user\software\appdatalow\software\conduit"
Successfully deleted: [KEY] "hkey_current_user\software\appdatalow\software\pricegong"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_current_user\software\datamngr"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_current_user\software\datamngr_toolbar"
Successfully deleted: [KEY] "hkey_current_user\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\babylon"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\babylontoolbar"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\browsermngr"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\classes\esrv.babylonesrvc"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\classes\esrv.babylonesrvc.1"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\conduit"
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj"



*** Files:

Successfully deleted: [FILE] "C:\Users\Jelles\AppData\Local\funmoods-speeddial_sf.crx"
Successfully deleted: [FILE] C:\Program Files\conduit\community alerts\Alert.dll



*** Folders:

Failed to delete: [FOLDER-LOCKED!] "C:\Users\All Users\browser manager"
Failed to delete: [FOLDER-LOCKED!] "C:\ProgramData\babylon"
Failed to delete: [FOLDER-LOCKED!] "C:\ProgramData\browser manager"
Successfully deleted: [FOLDER] "C:\Users\Jelles\AppData\Roaming\babylon"
Successfully deleted: [FOLDER] "C:\Users\Jelles\AppData\Roaming\microsoft\windows\start menu\programs\browser manager"
Successfully deleted: [FOLDER] "C:\Users\Jelles\appdata\local\conduit"
Successfully deleted: [FOLDER] "C:\Users\Jelles\appdata\locallow\conduit"
Successfully deleted: [FOLDER] "C:\Users\Jelles\appdata\locallow\pricegong"
Failed to delete: [FOLDER-LOCKED!] "C:\Program Files\conduit"
Failed to delete: [FOLDER-LOCKED!] "C:\Program Files\conduit\community alerts"



*** Ask Toolbar: - Remnants removed

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}
ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}



*** FireFox detected and repaired:

Successfully deleted: [FF BROWSERMNGR] "browsermngr_prefs.js"
Successfully deleted: [FF BROWSERMNGR] "BrowserMngr_extensions.sqlite"
Potentially unwanted user.js Detected!
Dumping contents:


=============================

user_pref('extensions.dealply.partner', 'inff');

user_pref('extensions.dealply.channel', 'infftog01');

user_pref('extensions.dealply.installId', 'v24300293685563678329132012092713541429');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '9');
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=f06c21f0000000000000c0f8da9989aa&q=");
user_pref("extensions.BabylonToolbar.id", "f06c21f0000000000000c0f8da9989aa");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15610");
user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1213:54:36");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "nl");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112059&tt=120912_cpc_3912_1");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853&q=");
user_pref("extensions.funmoods.id", "C0F8DA9989AA21F0");
user_pref("extensions.funmoods.instlDay", "15610");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:7:53");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "test312");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "test312");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

=============================

Successfully deleted: [FF USER.JS PROFILE] "user.js"
Potentially unwanted user.js Detected!
Dumping contents:

=============================
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112059&tt=120912_cpc_3912_1");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.dfltLng", "nl");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

=============================


Failed to delete: [FF USER.JS ROOT] "C:\user.js"
Failed to delete: [FF .XML SEARCHPLUGINS PROG] "C:\Program Files\mozilla firefox\searchplugins\babylon.xml"
Successfully deleted: [FF EXTENSIONS PROFILE] ffxtlbr@babylon.com
Successfully deleted: [FF EXTENSIONS PROFILE] ffxtlbr@funmoods.com
Successfully deleted: [FF .XML SEARCHPLUGINS PROFILE] "BabylonMngr.xml"
Successfully deleted: [FF .XML SEARCHPLUGINS PROFILE] "Funmoods.xml"
The below lines were deleted from [FF prefs.js]

=============================
user_pref("avg.install.userHPSettings", "http://search.babylon.com/?affID=112059&tt=120912_cpc_3912_1&babsrc=HP_ss&mntrId=f06c21f0000000000000c0f8da9989aa");
user_pref("browser.newtab.url", "http://search.babylon.com/?affID=112059&tt=120912_cpc_3912_1&babsrc=NT_ss&mntrId=f06c21f0000000000000c0f8da9989aa");
user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=112059&tt=120912_cpc_3912_1&babsrc=HP_ss&mntrId=f06c21f0000000000000c0f8da9989aa");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=f06c21f0000000000000c0f8da9989aa&q=");
user_pref("extensions.BabylonToolbar.tlbrsrchurl", "http://search.babylon.com/?babsrc=TB_def&mntrId=f06c21f0000000000000c0f8da9989aa&q=");
user_pref("extensions.funmoods.aflt", "test312");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853");
user_pref("extensions.funmoods.id", "C0F8DA9989AA21F0");
user_pref("extensions.funmoods.instlDay", "15610");
user_pref("extensions.funmoods.instlRef", "test312");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853&q=");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:7:53");
user_pref("sweetim.toolbar.urls.homepage", "http://search.babylon.com/?affID=112059&tt=120912_cpc_3912_1&babsrc=HP_ss&mntrId=f06c21f0000000000000c0f8da9989aa");

=============================



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on do 27-09-2012 at 19:30:36,57
End of Report

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 19:19:10
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Jelles - JELLES1
# Boot Mode : Normal
# Running from : C:\Users\Jelles\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Jelles\AppData\Roaming\Mozilla\Firefox\Profiles\7s52dszt.default\searchplugins\BabylonMngr.xml
File Found : C:\Users\Jelles\AppData\Roaming\Mozilla\Firefox\Profiles\7s52dszt.default\searchplugins\funmoods.xml
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Giant Savings
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\Users\Jelles\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Jelles\AppData\Local\Conduit
Folder Found : C:\Users\Jelles\AppData\Local\Giant Savings
Folder Found : C:\Users\Jelles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Found : C:\Users\Jelles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Found : C:\Users\Jelles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
Folder Found : C:\Users\Jelles\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Jelles\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jelles\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Jelles\AppData\Roaming\Babylon
Folder Found : C:\Users\Jelles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\Jelles\AppData\Roaming\Mozilla\Firefox\Profiles\7s52dszt.default\extensions\crossriderapp4479@crossrider.com
Folder Found : C:\Users\Jelles\AppData\Roaming\Mozilla\Firefox\Profiles\7s52dszt.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Jelles\AppData\Roaming\Mozilla\Firefox\Profiles\7s52dszt.default\extensions\ffxtlbr@funmoods.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Giant Savings
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-3614148193-1790858937-3008291731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3614148193-1790858937-3008291731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-3614148193-1790858937-3008291731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=112059&tt=120912_cpc_3912_1&babsrc=HP_ss&mntrId=f06c21f0000000000000c0f8da9989aa
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853

-\\ Mozilla Firefox v13.0 (nl)

Profile name : default
File : C:\Users\Jelles\AppData\Roaming\Mozilla\Firefox\Profiles\7s52dszt.default\prefs.js

Found : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112059&tt=120912_cpc_3912_[...]
Found : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112059&tt=120912_cpc_3912_1&babsrc[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112059&tt=120912_cpc_3912_1&[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=112059&tt=120912_cpc_3912_1");
Found : user_pref("extensions.BabylonToolbar.babext", "babExt");
Found : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Found : user_pref("extensions.BabylonToolbar.bbDpng", "27");
Found : user_pref("extensions.BabylonToolbar.cntry", "NL");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "nl");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.dfltlng", "nl");
Found : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.firstrun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "87562A5959C5B880DE31B6C7FD07C37F");
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.hrdid", "f06c21f0000000000000c0f8da9989aa");
Found : user_pref("extensions.BabylonToolbar.id", "f06c21f0000000000000c0f8da9989aa");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15610");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.instlday", "15610");
Found : user_pref("extensions.BabylonToolbar.instlref", "sst");
Found : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
Found : user_pref("extensions.BabylonToolbar.keywordurl", "");
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1213:54:36");
Found : user_pref("extensions.BabylonToolbar.lastdp", 27);
Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.newtab", "false");
Found : user_pref("extensions.BabylonToolbar.newtaburl", "");
Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"28\",\"lastVrsn\":\"28\",\"vrsnLoad\[...]
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Found : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Found : user_pref("extensions.BabylonToolbar.sg", "azb");
Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Found : user_pref("extensions.BabylonToolbar.smplgrp", "azb");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.srcext", "ss");
Found : user_pref("extensions.BabylonToolbar.srch", "");
Found : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.tlbrid", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1213:54:36");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1213:54:36");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112059&tt=120912_cpc_3912_1");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1213:54:36");
Found : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348747677);
Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp4479.4479.active", true);
Found : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Found : user_pref("extensions.crossriderapp4479.4479.affid", "0");
Found : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Found : user_pref("extensions.crossriderapp4479.4479.backgroundver", 6);
Found : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348747677");
Found : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348747677");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Thu Sep 27 2012 19:[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Thu Oct 04 2012 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22NL%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1348765098");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2241449%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1348747868893");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2287013%22");
Found : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348747850994");
Found : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons dis[...]
Found : user_pref("extensions.crossriderapp4479.4479.domain", "");
Found : user_pref("extensions.crossriderapp4479.4479.emailsig", "");
Found : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Found : user_pref("extensions.crossriderapp4479.4479.exposesites", "");
Found : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp4479.4479.group", 0);
Found : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Found : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "40");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Thu Sep 27[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Found : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Found : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Found : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Found : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 6);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "(function(f,B){if(typeof(B)==[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16,47,1000015");
Found : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Found : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 15);
Found : user_pref("extensions.crossriderapp4479.4479.premium", true);
Found : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Found : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Found : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Found : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Found : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Found : user_pref("extensions.crossriderapp4479.4479.ver", 40);
Found : user_pref("extensions.crossriderapp4479.apps", "4479");
Found : user_pref("extensions.crossriderapp4479.bic", "13a07a0d16c110e1e8e3588e3f6bacb8");
Found : user_pref("extensions.crossriderapp4479.cid", 4479);
Found : user_pref("extensions.crossriderapp4479.firstrun", false);
Found : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp4479.installationdate", 1348747711);
Found : user_pref("extensions.crossriderapp4479.lastcheck", 22479129);
Found : user_pref("extensions.crossriderapp4479.lastcheckitem", 22479418);
Found : user_pref("extensions.crossriderapp4479.misc.lastBgWorkerTimer", "1348763748247");
Found : user_pref("extensions.crossriderapp4479.misc.lastDomWorkerTimer", "1348763748231");
Found : user_pref("extensions.crossriderapp4479.modetype", "production");
Found : user_pref("extensions.crossriderapp4479@crossrider.com.install-event-fired", true);
Found : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Found : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Found : user_pref("extensions.funmoods.aflt", "test312");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2[...]
Found : user_pref("extensions.funmoods.id", "C0F8DA9989AA21F0");
Found : user_pref("extensions.funmoods.instlDay", "15610");
Found : user_pref("extensions.funmoods.instlRef", "test312");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=test312&chnl=test312&[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:7:53");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=112059&tt=120912_cpc_39[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jelles\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [32085 octets] - [27/09/2012 19:19:10]

########## EOF - C:\AdwCleaner[R1].txt - [32146 octets] ##########

Farbar Service Scanner Version: 19-09-2012
Ran by Jelles (administrator) on 27-09-2012 at 19:06:31
Running from "C:\Users\Jelles\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-14 20:32] - [2012-08-22 19:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jelles (administrator) on 27-09-2012 at 19:01:55
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Ralink RT5390 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jelles1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Ralink RT5390 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : C0-F8-DA-99-89-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c846:26fc:a96b:89c7%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : donderdag 27 september 2012 18:26:14
Lease Expires . . . . . . . . . . : zaterdag 29 september 2012 18:26:17
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 264304858
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-A2-7C-F6-2C-27-D7-B1-32-2D
DNS Servers . . . . . . . . . . . : 212.54.40.25
212.54.35.25
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 2C-27-D7-B1-32-2D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C5D526DF-2F0E-449F-9E2C-AB1582D234C8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:344c:1979:3f57:fe94(Preferred)
Link-local IPv6 Address . . . . . : fe80::344c:1979:3f57:fe94%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns.tb.iss.as9143.net
Address: 212.54.40.25

Name: google.com
Addresses: 2a00:1450:4013:c00::66
173.194.65.139
173.194.65.100
173.194.65.138
173.194.65.101
173.194.65.113
173.194.65.102


Pinging google.com [173.194.65.139] with 32 bytes of data:
Reply from 173.194.65.139: bytes=32 time=17ms TTL=50
Reply from 173.194.65.139: bytes=32 time=16ms TTL=50

Ping statistics for 173.194.65.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms
Server: dns.tb.iss.as9143.net
Address: 212.54.40.25

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=364ms TTL=50
Reply from 98.139.183.24: bytes=32 time=344ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 344ms, Maximum = 364ms, Average = 354ms
Server: dns.tb.iss.as9143.net
Address: 212.54.40.25

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=29ms TTL=128
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 29ms, Average = 17ms
===========================================================================
Interface List
20...c0 f8 da 99 89 aa ......Ralink RT5390 802.11b/g/n WiFi Adapter
13...2c 27 d7 b1 32 2d ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 281
192.168.1.107 255.255.255.255 On-link 192.168.1.107 281
192.168.1.255 255.255.255.255 On-link 192.168.1.107 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:5ef5:79fb:344c:1979:3f57:fe94/128
On-link
20 281 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::344c:1979:3f57:fe94/128
On-link
20 281 fe80::c846:26fc:a96b:89c7/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
20 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/27/2012 06:26:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2012 02:46:42 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 13.0.0.4534 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15ac

Start Time: 01cd9cabbac0a240

Termination Time: 175

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 56cce7ca-08a1-11e2-b6e3-2c27d7b1322d

Error: (09/27/2012 11:28:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2012 01:06:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2012 00:54:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2012 00:33:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/27/2012 00:05:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2012 11:58:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2012 02:08:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2012 11:10:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/27/2012 06:26:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/27/2012 11:27:31 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/27/2012 04:23:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/27/2012 01:05:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/27/2012 00:56:26 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/27/2012 00:54:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/27/2012 00:32:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/27/2012 00:05:11 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/26/2012 11:58:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/26/2012 11:53:04 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) MUI (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
AMD Fuel (Version: 2010.1110.1539.28046)
ATI Catalyst Install Manager (Version: 3.0.829.0)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
AVG Security Toolbar (Version: 11.1.0.12)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1110.1539.28046)
Catalyst Control Center InstallProxy (Version: 2011.0804.255.3304)
Catalyst Control Center Localization All (Version: 2010.1110.1539.28046)
Catalyst Control Center Profiles Mobile (Version: 2010.1110.1539.28046)
ccc-core-static (Version: 2010.1110.1539.28046)
ccc-utility (Version: 2010.1110.1539.28046)
CCC Help Chinese Standard (Version: 2010.1110.1538.28046)
CCC Help Chinese Traditional (Version: 2010.1110.1538.28046)
CCC Help Czech (Version: 2010.1110.1538.28046)
CCC Help Danish (Version: 2010.1110.1538.28046)
CCC Help Dutch (Version: 2010.1110.1538.28046)
CCC Help English (Version: 2010.1110.1538.28046)
CCC Help Finnish (Version: 2010.1110.1538.28046)
CCC Help French (Version: 2010.1110.1538.28046)
CCC Help German (Version: 2010.1110.1538.28046)
CCC Help Greek (Version: 2010.1110.1538.28046)
CCC Help Hungarian (Version: 2010.1110.1538.28046)
CCC Help Italian (Version: 2010.1110.1538.28046)
CCC Help Japanese (Version: 2010.1110.1538.28046)
CCC Help Korean (Version: 2010.1110.1538.28046)
CCC Help Norwegian (Version: 2010.1110.1538.28046)
CCC Help Polish (Version: 2010.1110.1538.28046)
CCC Help Portuguese (Version: 2010.1110.1538.28046)
CCC Help Russian (Version: 2010.1110.1538.28046)
CCC Help Spanish (Version: 2010.1110.1538.28046)
CCC Help Swedish (Version: 2010.1110.1538.28046)
CCC Help Thai (Version: 2010.1110.1538.28046)
CCleaner (Version: 3.12)
Chuzzle Deluxe (Version: 2.2.0.95)
Click to Call with Skype (Version: 5.6.8153)
CyberLink YouCam (Version: 3.5.1.3824)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE - The Traitor Soul (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.123)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.7.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (Version: 4.0.45.1)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.1.0)
HP Games (Version: 1.0.2.4)
HP On Screen Display (Version: 1.1.2)
HP Power Manager (Version: 1.2.1)
HP Quick Launch (Version: 2.3.6)
HP QuickWeb (Version: 3.0.1.9220)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13253.3682)
HP Software Framework (Version: 4.0.110.1)
HP Support Assistant (Version: 6.1.12.1)
IDT Audio (Version: 1.0.6319.0)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
Magic Desktop (Version: 3.0)
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 13.0 (x86 nl) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSVCRT (Version: 15.4.2862.0708)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Printer EPSON Stylus S20 Series verwijderen
Ralink Motorola BC8 Bluetooth 3.0+HS Adapter (Version: 3.0.42.298)
Ralink RT5390 802.11b/g/n WiFi Adapter (Version: 3.02.02.0)
Realtek Ethernet Controller Driver (Version: 7.27.920.2010)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30127)
Recovery Manager (Version: 2.0.0)
Skype™ 5.10 (Version: 5.10.116)
Slingo Supreme (Version: 2.2.0.95)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update Installer for WildTangent Games App
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.0.51110.1535)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 3577.9 MB
Available physical RAM: 2432.65 MB
Total Pagefile: 7154.09 MB
Available Pagefile: 5706.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.92 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:448.39 GB) (Free:407.26 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.21 GB) (Free:1.46 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.22 GB) FAT32

========================= Users: ========================================

User accounts for \\JELLES1

Administrator Guest Jelles

========================= Restore Points ==================================

15-06-2012 01:25:31 Windows Update
22-06-2012 01:01:15 Windows Update
22-06-2012 01:01:15 Windows Update
02-07-2012 11:07:42 Scheduled Checkpoint
26-07-2012 10:16:50 Windows Update
29-07-2012 07:36:17 Device Driver Package Install: EPSON Printers
16-08-2012 08:57:48 Windows Update
16-09-2012 09:22:54 Windows Update
24-09-2012 16:12:32 Windows Update
25-09-2012 22:22:44 Windows Update
27-09-2012 02:17:41 Windows Update
27-09-2012 16:41:16 Removed BabylonObjectInstaller
27-09-2012 16:44:05 Removed Evernote v. 4.2.2

**** End of log ****

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 AM

Posted 27 September 2012 - 01:02 PM

MBAM-Remove infections run a scan again and post the log

Adware cleaner-Launch it and click on DELETE ,post the new log

#10 Jellesje

Jellesje
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 27 September 2012 - 02:39 PM

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jelles :: JELLES1 [administrator]

Protection: Enabled

27-9-2012 20:22:00
mbam-log-2012-09-27 (20-22-00).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276008
Time elapsed: 58 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Jelles\Downloads\mini toolbox setup(1).exe (PUP.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Jelles\Downloads\mini toolbox setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.

(end)

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 21:30:40
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Jelles - JELLES1
# Boot Mode : Normal
# Running from : C:\Users\Jelles\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Giant Savings
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Jelles\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Jelles\AppData\Local\Giant Savings
Folder Deleted : C:\Users\Jelles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\Jelles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Jelles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
Folder Deleted : C:\Users\Jelles\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Jelles\AppData\Roaming\Mozilla\Firefox\Profiles\7s52dszt.default\extensions\crossriderapp4479@crossrider.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=112059&tt=120912_cpc_3912_1&babsrc=HP_ss&mntrId=f06c21f0000000000000c0f8da9989aa --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0Azyzyzzzy0A0AtBtC0FtDtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=985876853 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0 (nl)

Profile name : default
File : C:\Users\Jelles\AppData\Roaming\Mozilla\Firefox\Profiles\7s52dszt.default\prefs.js

Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348747677);
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.affid", "0");
Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 6);
Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348747677");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348747677");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Thu Sep 27 2012 20:[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Thu Oct 04 2012 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22NL%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1348770733");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2241449%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1348747868893");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2287013%22");
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348747850994");
Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons dis[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.emailsig", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.exposesites", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "40");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Fri Sep 28[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 6);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "(function(f,B){if(typeof(B)==[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 15);
Deleted : user_pref("extensions.crossriderapp4479.4479.premium", true);
Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 40);
Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
Deleted : user_pref("extensions.crossriderapp4479.bic", "13a07a0d16c110e1e8e3588e3f6bacb8");
Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1348767409);
Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22479457);
Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22479570);
Deleted : user_pref("extensions.crossriderapp4479.misc.lastBgWorkerTimer", "1348774230672");
Deleted : user_pref("extensions.crossriderapp4479.misc.lastDomWorkerTimer", "1348774230643");
Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4479@crossrider.com.install-event-fired", true);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jelles\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [32216 octets] - [27/09/2012 19:19:10]
AdwCleaner[R2].txt - [32277 octets] - [27/09/2012 19:20:37]
AdwCleaner[S1].txt - [23953 octets] - [27/09/2012 21:30:40]

########## EOF - C:\AdwCleaner[S1].txt - [24014 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 AM

Posted 27 September 2012 - 02:46 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#12 Jellesje

Jellesje
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 27 September 2012 - 03:04 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "Easybits Recovery" "" "EasyBits Software AS" "c:\program files\easybits for kids\ezrecover.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe"
+ "HP Quick Launch" "HP Message Service" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp quick launch\hpmsgsvc.exe"
+ "HPConnectionManager" "HPCMDelayStart Application" "Hewlett-Packard Development Company L.P." "c:\program files\hewlett-packard\hp connection manager\hpcmdelaystart.exe"
+ "HPOSD" "HP On Screen Display" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp on screen display\hposd.exe"
+ "HPQuickWebProxy" "HP QuickWeb Utilities" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp quickweb\hpqwutils.exe"
+ "ROC_roc_dec12" "" "" "File not found: C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe"
+ "vProt" "" "" "File not found: C:\Program Files\AVG Secure Search\vprot.exe"
"C:\Users\Jelles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2007 Schermopname en Snel starten.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "EPSON Stylus S20 Series" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\w32x86\3\e_fatieae.exe"
+ "uTorrent" "" "" "File not found: C:\Program Files\uTorrent\uTorrent.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "skype-ie-addon-data" "Click to Call with Skype for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "EasyBits Security Shield Hook - prevents launching insecure programs by kids" "EasyBits Security Shield component" "EasyBits Software Corp." "c:\windows\system32\ezupbhook.dll"
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "BTMSentToExt" "Bluetooth Shell Extension" "Motorola Solutions, Inc." "c:\program files\motorola\bluetooth\btmshell.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Skype Browser Helper" "Click to Call with Skype for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "Click to call with Skype" "Click to Call with Skype for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Send to Bluetooth" "" "" "c:\program files\motorola\bluetooth\btmiesend.htm"
+ "Verz&enden naar OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\HPCeeScheduleForJelles" "HP Ceement" "Hewlett-Packard" "c:\program files\hewlett-packard\hp ceement\hpcee.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files\cyberlink\youcam\ycmmirage.exe"
+ "\SetupManager" "Toaster" "Microsoft" "c:\program files\hewlett-packard\setup manager\toaster.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AESTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\program files\idt\wdm\aestsrv.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe"
+ "AMD Reservation Manager" "RM Application" "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\reservation manager\amd reservation manager.exe"
+ "AVGIDSAgent" "biedt identiteitsbescherming tegen cybermisdaad." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG WatchDog-service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "Bluetooth Device Manager" "Bluetooth Device Manager" "Motorola Solutions, Inc." "c:\program files\motorola\bluetooth\devmgrsrv.exe"
+ "Bluetooth Media Service" "Bluetooth Media Service" "Motorola Solutions, Inc." "c:\program files\motorola\bluetooth\audiosrv.exe"
+ "Bluetooth OBEX Service" "Bluetooth OBEX Service" "Motorola Solutions, Inc." "c:\program files\motorola\bluetooth\obexsrv.exe"
+ "ezSharedSvc" "Provides licensing, security and parental control services for EasyBits applications. If this service is stopped or disabled, these applications will not function properly." "EasyBits Software AS" "c:\windows\system32\ezsharedsvchost.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files\wildtangent games\app\gamesappservice.exe"
+ "gupdate" "Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze service wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet werken. Deze service verwijdert zichzelf wanneer er geen Google-software is waarvoor de service wordt gebruikt." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze service wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet werken. Deze service verwijdert zichzelf wanneer er geen Google-software is waarvoor de service wordt gebruikt." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp support framework\hpsa_service.exe"
+ "HPClientSvc" "HP Client Services" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp client services\hpclientservices.exe"
+ "hpCMSrv" "HP Connection Manager Service" "Hewlett-Packard Development Company L.P." "c:\program files\hewlett-packard\hp connection manager\hpcmsrv.exe"
+ "HPDrvMntSvc.exe" "HP Quick Synchronization Service" "Hewlett-Packard Company" "c:\program files\hewlett-packard\shared\hpdrvmntsvc.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Company" "c:\program files\hewlett-packard\shared\hpqwmiex.exe"
+ "hpsrv" "HpService" "Hewlett-Packard Company" "c:\windows\system32\hpservice.exe"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\hp quick launch\hpwmisvc.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "De Mozilla Maintenance Service zorgt ervoor dat u de nieuwste en meest veilige versie van Mozilla Firefox op uw computer hebt. Het actueel houden van Firefox is zeer belangrijk voor uw online-veiligheid, en Mozilla raadt ten zeerste aan deze service ingeschakeld te houden." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Microsoft Office Diagnostische gegevens gedeeltelijk uitvoeren." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Hiermee worden de installatiebestanden opgeslagen die worden gebruikt voor het bijwerken en herstellen. Dit is vereist voor het downloaden van updates van Setup en van Watson-foutrapporten." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Activeert de verificatie van Windows Live ID." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "A2DDA" "" "" "File not found: C:\Users\Jelles\Desktop\Run\a2ddax86.sys"
+ "Accelerometer" "HP Accelerometer" "Hewlett-Packard Company" "c:\windows\system32\drivers\accelerometer.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amd_sata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_sata.sys"
+ "amd_xata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_xata.sys"
+ "amdiox86" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox86.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw73.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BTMCOM" "Bluetooth Serial Port Driver" "Motorola, Inc." "c:\windows\system32\drivers\btmcom.sys"
+ "BTMUSB" "Bluetooth Radio Driver" "Motorola Solutions, Inc." "c:\windows\system32\drivers\btmusb.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "hpdskflt" "HP Disk Filter - SATA/RAID" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpdskflt.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "Ndisrd" "NDISRD helper driver" "NT Kernel Resources" "c:\windows\system32\drivers\ndisrd.sys"
+ "NdisrdMP" "NDISRD helper driver" "NT Kernel Resources" "c:\windows\system32\drivers\ndisrd.sys"
+ "netr28" "Ralink 802.11 Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr28.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NVENETFD" "NVIDIA MCP Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvm62x32.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver " "Realtek " "c:\windows\system32\drivers\rt86win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "VDP Renderer" "VDP Filter" "Motorola Solutions, Inc." "c:\program files\motorola\bluetooth\vdpsnk.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\Windows\system32\Funshion.scr" "" "" "File not found: C:\Windows\system32\Funshion.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Epson Inbox Language Monitor01" "Epson Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm01.dll"
+ "EPSON Stylus S20 Series 32MonitorBE" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbeae.dll"
+ "LIDIL hpzllw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpzllw71.dll"

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/27/2012 09:57:05 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/27/2012 09:57:21 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 AM

Posted 27 September 2012 - 03:33 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP-http://support.microsoft.com/kb/310405

Vista & windows 7-http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#14 Jellesje

Jellesje
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 27 September 2012 - 04:06 PM

Thanks a lot for helping me out here!!! I wonder why all the other sites adviced to use combiFix. Do you have any specific advice on how to avoid this infection again?? Goodnight from Holland!

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:33 AM

Posted 27 September 2012 - 04:27 PM

Do you have any specific advice on how to avoid this infection again


You can check the links given before

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/


safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users